InfoSecSpot

Challenge 4 from Pentester Academy turned out to be nothing but a combination of two previous challenges. The login form expects POST credentials. But it also pops out a basic authentication login when the user enters the credentials. So let’s break this up into two parts: 1.        Cracking the password for Basic Authentication: We know the response for Basic Authentication is a header the contains Base64 encoded username:password preceded by Basic : Authorization: Basic YWRtaW46bXlwYXNz So we will generate a list of all password combinations and bombard the server with them till we succeed. At the end we will have user/password combination for Basic Authentication. The code for this looks like: import urllib2 import base64 import sys def fun(a):     chars="vie"     l = len(a)     lenthPerWord = len(a[0])     if lenthPerWord == 5:         return a     c=[]     for i in range(0,l):         for j in chars:                         c.appe

The Challenge 1 for Pentester Academy uses GET method for sending over the credentials. So the username and password go like: http://pentesteracademylab.appspot.com/lab/webapp/1?email=admin%40PentesterAcademy.com&password=zzzxx Also one big hint dropped here is that the domain is PentesterAcademy.com. So the email addresses would look like admin@PentesterAcademy.com and jack@PentesterAacademy.com . I reused the code for generating all combinations of x , y and z from my previous blog post aimed at challenge 3. We just need to update the URL with the username and the password while sending the request for each combination. But how do we verify if the credentials have been accepted as valid or rejected? The webpage says “ Failed! Please try again!” if the credentials are rejected. So we can search for the string “Failed” in the response to check if the credentials were accepted. The complete solutions looks as follows: import urllib2 import sys def fun(a)