I am writing a simple script with Bash 4.4.23, to perform a demonstrative dictionary attack towards various web servers which use default passwords.
The arrays containing usernames and passwords are declared above the "for" cycles, which are as follows:
for i in $usernames
do for j in $passwords
do printf '%s ' "${usernames[*]}:${passwords[*]}"
done
done
The code should return something like:
root:root root:admin admin:admin admin:root
But instead it is returning
root admin:root admin
Which are the values declared within the arrays (usernames and passwords).
How can I achieve what I'm trying to do? The tuples will then have to be passed to curl in order to perform the dictionary attack.
You have the arrays and the elements you loop over mixed up. You loop over the array. You use the loop variable inside the loop.
for i in "${usernames[@]}"
do for j in "${passwords[@]}"
do printf '%s:%s ' "$i" "$j"
done
done
The symptom you see is because $usernames alone refers to the first element of the array, and similarly for the other array variable.