EvilZone
Programming and Scripting => Web Oriented Coding => : Live Wire November 14, 2012, 02:22:51 PM
-
im working on a project. Basically, for this online form, username is firstname.lastname and the password is lastname1234. What im trying to do is post to this website for the purpose of bruteforcing the password with an incrementing number. It's a basic website, selection bar and two fields. I have no problem with the non web part, but I am unsure of how to interact with a website. Tried google. nothing super useful. Most of the results were long strings of spaghetti code. Any thoughts from you guys? Thanks!
the page is https://dodea.gradespeed.net/pc/studentlogin.aspx (https://dodea.gradespeed.net/pc/studentlogin.aspx) if you want to look at it
PS If at all possible, in either java, js, or ruby would be preferred, but something like perl would also be okay
-
Hi,
you want to create a script to bruteforce that site? You can use sockets to connect to the site and send the required post values. A quick capture shows the following
AuthType=Student&FormType=Login&DistrictID=3000010&SchoolID=14012&Username=bla&Password=bla&cmdLogOn=Sign+In
in python you can use urllib/urllib2 to keep it as simple as possible. The value needs to be send to https://dodea.gradespeed.net/pc/StudentLogin.aspx
I could do that in python if you want to but I can't tell when I got that finished. Only thing I would need is a value to query if the login was succesfull. Unsuccessfull = <span id="lblError" class="errorlabel">Invalid Username or password.</span> but successfull= ???
-
It would be extremely easy with Python and mechanize. You can look at my Photobucket ripper project for an example: http://evilzone.org/evilzone-releases/a-better-photobucket-ripper/
-
okay, cool. thats pretty much what i figured. thanks guys!
and thanks for the offer, but i think i can code it myself :)