Getting back into programming... Sort of

For the discussion of Perl, Python, Ruby, and PHP and other interpreted languages.

Getting back into programming... Sort of

Post by centip3de on Thu Jul 14, 2011 4:27 pm
([msg=59764]see Getting back into programming... Sort of[/msg])

I've taken some time off from programming in Python, to work on my OS (Just implemented hardware interrupts! :D). Anywho, I decided to get back into the game by writing a simple little tool, that will go and check for over 200 different versions of admin login's on whatever page you give it. After a few hours of tweaking and debugging it works wonderfully! Accept on a few pages... This is what I don't understand... On some website's it works, on others it doesn't, it just seems like a 50/50 chance. Even though Google can find them (I was dorking for a bit to make sure it all worked), it seems my program cannot. Any help is appreciated.

~Cent

Code: Select all
import urllib2
import sys
import os
import httplib
from httplib import HTTP
from urlparse import urlparse

def Website():
    os.system("CLS")
    global website
    print "Please note that you must put a '/' at the end of the website, and add a 'http://' afterwards."
    print "So for instance, Google would look like 'http://www.google.com/'"
    website = raw_input("Please insert the website: ")
    if website == "":
        print "Please insert a website"
        Website()
   
def Failed():
    os.system("CLS")
    print "This program can not access the Internet, please adjust your settings."
    yn = raw_input("Did you finish adjusting you're settings? Y/N")
    if yn == "Y":
        print "Trying to connect to the Internet again..."
        try:
            urllib2.urlopen("http://www.google.com", timeout=1)
            print "Internet connection established..."
            Main()
        except urllib2.URLError:
            Failed()
    if yn == "N":
        print "Quiting..."
        sys.exit()
       
def Main():
    os.system("CLS")
    global website
    Website()
    try:
        urllib2.urlopen("http://www.google.com", timeout=1)
        print "Internet connection established...."
    except urllib2.URLError:
        Failed()
   
    AdminSite = ['admin.aspx','admin.asp','admin.php','admin/','administrator/',
                 'moderator/','webadmin/','adminarea/',
                 'bb-admin/','adminLogin/','admin_area/',
                 'panel-administracion/','instadmin/',
                 'memberadmin/','administratorlogin/',
                 'adm/','admin/account.php','admin/index.php',
                 'admin/login.php','admin/admin.php',
                 'admin/account.php','joomla/administrator',
                 'login.php','admin_area/admin.php',
                 'admin_area/login.php','siteadmin/login.php',
                 'siteadmin/index.php','siteadmin/login.html',
                 'admin/account.html','admin/index.html',
                 'admin/login.html','admin/admin.html',
                 'admin_area/index.php','bb-admin/index.php',
                 'bb-admin/login.php','bb-admin/admin.php',
                 'admin/home.php','admin_area/login.html',
                 'admin_area/index.html','admin/controlpanel.php',
                 'admincp/index.asp','admincp/login.asp',
                 'admincp/index.html','admin/account.html',
                 'adminpanel.html','webadmin.html','webadmin/index.html',
                 'webadmin/admin.html','webadmin/login.html',
                 'admin/admin_login.html','admin_login.html',
                 'panel-administracion/login.html',
                 'admin/cp.php','cp.php','administrator/index.php',
                 'administrator/login.php','nsw/admin/login.php',
                 'webadmin/login.php','admin/admin_login.php',
                 'admin_login.php','administrator/account.php',
                 'administrator.php','admin_area/admin.html',
                 'pages/admin/admin-login.php','admin/admin-login.php',
                 'admin-login.php','bb-admin/index.html',
                 'bb-admin/login.html','bb-admin/admin.html',
                 'admin/home.html','modelsearch/login.php','moderator.php',
                 'moderator/login.php','moderator/admin.php',
                 'account.php','pages/admin/admin-login.html',
                 'admin/admin-login.html','admin-login.html',
                 'controlpanel.php','admincontrol.php',
                 'admin/adminLogin.html','adminLogin.html',
                 'admin/adminLogin.html','home.html',
                 'rcjakar/admin/login.php','adminarea/index.html',
                 'adminarea/admin.html','webadmin.php','webadmin/index.php',
                 'webadmin/admin.php','admin/controlpanel.html',
                 'admin.html','admin/cp.html','cp.html',
                 'adminpanel.php','moderator.html',
                 'administrator/index.html','administrator/login.html',
                 'user.html','administrator/account.html',
                 'administrator.html','login.html','modelsearch/login.html',
                 'moderator/login.html','adminarea/login.html',
                 'panel-administracion/index.html',
                 'panel-administracion/admin.html','modelsearch/index.html',
                 'modelsearch/admin.html','admincontrol/login.html'
                 ,'adm/index.html','adm.html','moderator/admin.html',
                 'user.php','account.html','controlpanel.html',
                 'admincontrol.html','panel-administracion/login.php',
                 'wp-login.php','adminLogin.php','admin/adminLogin.php',
                 'home.php','adminarea/index.php','adminarea/admin.php',
                 'adminarea/login.php','panel-administracion/index.php',
                 'panel-administracion/admin.php',
                 'modelsearch/index.php','modelsearch/admin.php',
                 'admincontrol/login.php','adm/admloginuser.php',
                 'admloginuser.php','admin2.php','admin2/login.php',
                 'admin2/index.php','adm/index.php','adm.php','affiliate.php'
                 ,'adm_auth.php  ','memberadmin.php','administratorlogin.php',
                 'login/admin.asp', 'admin/login.asp', 'administratorlogin.asp',
                 'login/asmindstrator.asp', 'admin/login.aspx', 'login/admin.aspx',
                 'administartorlogin.aspx', 'login/administrator.aspx',
                 'adminlogin.asp', 'adminlogin.aspx', 'admin_login.asp',
                 'admin_login.aspx', 'adminhome.asp', 'adminhome.aspx'
                 'administrator_login.asp', 'administrator_login.aspx']
    try:
        for word in AdminSite:
            print "Trying " + website + word + "..."
            try:
                parse = urlparse(website + word)
                http = HTTP(parse[1])
                http.putrequest('HEAD', parse[2])
                http.endheaders()   
                if http.getreply()[0] == 200:
                    print "Found admin page! Admin page is located at " + website + word
                    opens = raw_input("Do you want to open your browser to this url? (Y/N): ")
                    if opens == "Y":
                        urllib2.urlopen(website + word)
                    if opens == "N":
                        sys.exit()
                    break
                else:
                    print website + word + " has failed..."
                    print ""
            except:
                raise
    except:
        raise
Main()


