flipflip * * * * * * * *
Posts : 348 Join date : 2009-12-27 Age : 36 Location : Barcelona
| Subject: Help with password Sat 30 Jul 2011, 23:52 | |
| How can I put password fastly to my pupils? I didn't find how the Sioc's bot do it. | |
|
Sioc admin
Posts : 2785 Join date : 2009-12-19
| Subject: Re: Help with password Sun 31 Jul 2011, 05:50 | |
| If your pupils do not have a password and you have lost creation cookie (e.g. you closed Firefox after creating the pupil), there's no way to password-protect to your pupils. If you want to change password of existing pupils, you can use the MyBrute List Manager. EDIT: - flipflip wrote:
- I didn't find how the Sioc's bot do it.
This is how the tool changes passwords: - Spoiler:
- Code:
-
'TOOL 8 Private Sub TOOL8() Dim oThread(Nt3 - 1) As System.Threading.Thread Dim oTask(Nt3 - 1) As MThread Dim sData() As TheLine 'Contains all information about pupils: input Dim sDataOUT() As TheLine 'Contains all information about pupils: output Dim IsCorrect As Boolean = True Dim ToContinue As Boolean = False Dim TheStream As FileStream Dim TMP2() As TheLine 'for multithreading Dim SRV(3) As String Dim i, j, jl, j1, j2, k, UB, m, Nd As Long Dim s As String Dim SB(1) As StringBuilder
If Len(Me.TextBox1.Text) = 0 Then i = MsgBox("You must first select a file.", vbOKOnly + vbInformation, "Error") Else 'Reading the data TheStream = New System.IO.FileStream(Me.TextBox1.Text, FileMode.Open, FileAccess.Read, FileShare.Read) Dim TheStreamReader As New StreamReader(TheStream) ReDim sData(3000000) UB = -1 While Not TheStreamReader.EndOfStream s = Trim(TheStreamReader.ReadLine) If Trim(s) <> "" Then i = InStr(s, ";", vbBinaryCompare) 'NAME;SERVER;PWD1;PWD2 j = InStr(Mid(s, i + 1), ";", vbBinaryCompare) + i k = InStr(Mid(s, j + 1), ";", vbBinaryCompare) + j If i > 0 And j > i And k > j Then UB = UB + 1 sData(UB).Name = CorrectName(Mid(s, 1, i)) sData(UB).SRV = Mid(s, i + 1, j - i - 1) Select Case sData(UB).SRV Case "COM" : sData(UB).URL = "http://" & sData(UB).Name & ".mybrute.com/" Case "FR" : sData(UB).URL = "http://" & sData(UB).Name & ".labrute.fr/" Case "ES" : sData(UB).URL = "http://" & sData(UB).Name & ".elbruto.es/" Case "DE" : sData(UB).URL = "http://" & sData(UB).Name & ".meinbrutalo.de/" End Select sData(UB).PWD1 = Mid(s, j + 1, k - j - 1) sData(UB).PWD2 = Mid(s, k + 1) End If End If End While ReDim Preserve sData(UB) TheStreamReader.Close() : TheStream.Close() 'Preparing multi threading If UB > -1 Then For i = 0 To UB sData(i).ToDL = False sData(i).ToPWD = True sData(i).ToINIT = True sData(i).SUCCESS = 0 Next i End If Nd = UB + 1 If Nt3 > Nd Then Nt3 = Nd 'Multithreading main loop If Nd > 0 Then m = Math.Floor(UB / Nt3) j1 = 0 : j2 = -1 For i = 0 To Nt3 - 1 oTask(i) = New MThread 'Creating the array ReDim TMP2(UB) j1 = Math.Min(j2 + 1, UB) j2 = Math.Min(m * (i + 1), UB) : If i = Nt3 - 1 Then j2 = UB k = -1 For j = j1 To j2 k = k + 1 TMP2(k) = sData(j) Next j ReDim Preserve TMP2(k) oTask(i).TD = TMP2 oTask(i).TN = i + 1 oTask(i).j1 = j1 oTask(i).j2 = j2 oThread(i) = New Thread(AddressOf oTask(i).DownloadLoop) Next i For i = 0 To Nt3 - 1 : oThread(i).Start() : Next i 'Starting th threads 'For i = 0 To Nt2 - 1 : oThread(i).Join() : Next i 'Waiting for all threads to complete Me.ProgressBar3.Maximum = UB + 1 Me.ProgressBar3.Minimum = 0 Me.ProgressBar3.Visible = True Me.TextBox9.Visible = True Try