def score(ip,flag,cookie):
#get old flag
if cookie != None:
try:
print cookie
name,id = cookie.split(":")
personality = browserpersonality.getRandomPersonality()
mainpg = pybrowse.Browser("http://" + ip + "/~pollit/pollit.html", personality)
mainpg.open()
mainpg.parse()
getPollForm = mainpg.forms[1]
getPollForm.fields['username'] = name
getPollForm.fields['pollid'] = id
resultPage = getPollForm.click(None)
successPtr = resultPage.page.find("-1")
print resultPage.page
if successPtr != -1:
oldFlag = resultPage.page[successPtr+3:][:len(flag)]
print "FLAG:",oldFlag
except Exception, e:
print "ERROR: got exception (%s) getting flag" % (e)
def score(ip,flag,cookie):
# get old flag
retFlag = None
if cookie != "":
try:
personality = browserpersonality.getRandomPersonality()
mainpg = pybrowse.Browser("http://" + ip + "/Site/Petition.html")
mainpg.open()
mainpg = pybrowse.Browser("http://" + ip + "/Site//Petition_files/widget1_markup.html")
mainpg.open()
mainpg.parse()
adminForm = mainpg.forms[0]
adminForm.fields["comment"] = ""
adminForm.fields["id"] = cookie
resultingPage = adminForm.click( None )
resultingPage = resultingPage.doRedirects()
successPtr = resultingPage.page.find("Your comment was:")
if successPtr != -1:
oldFlag = resultingPage.page[successPtr+18:][:len(flag)]
print "FLAG:",oldFlag
except Exception, e:
print "ERROR: got exception %s getting flag" % (e)
def score(ip,flag,cookie):
myPort = "4242"
oldFlag = None
# get old flag
if cookie != None:
artist_name, artist_pwd = cookie.split(":")
try:
personality = browserpersonality.getRandomPersonality()
# 1. go to the main page
mainpg = pybrowse.Browser("http://" + ip + "/Site/Bosses_and_artists.html")
mainpg.open()
# 2. login as an artist
mainpg = pybrowse.Browser("http://" + ip + ":" + myPort + "/artists/login/")
mainpg.open()
mainpg.parse()
adminForm = mainpg.forms[0]
adminForm.fields["username"] = artist_name
adminForm.fields["password"] = artist_pwd
resultingPage = adminForm.click( None )
resultingPage = resultingPage.doRedirects( )
resultingPage.parse()
successPtr = resultingPage.page.find("Confirmation number:")
if successPtr != -1:
oldFlag = resultingPage.page[successPtr + 21:][:len(flag)]
print "FLAG:",oldFlag
except Exception, e:
print "ERROR: got exception %s getting flag" % (e)
def score(ip,flag,cookie):
#get old flag
if cookie != None:
try:
password, wwid = cookie.split(':')
personality = browserpersonality.getRandomPersonality()
mainpg = pybrowse.Browser("http://" + ip + "/~register/register.html", personality)
mainpg.open()
mainpg.parse()
reviewForm = mainpg.forms[1]
reviewForm.fields["password"] = password
reviewForm.fields["wwid"] = wwid
resultingPage = reviewForm.click(None)
resultingPage = resultingPage.doRedirects()
successPtr = resultingPage.page.find("name=\"wwid\"")
if successPtr != -1:
oldFlag = resultingPage.page[successPtr+19:][:len(flag)]
print "FLAG:",oldFlag
except Exception, e:
print "ERROR: got exception %s getting flag" % (e)
def score(ip,flag,cookie):
# get old flag
if cookie != None:
try:
personality = browserpersonality.getRandomPersonality()
mainpg = pybrowse.Browser("http://" + ip + "/Site/Would_you.html")
mainpg.open()
mainpg = pybrowse.Browser("http://" + ip + "/Site//Would_you_files/widget1_markup.html")
mainpg.open()
mainpg.parse()
qForm = mainpg.forms[0]
qForm.fields["q1"] = random.choice(("yes", "no"))
qForm.fields["q2"] = random.choice(("yes", "no"))
qForm.fields["q3"] = random.choice(("yes", "no"))
qForm.fields["q5"] = random.choice(("yes", "no"))
qForm.fields["q6"] = random.choice(("yes", "no"))
qForm.fields["q7"] = random.choice(("yes", "no"))