After thought: I'll comment it up if you guys would like, but it's a pretty simple program, so I don't feel it is needed.
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -Rick Cook
User avatar
centip3de
Moderator
Moderator
 
Posts: 1431
Joined: Fri Aug 20, 2010 5:46 pm
Blog: View Blog (0)


Re: Getting back into programming... Sort of

Post by r-ID on Thu Jul 14, 2011 7:04 pm
([msg=59767]see Re: Getting back into programming... Sort of[/msg])

i think the problem is that a lot of sites return 200 response even if such page doesn't exist
you need to do something smarter, like comparing a header, or page content,
btw nice list :)
r-ID
Poster
Poster
 
Posts: 172
Joined: Mon Dec 29, 2008 6:04 pm
Blog: View Blog (0)


Re: Getting back into programming... Sort of

Post by centip3de on Thu Jul 14, 2011 9:16 pm
([msg=59768]see Re: Getting back into programming... Sort of[/msg])

r-ID wrote:i think the problem is that a lot of sites return 200 response even if such page doesn't exist
you need to do something smarter, like comparing a header, or page content,
btw nice list :)


Really? Huh, I'll modify it and see if it works! Oh, and thanks! :)
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -Rick Cook
User avatar
centip3de
Moderator
Moderator
 
Posts: 1431
Joined: Fri Aug 20, 2010 5:46 pm
Blog: View Blog (0)


Re: Getting back into programming... Sort of

Post by mojo1948 on Thu Jul 14, 2011 9:34 pm
([msg=59769]see Re: Getting back into programming... Sort of[/msg])

You also have basic authentication to deal with, IIRC it returns a 401 error code when you try to access the page and you will need to trap the error and handle it.
Here is a snippet from something a found a while back when I was messing with this.

