Want to run this Docker container locally?
docker run -d -p 9009:80 --name ctf-flag-9 --restart always joshbeck2024/ctf-cookie-brute-force-flag-9
- Create a folder called Lab09 and a file called lab09.py
One of the libraries that you’ll use frequently in pen-test scenarios or red-team engagements is the Python requests library. This library allows you to create web requests in your Python code, giving the end user a high degree of control over the data sent to a remote endpoint. (You’ve already seen the requests library used in the API lab.)
In this lab, we’ll solve Flag_9 on the iCSI Cyber Range.
Let’s start by going to the webpage at HTTP://172.25.200.200:9009.
Before we go to the next page, let’s write some initial code using the requests library that will fetch the first webpage and print back its various components. It would be a good idea to make the code below run and push it to GitHub. (The code snippet below is super helpful!)
- It would be best if you understood what each line here is doing. Between now and Christmas things are definitely going to go rodeo. This is as baseline easy as it gets.
Here is what your output should look like.
Summary: You can use the Python requests library like a web browser. As we move forward, you'll find that you have a very high degree of control over the data that is sent to the web server, which is good if you are trying to break things. (In this class, we are definitely in the business of breaking things!)
Next, let’s go to page1.php and take a look using the web browser.
The objective is to brute-force the cookie value on page1.php using the raft-small-words.txt wordlist. If you right-click and inspect the webpage, you should be able to locate the user_auth cookie that is currently set. If we can set that cookie to the correct value, the flag will be returned.
First, let’s download Daniel Meissler's raft-small-words.txt, a very common wordlist that can be used to brute-force all kinds of things.