-
Notifications
You must be signed in to change notification settings - Fork 0
/
captcha_fuzz.py
57 lines (47 loc) · 2.01 KB
/
captcha_fuzz.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
#!/usr/bin/env python3
#############################################################
# Custom Fuzzing Script for a basic, Captcha protected
# login page.
# Used in the TryHackMe Room: Capture!
# ( https://tryhackme.com/room/capture )
#############################################################
# import urllib.request
# from bs4 import BeautifulSoup
# Point this to your target box:
target_ip: str = '10.10.10.10'
def solve_captcha(captcha: str) -> int:
# This function calculates the actual captcha and returns the result.
# First split the captcha string by blanks:
components: list = captcha.split()
print(f"[=] I have gotten {components} out of the string!")
operand_one: int = int(components[0])
operator: str = components[1]
operand_two: int = int(components[2])
# Return a result depending upon the operator
match operator:
case '+':
return operand_one + operand_two
case '-':
return operand_one - operand_two
case '*':
return operand_one * operand_two
case '%':
return operand_one % operand_two
case _:
# Catch all the remaining cases and raise an error:
raise NotImplementedError("Operator not supported (yet).")
# === END def solve_captcha ===
def load_dictionary(filename: str) -> list:
# Logic for loading our wordlists and converting them
# into lists line-by-line for easier handling later on.
with open(filename, 'r', encoding="utf-8") as file:
wordlist: list = file.readlines()
print(f"[=] Loaded wordlist {filename} for: {len(wordlist)} items.")
return wordlist
# === END def load_dictionary ===
if __name__ == '__main__':
print(f"[I] First Test: {solve_captcha('200 % 10')}, second Test: {solve_captcha('200 - 10')}.")
passwords: list = load_dictionary('./passwords.txt')
usernames: list = load_dictionary('./usernames.txt')
# login_page = urllib.request.urlopen(f'http://{target_ip}/login')
# print(login_page.read())