While doing a box on TryHackMe, I had to bruteforce a MyBB Forum. Because I didn't find any tool to do it, I decided to develop my own. And here it is !
- Patience
This tool has been tested on the latest version available of MyBB at the time of the development (1.8.31) but should work with older versions also.
git clone https://github.com/0xSysR3ll/mybb-brute
cd mybb-brute && pip3 install -r requirements.txtThis tool can only be used on environments where there is no login attempts limiting (Labs, CTFs, etc). By default, MyBB added an anti-bruteforce system - you can only do 3 login attempts. After that, you have to wait a certain amount of time + a captcha to solve.
__ ___ ____ ____ ____ __
/ |/ /_ __/ __ )/ __ ) / __ )_______ __/ /____
/ /|_/ / / / / __ / __ | / __ / ___/ / / / __/ _ \
/ / / / /_/ / /_/ / /_/ / / /_/ / / / /_/ / /_/ __/
/_/ /_/\__, /_____/_____/ /_____/_/ \__,_/\__/\___/
/____/
v1.0 by 0xsysr3ll
usage: mybb-brute.py [-h] -t TARGET (-u USERNAME | -U USER_FILE) (-p PASSWORD | -P PASS_FILE)
A simple MyBB bruteforce tool
options:
-h, --help show this help message and exit
-t TARGET, --target TARGET
MyBB Forum ip/domain target (without http/https), eg. 10.10.10.1:8080
Usernames:
-u USERNAME, --username USERNAME
Username to use for bruteforce
-U USER_FILE, --user-file USER_FILE
Usernames file to use for bruteforce
Passwords:
-p PASSWORD, --password PASSWORD
Password to use for bruteforce
-P PASS_FILE, --pass-file PASS_FILE
Passwords file to use for bruteforceContributions are always welcome, I am not a pro developer !
This tool has been developed in the context of a TryHackMe box. I am not in any way responsible for the use you may make with it.
0xSysr3ll - @0xsysr3ll - 0xsysr3ll@pm.me