class NatasLevel11
Level 11
Constants
- DEFAULT_DATA
- LEVEL
- PAGE
Public Instance Methods
exec()
click to toggle source
# File lib/natas.rb, line 349 def exec log("Getting the Cookie HTTP header from the page: #{PAGE}") response = get(PAGE) cookie = response['Set-Cookie'] data = cookie.split('=')[1] data = URI.decode_www_form_component(data) log("Data: #{data}") log('Searching the XOR encryption key') key = xor_encrypt( Base64.strict_decode64(data), JSON.generate(DEFAULT_DATA) ) log("Key found: #{key}") log('Searching a pattern of the key') pattern = String.new key.chars.each_with_index do |c, i| pattern << c break if pattern == key[(i + 1)..(i + pattern.length)] end log("Pattern found: #{pattern}") key = pattern data = DEFAULT_DATA.dup data['showpassword'] = 'yes' data = JSON.generate(data) log("Encrypting of new data: #{data}") data = xor_encrypt( data, key ) data = "data=#{Base64.strict_encode64(data)}" log("Setting the new Cookie HTTP header: #{data}") log("Parsing the page: #{PAGE}") data = get( PAGE, { 'Cookie' => data } ).body match = /The password for natas12 is (\w{32})<br>/.match(data) not_found unless match found(match[1]) end
xor_encrypt(data, key)
click to toggle source
# File lib/natas.rb, line 341 def xor_encrypt(data, key) out = String.new data.chars.each_with_index do |c, i| out << (c.ord ^ key[i % key.length].ord).chr end out end