Day 20 + 17 fix
This commit is contained in:
parent
a9efab946d
commit
45862b6590
@ -13,21 +13,21 @@ FLAG_PATTERN = re.compile("HV19\{[^}]*\}")
|
|||||||
# 1. register user santa
|
# 1. register user santa
|
||||||
res = SESSION.post(BASE_URL + "/register.php", data={"username": "śanta", "pwd": PASSWORD, "pwd2": PASSWORD})
|
res = SESSION.post(BASE_URL + "/register.php", data={"username": "śanta", "pwd": PASSWORD, "pwd2": PASSWORD})
|
||||||
if res.status_code != 200 or "Registration successful!" not in res.text:
|
if res.status_code != 200 or "Registration successful!" not in res.text:
|
||||||
print("Server returned: %d %s" % (res.status_code, res.status_text))
|
print("Server returned: %d %s" % (res.status_code, res.reason))
|
||||||
print(res.text)
|
print(res.text)
|
||||||
exit(1)
|
exit(1)
|
||||||
|
|
||||||
# 2. login
|
# 2. login
|
||||||
res = SESSION.post(BASE_URL + "/login.php", data={"username": "santa", "pwd": PASSWORD})
|
res = SESSION.post(BASE_URL + "/login.php", data={"username": "santa", "pwd": PASSWORD})
|
||||||
if res.status_code != 200 or "username not found or wrong password!" in res.text:
|
if res.status_code != 200 or "username not found or wrong password!" in res.text:
|
||||||
print("Server returned: %d %s" % (res.status_code, res.status_text))
|
print("Server returned: %d %s" % (res.status_code, res.reason))
|
||||||
print(res.text)
|
print(res.text)
|
||||||
exit(1)
|
exit(1)
|
||||||
|
|
||||||
# 3. get flag
|
# 3. get flag
|
||||||
res = SESSION.get(BASE_URL + "/admin.php")
|
res = SESSION.get(BASE_URL + "/admin.php")
|
||||||
if res.status_code != 200 or "username not found or wrong password!" in res.text:
|
if res.status_code != 200 or "username not found or wrong password!" in res.text:
|
||||||
print("Server returned: %d %s" % (res.status_code, res.status_text))
|
print("Server returned: %d %s" % (res.status_code, res.reason))
|
||||||
exit(1)
|
exit(1)
|
||||||
|
|
||||||
print(FLAG_PATTERN.search(res.text))
|
print(FLAG_PATTERN.search(res.text))
|
||||||
|
1
Day 20/.gitignore
vendored
Normal file
1
Day 20/.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
PS4UPDATE\.PUP
|
@ -1,9 +1,36 @@
|
|||||||
|
#!/usr/bin/python
|
||||||
|
|
||||||
byte_300 = [0xCE, 0x55, 0x95, 0x4E, 0x38, 0x0C5, 0x89, 0x0A5, 0x1B, 0x6F, 0x5E, 0x25, 0x0D2, 0x1D, 0x2A, 0x2B, 0x5E, 0x7B, 0x39, 0x14, 0x8E, 0x0D0, 0x0F0, 0x0F8, 0x0F8, 0x0A5]
|
import requests
|
||||||
|
import hashlib
|
||||||
|
import os
|
||||||
|
|
||||||
|
byte_300 = [0xCE, 0x55, 0x95, 0x4E, 0x38, 0x0C5, 0x89, 0x0A5, 0x1B, 0x6F, 0x5E, 0x25, 0x0D2, \
|
||||||
|
0x1D, 0x2A, 0x2B, 0x5E, 0x7B, 0x39, 0x14, 0x8E, 0x0D0, 0x0F0, 0x0F8, 0x0F8, 0x0A5]
|
||||||
|
|
||||||
|
EXPECTED_HASH = "f86d4f9d2c049547bd61f942151ffb55"
|
||||||
|
INPUT_FILE = "PS4UPDATE.PUP"
|
||||||
BUFFER_LENGTH = len(byte_300)
|
BUFFER_LENGTH = len(byte_300)
|
||||||
|
|
||||||
with open("PS4UPDATE.PUP", "rb") as f:
|
def downloadFile():
|
||||||
|
print("Downloading file…")
|
||||||
|
res = requests.get("https://psarchive.darksoftware.xyz/505Retail.PUP")
|
||||||
|
if res.status_code != 200:
|
||||||
|
print("Server returned: %d %s" % (res.status_code, res.reason))
|
||||||
|
exit(1)
|
||||||
|
|
||||||
|
buffer = res.content
|
||||||
|
hash = hashlib.md5(buffer).hexdigest()
|
||||||
|
if hash != EXPECTED_HASH:
|
||||||
|
print("Hash does not match:", hash)
|
||||||
|
exit(1)
|
||||||
|
|
||||||
|
with open(INPUT_FILE, "wb") as f:
|
||||||
|
f.write(buffer)
|
||||||
|
|
||||||
|
if not os.path.isfile(INPUT_FILE):
|
||||||
|
downloadFile()
|
||||||
|
|
||||||
|
with open(INPUT_FILE, "rb") as f:
|
||||||
|
|
||||||
v29 = byte_300.copy()
|
v29 = byte_300.copy()
|
||||||
v14 = 4919;
|
v14 = 4919;
|
||||||
|
Loading…
Reference in New Issue
Block a user