Proj 2x: HTTP Login Challenges (Up to 35 pts. extra credit)

What You Need

A Kali Linux machine, real or virtual. You could use Windows with Python installed, but it's easier to just use Linux.

Challenge 1: Brute Forcing a Login Form (15 pts. extra credit)

Write a script in Python to try all possible credentials and get into the form below.

The user name is one of these:

The PIN is a two-digit number, like this:

Username:      

PIN:      

Write a script that finds the correct credentials and logs in.

Don't forget to start by capturing a login with Wireshark, to see the correct format of the HTTP request!

When you find it, save an image showing the correct user name and PIN, and also the secret word the server sends, as shown below:

Save a whole-desktop image as "Proj 2xa from YOUR NAME".

Challenge 2: Four Accounts (20 pts. extra credit)

Break into each of the four accounts below. Save an image of the successful login screen for each one.

Save the whole-desktop images as "Proj 2xb", "Proj 2xc", "Proj 2xd", and "Proj 2xe".

Username:            PIN:    

Credits

CEO: Sarah Bellum
Staff: Pete Moss, Sandy Beach
(Stolen from A Prairie Home Companion)

Hint

Turning in Your Project

Send the images to cnit.124@gmail.com with a subject of "Proj 2x from YOUR NAME".

Sources

Python Network Programming
17.2. socket -- Low-level networking interface
How can I make a time delay in Python?

Last revised: 1-5-17