ToRefresh: 'Routines to update the status of download Thread.Sleep(1000) j = 0 For i = 0 To Nt3 - 1 : j = j + oTask(i).Progression : Next i If j <= jl Then 'To avoid the progressbar going back GoTo ToRefresh Else jl = j End If Me.ProgressBar3.Value = j s = j & "/" & UB + 1 & " (" & Format(j / (UB + 1), "0.0%") & ")" Me.TextBox9.Text = s : Me.Text = "Changing password " & s Application.DoEvents() Me.Refresh() ToContinue = True For i = 0 To Nt3 - 1 If oThread(i).IsAlive Then ToContinue = False : i = Nt3 Next i If Not ToContinue Then GoTo ToRefresh Catch e As Exception 'ERROR HANDLER GoTo ToRefresh End Try
ToContinue: For i = 0 To Nt3 - 1 : oThread(i).Join() : Next i 'Waiting for all threads to complete Me.ProgressBar3.Value = UB + 1 Me.TextBox9.Text = UB + 1 & "/" & UB + 1 & " (" & Format(1, "0%") & ")" 'Putting everything back in the initial array ReDim sDataOUT(UBound(sData, 1)) j1 = -1 For i = 0 To Nt3 - 1 k = UBound(oTask(i).TD, 1) For j = 0 To k j1 = j1 + 1 sDataOUT(j1) = oTask(i).TD(j) Next j Next i k = UBound(sDataOUT, 1) For i = 0 To k If Trim(sDataOUT(i).Name) = "" Then sDataOUT(i) = sData(i) Next i 'Sorting 'Call SortBrutes(sDataOUT, False) 'Creating the output SB(0) = New StringBuilder : j1 = 0 SB(1) = New StringBuilder : j2 = 0 For j = 0 To UB If sDataOUT(j).SUCCESS <> 1 Then i = 0 If j1 > 0 Then SB(i).Append(vbCrLf) j1 = j1 + 1 Else i = 1 If j2 > 0 Then SB(i).Append(vbCrLf) j2 = j2 + 1 End If SB(i).Append(sDataOUT(j).Name) : SB(i).Append(";") SB(i).Append(sDataOUT(j).SRV) : SB(i).Append(";") SB(i).Append(sDataOUT(j).PWD1) : SB(i).Append(";") SB(i).Append(sDataOUT(j).PWD2) Next j
'Writing the output If System.IO.File.Exists(Me.TextBox1.Text & ".OUT.fail") Then File.Delete(Me.TextBox1.Text & ".OUT.fail") If System.IO.File.Exists(Me.TextBox1.Text & ".OUT.success") Then File.Delete(Me.TextBox1.Text & ".OUT.success") TheStream = New FileStream(Me.TextBox1.Text & ".OUT.fail", FileMode.Create, FileAccess.Write, FileShare.None) Dim TheStreamWriter = New StreamWriter(TheStream) TheStreamWriter.Write(SB(0).ToString) TheStreamWriter.Flush() : TheStreamWriter.Close() TheStream = New FileStream(Me.TextBox1.Text & ".OUT.success", FileMode.Create, FileAccess.Write, FileShare.None) TheStreamWriter = New StreamWriter(TheStream) TheStreamWriter.Write(SB(1).ToString) TheStreamWriter.Flush() : TheStreamWriter.Close()
Me.TextBox2.Text = "Output saved in " & Me.TextBox1.Text & ".OUT.success (" & j2 & " entries) and in " & Me.TextBox1.Text & ".OUT.fail (" & j1 & " entries)." If Nd = 0 Then GoTo ToEnd2 ToEnd: s = "Finished password change of " & Nd & " brutes:" & vbCrLf & vbCrLf & j2 & " successes" & vbCrLf & j1 & " failures" Else ToEnd2: s = "No information to download. Probably a wrong input file format" End If Me.Text = TheTitle Application.DoEvents() Me.Refresh() i = MsgBox(s, vbOKOnly + vbInformation) End If
End Sub
'Changes the password of a brute Function ChangePWD(ByVal t As TheLine) As Long Dim CC As CookieContainer Dim s As String = vbNullString Dim i As Long Dim PostData As String Dim PostBytes() As Byte Dim SR As StreamReader = Nothing Dim HTTPRequest As HttpWebRequest = Nothing Dim HTTPResponse As HttpWebResponse = Nothing Dim RequestStream As Stream = Nothing