Code: Select all
req = urllib2.Request(theurl)
try:
    handle = urllib2.urlopen(req)
except IOError, e:
    print 'here we *want* to fail'
    pass
else:
    # If we don't fail then the page isn't protected
    print "This page isn't protected by authentication."
    sys.exit(1)

if not hasattr(e, 'code') or e.code != 401:
    # we got an error - but not a 401 error
    print "This page isn't protected by authentication."
    print 'But we failed for another reason.'
    sys.exit(1)

authline = e.headers['www-authenticate']
print authline
# this gets the www-authenticate line from the headers
# which has the authentication scheme and realm in it


I don't play with this much so please correct me if I'm on the wrong track here.
Never stop learning.
User avatar
mojo1948
Experienced User
Experienced User
 
Posts: 60
Joined: Sun Jul 18, 2010 5:45 am
Blog: View Blog (0)


Re: Getting back into programming... Sort of

Post by centip3de on Fri Jul 15, 2011 2:14 am
([msg=59774]see Re: Getting back into programming... Sort of[/msg])

mojo1948 wrote:You also have basic authentication to deal with, IIRC it returns a 401 error code when you try to access the page and you will need to trap the error and handle it.
Here is a snippet from something a found a while back when I was messing with this.

Code: Select all
req = urllib2.Request(theurl)
try:
    handle = urllib2.urlopen(req)
except IOError, e:
    print 'here we *want* to fail'
    pass
else:
    # If we don't fail then the page isn't protected
    print "This page isn't protected by authentication."
    sys.exit(1)

if not hasattr(e, 'code') or e.code != 401:
    # we got an error - but not a 401 error
    print "This page isn't protected by authentication."
    print 'But we failed for another reason.'
    sys.exit(1)

authline = e.headers['www-authenticate']
print authline
# this gets the www-authenticate line from the headers
# which has the authentication scheme and realm in it


I don't play with this much so please correct me if I'm on the wrong track here.


Not exactly to sure _why_ this would require basic authentication, unless the server requires HTTPS...
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -Rick Cook
User avatar
centip3de
Moderator
Moderator
 
Posts: 1431
Joined: Fri Aug 20, 2010 5:46 pm
Blog: View Blog (0)


Re: Getting back into programming... Sort of

Post by mojo1948 on Fri Jul 15, 2011 10:21 pm
([msg=59801]see Re: Getting back into programming... Sort of[/msg])

I guess what I was getting at is that http.getreply() can return more values than 200 for pages that do exist.
For example if I run your script on my routers login page and print http.getreply() I get this.

Code: Select all
(401, 'Authorization Required', <httplib.HTTPMessage instance at 0x2875072c>)


I'm pretty sure you can use basic authentication without HTTPS.
Never stop learning.
User avatar
mojo1948
Experienced User
Experienced User
 
Posts: 60
Joined: Sun Jul 18, 2010 5:45 am
Blog: View Blog (0)


Re: Getting back into programming... Sort of

Post by mShred on Fri Jul 15, 2011 11:24 pm
([msg=59802]see Re: Getting back into programming... Sort of[/msg])

Kinda off topic, but what are you coding your OS in cent?
Image

For those about to rock.
User avatar
mShred
Administrator
Administrator
 
Posts: 1745
Joined: Tue Jun 22, 2010 4:22 pm
Blog: View Blog (2)


Re: Getting back into programming... Sort of

Post by fashizzlepop on Sat Jul 16, 2011 1:20 am
([msg=59808]see Re: Getting back into programming... Sort of[/msg])

mShred wrote:Kinda off topic, but what are you coding your OS in cent?

I believe it was Basic.

@cent, Nice work, bud.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2303
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


Re: Getting back into programming... Sort of

Post by centip3de on Sat Jul 16, 2011 9:40 am
([msg=59811]see Re: Getting back into programming... Sort of[/msg])

fashizzlepop wrote:I believe it was Basic. @cent, Nice work, bud.

Thanks! :)
mShred wrote:Kinda off topic, but what are you coding your OS in cent?


As Fash said, it _was_ Basic, but because of the poor documentation and lack of support for it, I dropped that, and now am working on a mix between C/C++/C# (Can't really decide which to use) and NASM. This is all until port Python of course :D

***EDIT***

Also, This
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -Rick Cook
User avatar
centip3de
Moderator
Moderator
 
Posts: 1431
Joined: Fri Aug 20, 2010 5:46 pm
Blog: View Blog (0)


Re: Getting back into programming... Sort of

Post by mShred on Sat Jul 16, 2011 2:21 pm
([msg=59813]see Re: Getting back into programming... Sort of[/msg])

Keep it up man. When's the beta come out? ;)
Image

For those about to rock.
User avatar
mShred
Administrator
Administrator
 
Posts: 1745
Joined: Tue Jun 22, 2010 4:22 pm
Blog: View Blog (2)


Next

Return to Interpreted Languages

Who is online

Users browsing this forum: No registered users and 0 guests