Brute force tool for administration panels #668
Conversation
…om:CERT-Polska/Artemis into brute-force-tool-for-administration-panels
| ) | ||
| return | ||
|
|
||
| if "admin" in url and not url.endswith("/admin") and "admin" in task.get_payload("found_urls"): |
There was a problem hiding this comment.
I don't get this check and task result reason doesn't give clear indication what it is about, can you give context what it is for?
| def _get_logging_in_result(driver: WebDriver, login_failure_msgs: list[str]) -> Optional[list[str]]: | ||
| try: | ||
| web_content = driver.find_element(By.XPATH, "html/body").text | ||
| print(web_content) |
There was a problem hiding this comment.
| print(web_content) |
| passwords.append(site_name + "123") | ||
| passwords.append(site_name + "1") | ||
| for year_relative in [0, -1, -2, -3]: | ||
| passwords.append(site_name + str(datetime.datetime.now().year + year_relative)) |
There was a problem hiding this comment.
Why not [0, 1, 2, 3] and - year_relative, seems more intuitive for me
| # Ignore alerts | ||
| driver.execute_script("window.alert = function() {};") # type: ignore | ||
| driver.implicitly_wait(Config.Modules.AdminPanelLoginBruter.WAIT_TIME_SECONDS) | ||
| self._sleep_after_performing_requests(driver) |
There was a problem hiding this comment.
we are waiting and sleeping in the same time? I think that waiting would be sufficient
| working_credentials = [] | ||
| for username in self.USERNAMES: | ||
| for password in get_passwords_for_url(url): | ||
| driver = AdminPanelLoginBruter._get_webdriver() |
There was a problem hiding this comment.
Would not it be better to get only one webdriver for whole _brute function and just drop old cookies every
credential? Now it will be resource consuming
| # block logins after a given number of tries. | ||
| "123456", | ||
| "admin", | ||
| "admin1", |
There was a problem hiding this comment.
unnecessary entry, as get_passwords_for_url appends 1
| url_parsed = urllib.parse.urlparse(url) | ||
| url_parsed_dict = url_parsed._asdict() | ||
| if url_parsed.scheme == "http" and url_parsed.port == 80: | ||
| url_parsed_dict["netloc"] = url_parsed_dict["netloc"].split(":")[0] |
There was a problem hiding this comment.
just to note: sometimes URL might have credentials (ik, 99.999% won't but), so it might be better to change it to [-1]
No description provided.