Dim n As Long = 0 Try ToDL: n = n + 1 If n >= NMax Then GoTo ToContinue PostData = "pass=" & t.PWD1 & "&submit=Enter" PostBytes = Encoding.ASCII.GetBytes(PostData) HTTPRequest = DirectCast(HttpWebRequest.Create(t.URL & "login"), HttpWebRequest) HTTPRequest.CookieContainer = New CookieContainer() HTTPRequest.ContentType = "application/x-www-form-urlencoded" HTTPRequest.ContentLength = PostData.Length HTTPRequest.Method = "POST" HTTPRequest.Headers.Add("Accept-Language", "en-US,en;q=0.8") HTTPRequest.Headers.Add("Accept-Encoding", "deflate") HTTPRequest.AllowAutoRedirect = True
RequestStream = HTTPRequest.GetRequestStream() RequestStream.Write(PostBytes, 0, PostBytes.Length) RequestStream.Close()
HTTPResponse = CType(HTTPRequest.GetResponse(), HttpWebResponse) CC = HTTPRequest.CookieContainer If HTTPResponse.StatusCode = HttpStatusCode.OK Then SR = New StreamReader(HTTPResponse.GetResponseStream) s = SR.ReadToEnd HTTPResponse.Close() SR.Close() Else HTTPResponse.Close() If n < NMax Then GoTo ToDL End If If InStr(1, s, "<td class=""celluleLeft"">", vbBinaryCompare) = 0 Then GoTo ToDL '=0 there was a temporary BE
ToContinue: i = InStr(1, s, "<div class=""headStats"">", vbBinaryCompare) If i > 1 Then 'We could register, now we need to change password '=========================================================== 'http://test432x.meinbrutalo.de/setPass?oldPass=test2&pass=test1&pass2=test1 'A GET request with this URL would work as well n = 0 If Not RequestStream Is Nothing Then RequestStream.Close() If Not HTTPResponse Is Nothing Then HTTPResponse.Close() If Not SR Is Nothing Then SR.Close() ToDL2: n = n + 1 PostData = "oldPass=" & t.PWD1 & "&pass=" & t.PWD2 & "&pass2=" & t.PWD2 PostBytes = Encoding.ASCII.GetBytes(PostData) HTTPRequest = DirectCast(HttpWebRequest.Create(t.URL & "setPass"), HttpWebRequest) HTTPRequest.CookieContainer = CC HTTPRequest.ContentType = "application/x-www-form-urlencoded" HTTPRequest.ContentLength = PostData.Length HTTPRequest.Method = "POST" HTTPRequest.Headers.Add("Accept-Language", "en-US,en;q=0.8") HTTPRequest.Headers.Add("Accept-Encoding", "deflate") HTTPRequest.AllowAutoRedirect = True
RequestStream = HTTPRequest.GetRequestStream() RequestStream.Write(PostBytes, 0, PostBytes.Length) RequestStream.Close()
HTTPResponse = DirectCast(HTTPRequest.GetResponse(), HttpWebResponse) If HTTPResponse.StatusCode = HttpStatusCode.OK Then SR = New StreamReader(HTTPResponse.GetResponseStream) s = SR.ReadToEnd HTTPResponse.Close() SR.Close() Else HTTPResponse.Close() If n < NMax Then GoTo ToDL2 End If If InStr(1, s, "<td class=""celluleLeft"">", vbBinaryCompare) = 0 Then GoTo ToDL2 '=0 there was a temporary BE ToContinue2: If Len(s) > 5000 Then 'otherwise: BE ChangePWD = 1 Else ChangePWD = -1 End If '=========================================================== Else ChangePWD = -1 End If
Catch e As WebException 'ERROR HANDLER If Not RequestStream Is Nothing Then RequestStream.Close() If Not HTTPResponse Is Nothing Then HTTPResponse.Close() If Not SR Is Nothing Then SR.Close() If n < NMax Then GoTo ToDL Else 'i = MsgBox("Exception Raised. The following error occured : " & vbCrLf & vbCrLf & e.Status & vbCrLf & vbCrLf & "Please post the error message in the Forum.", vbOKOnly + vbExclamation, "ERROR") 'System.Console.WriteLine(sPause) Thread.Sleep(ToWait) s = vbNullString n = 0 GoTo ToContinue End If Catch e As Exception 'ERROR HANDLER If Not RequestStream Is Nothing Then RequestStream.Close() If Not HTTPResponse Is Nothing Then HTTPResponse.Close() If Not SR Is Nothing Then SR.Close() If n < NMax Then GoTo ToDL Else 'i = MsgBox("Exception Raised. The following error occured : " & vbCrLf & vbCrLf & e.Message & vbCrLf & vbCrLf & "Please post the error message in the Forum.", vbOKOnly + vbExclamation, "ERROR") 'System.Console.WriteLine(sPause) Thread.Sleep(ToWait) s = vbNullString n = 0 GoTo ToContinue End If End Try
