The Medium and over machines generally require a little coding to get done. Many of the scripts share a same root, such as brute forcers. Use the following code as a starting point for your own code.
Injection based brute forcer (HTTP)
Below you will find a bruteforcer for HTTP based NoSQL injections. Obviously, this code is easily adjusted to any type of injection attack through HTTP. The code will start by iterating over the alphabet, digits and punctuation characters. When a username is found that starts with one of them, through check_username, the rest of the username is brute forced in brute_username. When completing the username, the user's password is also attacked using brute_password. ...