def get(hostname, flag_id, flag, _): login, password, name = flag_id.split(',') try: cookies = auth(hostname, login, password) content = requests.get( PRIVATE_STORAGE_URL_TEMPLATE.format(hostname=hostname, port=PORT), cookies=cookies, headers=generate_headers(), ).content.decode() flag_pattern = re.compile("<td>{}</td>.*?<td>(.*?)</td>".format(name), re.DOTALL) matching = flag_pattern.search(content) if matching is None: print_to_stderr( "No matching with flag pattern, hostname: {}".format(hostname)) exit(CORRUPT) if len(matching.groups()) == 0: print_to_stderr( "Empty matching with flag pattern, hostname: {}".format( hostname)) exit(CORRUPT) if matching.group(1) != flag: print_to_stderr("Mismatch with exact flag={}, hostname: {}".format( flag, hostname)) exit(CORRUPT) except (ConnectionError, ConnectionRefusedError) as error: print_to_stderr("Connection error: hostname: {}, error: {}".format( hostname, error)) exit(DOWN) except (HTTPError, UnicodeDecodeError) as error: print_to_stderr( "HTTP or decoding error: hostname: {}, error: {}".format( hostname, error)) exit(MUMBLE) exit(OK)
def get_task_info(hostport, cookies, task_id, token): url = TASK_INFO_URL.format(hostport=hostport, task_id=task_id, token=token) r = requests.get( url, cookies=cookies, headers=generate_headers(), timeout=TIMEOUT, ) r.raise_for_status() data = json.loads(r.content) if "Stdoutb64" not in data or "Status" not in data or "Error" not in data: exit_with( MUMBLE, "task info response has no required field(s): {}".format(data)) stdoutb64 = data["Stdoutb64"] stdout = b64decode(stdoutb64) status = data["Status"] error = data["Error"] if not isinstance(stdout, bytes) or not isinstance( status, int) or not isinstance(error, str): exit_with( MUMBLE, "at least field in task info response has wrong type: {}".format( data)) return stdout, status, error
def auth(hostname, login, password): auth_url = AUTH_URL_TEMPLATE.format( hostname=hostname, port=PORT, login=login, password=password, ) r = requests.get(auth_url, headers=generate_headers()) return dict(r.request._cookies)
def signin(hostport, login, password): login_url = LOGIN_URL.format(hostport=hostport, login=login, password=password) r = requests.get(url=login_url, headers=generate_headers(), timeout=10) if r.status_code // 100 == 5: print_to_stderr("Status code for sign in = {}".format(r.status_code)) exit(DOWN) r.raise_for_status() return r.cookies
def register(hostport, password): url = REGISTER_URL.format(hostport=hostport) r = requests.post( url, json={"password": password}, headers=generate_headers(), timeout=TIMEOUT, ) r.raise_for_status() return r.cookies
def get_phrase_data(hostname, cookies): r = requests.get( url=PHRASE_URL.format(hostport="{}:{}".format(hostname, PORT)), headers=generate_headers(), cookies=cookies) if r.status_code // 100 == 5: print_to_stderr("Status code for get phrases={}, url=".format( r.status_code, r.url)) exit(DOWN) r.raise_for_status() return PHRASE_PATTERN.findall(r.content.decode())
def signup(hostport, login, password, phrase): register_url = REGISTER_URL.format(hostport=hostport, login=login, password=password, phrase=b64encode( phrase.encode()).decode()) r = requests.get(url=register_url, headers=generate_headers(), timeout=10) print_to_stderr("Sign up with {}".format(register_url)) if r.status_code // 100 == 5: print_to_stderr("Status code for sign up = {}".format(r.status_code)) exit(DOWN) r.raise_for_status() return r.cookies
def login(hostport, password, uid): url = LOGIN_URL.format(hostport=hostport) r = requests.post( url, json={ "userId": uid, "password": password }, headers=generate_headers(), timeout=TIMEOUT, ) r.raise_for_status() return r.cookies
def put(hostname, flag_id, flag, vuln): login = generate_login() password = generate_password() name = generate_name() exit_code = OK try: register_request = requests.get(REGISTER_URL_TEMPLATE.format( hostname=hostname, port=PORT, password=password, login=login, timeout=15, ), headers=generate_headers()) cookies = auth(hostname, login, password) register_request.raise_for_status() file = io.BytesIO(generate_torrent_dict(name, flag, login)) files = {'upload_file': file} upload_request = requests.post( UPLOAD_URL_TEMPLATE.format(hostname=hostname, port=PORT), cookies=cookies, files=files, headers=generate_headers(), timeout=15, ) upload_request.raise_for_status() except ConnectionError as error: print_to_stderr("Connection error: hostname: {}, error: {}".format( hostname, error)) exit_code = DOWN except HTTPError as error: print_to_stderr("HTTP Error: hostname: {}, error: {}".format( hostname, error)) exit_code = MUMBLE if exit_code == OK: print("{},{},{}".format(login, password, name)) exit(exit_code)
def run_task(hostport: str, cookies: CookieJar, source: str, stdin: bytes, token: str): url = RUN_TASK_URL.format(hostport=hostport) r = requests.post( url, cookies=cookies, json={ "source": source, "stdinb64": b64encode(stdin).decode(), "token": token, }, headers=generate_headers(), timeout=TIMEOUT, ) r.raise_for_status() data = json.loads(r.content) if "taskId" not in data: exit_with(MUMBLE, "run task response has not taskId: {}".format(data)) task_id = data["taskId"] if not isinstance(task_id, int): exit_with( MUMBLE, "task id is not int: ({}, {})".format(task_id, type(task_id))) return task_id