End Function
Last edited by Sioc on Sun 31 Jul 2011, 06:52; edited 1 time in total | |
|
ckl * * * * * * * * * * *
Posts : 2116 Join date : 2010-08-03 Age : 28 Location : Romania
| Subject: Re: Help with password Sun 31 Jul 2011, 06:41 | |
| http://brute.domain/cellule/setPass?pass1=1234;pass2=1234 | |
|
Blakallam17 * * * * * * * *
Posts : 437 Join date : 2009-11-11 Age : 30
| Subject: Re: Help with password Sun 31 Jul 2011, 19:00 | |
| - ckl wrote:
- http://brute.domain/cellule/setPass?pass1=1234;pass2=1234
no found | |
|
flipflip * * * * * * * *
Posts : 348 Join date : 2009-12-27 Age : 36 Location : Barcelona
| Subject: Re: Help with password Mon 01 Aug 2011, 02:13 | |
| I think someone delete my post :S
I said that it works but I need a trick like sioc BOT for do the setpass action without send the http request on firefox | |
|
corp0 * * * * * * * * *
Posts : 864 Join date : 2010-03-08
| Subject: Re: Help with password Mon 01 Aug 2011, 04:40 | |
| use the tools "ChangePassword" http://www.forumlabrute.com/t12676-changepassword | |
|
Sioc admin
Posts : 2785 Join date : 2009-12-19
| Subject: Re: Help with password Mon 01 Aug 2011, 06:16 | |
| - corp0 wrote:
- use the tools "ChangePassword"
http://www.forumlabrute.com/t12676-changepassword The tool "ChangePassword" is the same kind of non browser tool as the List Manager but single threaded (i.e. more than 10 times slower than the List Manager) - flipflip wrote:
- I said that it works but I need a trick like sioc BOT for do the setpass action without send the http request on firefox
You got all information above. To sum up what was explained: - The sioc bot / "ChangePassword" bot are using WinHTTP requests and are not based on Firefox or any browser
- You have the VB.Net code of HTTP requests in order to change passwords in my spoiler above
- Otherwise if you can't exploit this information then ckl has provided you with the URL that changes passwords (can be combined with a script etc)
- If you lost the creation cookie you cannot protect pupils without password
- Anything else would be out of the scope of possible things.
| |
|
ckl * * * * * * * * * * *
Posts : 2116 Join date : 2010-08-03 Age : 28 Location : Romania
| Subject: Re: Help with password Mon 01 Aug 2011, 07:16 | |
| - Blakallam17 wrote:
- ckl wrote:
- http://brute.domain/cellule/setPass?pass1=1234;pass2=1234
no found lol is normal to give "not found" you have to replace brute.domain with your brute name and .elbruto.es or labrute.fr or mybrute.com or meinbrutalo.de | |
|
Blakallam17 * * * * * * * *
Posts : 437 Join date : 2009-11-11 Age : 30
| Subject: Re: Help with password Tue 02 Aug 2011, 23:49 | |
| | |
|
Blakallam17 * * * * * * * *
Posts : 437 Join date : 2009-11-11 Age : 30
| Subject: Re: Help with password Sat 20 Aug 2011, 22:23 | |
| | |
|
flipflip * * * * * * * *
Posts : 348 Join date : 2009-12-27 Age : 36 Location : Barcelona
| Subject: Re: Help with password Sat 20 Aug 2011, 22:59 | |
| @#$% motion twin | |
|
Sponsored content
| Subject: Re: Help with password | |
| |
|