Pentester Academy GET Method Challenge 1 via Python
The Challenge 1 for Pentester Academy uses GET method for sending over the credentials. So the username and password go like: http://pentesteracademylab.appspot.com/lab/webapp/1?email=admin%40PentesterAcademy.com&password=zzzxx Also one big hint dropped here is that the domain is PentesterAcademy.com. So the email addresses would look like admin@PentesterAcademy.com and jack@PentesterAacademy.com . I reused the code for generating all combinations of x , y and z from my previous blog post aimed at challenge 3. We just need to update the URL with the username and the password while sending the request for each combination. But how do we verify if the credentials have been accepted as valid or rejected? The webpage says “ Failed! Please try again!” if the credentials are rejected. So we can search for the string “Failed” in the response to check if the credentials were accepted. The complete solutions looks as follows: import urllib2 import sys def fun(a)...