qForm.fields["steal"] = flag
qForm.fields["signature"] = cookie
resultingPage = qForm.click(None)
resultingPage = resultingPage.doRedirects( )
successPtr = resultingPage.page.find("choice was:")
if successPtr != -1:
print "FLAG:",resultingPage.page[successPtr+12:][:len(flag)]
except Exception, e:
print "ERROR: got exception %s getting flag" % (e)
def score(ip, flag, cookie):
#get old flag
if cookie != None:
try:
print cookie
name, id = cookie.split(":")
personality = browserpersonality.getRandomPersonality()
mainpg = pybrowse.Browser("http://" + ip + "/~pollit/pollit.html",
personality)
mainpg.open()
mainpg.parse()
getPollForm = mainpg.forms[1]
getPollForm.fields['username'] = name
getPollForm.fields['pollid'] = id
resultPage = getPollForm.click(None)
successPtr = resultPage.page.find("-1")
print resultPage.page
if successPtr != -1:
oldFlag = resultPage.page[successPtr + 3:][:len(flag)]
print "FLAG:", oldFlag
except Exception, e:
print "ERROR: got exception (%s) getting flag" % (e)
def score(ip,flag,cookie):
#get old flag
if cookie != None:
try:
name = cookie
personality = browserpersonality.getRandomPersonality()
mainpg = pybrowse.Browser("http://" + ip + "/~feedback/cgi-bin/candidates.php", personality)
mainpg.open()
mainpg.parse()
candidate = random.randint(0,4)
feedbackForm = mainpg.forms[candidate]
feedbackForm.fields['name'] = name
feedbackForm.fields['comment'] = CtfUtil.getRandomString(5) + " " + CtfUtil.getRandomString(random.randint(4,9)) + random.choice(['?','.','!'])
resultPage = feedbackForm.click(None)
successPtr = resultPage.page.find("About")
if successPtr != -1:
oldFlag = resultPage.page[successPtr+9:][:len(flag)]
print "FLAG:",oldFlag
except Exception, e:
print "ERROR: got exception %s getting flag" % (e)
def score(ip,flag,cookie):
#get old flag
if cookie != None:
try:
(uname, pwd) = cookie.split(':')
personality = browserpersonality.getRandomPersonality()
mainpg = pybrowse.Browser("http://" + ip + "/~spamgen/cgi-bin/spamgen.py?action=read", personality, debug=0)
mainpg.open()
mainpg.parse()
adminForm = mainpg.forms[0]
adminForm.fields["uname"] = uname
adminForm.fields["pwd"] = pwd
resultingPage = adminForm.click(None)
resultingPage = resultingPage.doRedirects( )
successPtr = resultingPage.page.find( "</h3>" )
if successPtr != -1:
oldFlag = resultingPage.page[successPtr+6:][:len(flag)]
print "FLAG:",oldFlag
except Exception, e:
print "Error got exception %s getting flag" % (e)
def getNotePage(ip,user,email, note):
personality = browserpersonality.getRandomPersonality()
mainpg = pybrowse.Browser("http://" + ip + ":10080/", personality)
mainpg.open()
mainpg.parse()
noteForm = mainpg.forms[0]
noteForm.fields['user'] = user
noteForm.fields['email'] = email
noteForm.fields['note'] = note
return noteForm.click(None)
def getNotePage(ip,user,email, note):
personality = browserpersonality.getRandomPersonality()
mainpg = pybrowse.Browser("http://" + ip + ":10080/", personality)
mainpg.open()
mainpg.parse()
noteForm = mainpg.forms[0]
noteForm.fields['user'] = user
noteForm.fields['email'] = email
noteForm.fields['note'] = note
return noteForm.click(None)
def score(ip,flag,cookie):
#get old flag
if cookie != None:
try:
name = cookie
personality = browserpersonality.getRandomPersonality()
resultPage = pybrowse.Browser("http://" + ip + ":8081/notes?username="******"["+name+":")
if successPtr != -1:
oldFlag = resultPage.page[successPtr+len(name)+2:][:len(flag)]
print "FLAG:",oldFlag
except Exception, e:
print "ERROR: got exception %s getting flag" % (e)
def score(ip,flag,cookie):
# get old flag
oldFlag = ""
if cookie != None:
(myemail, mypassword) = cookie.split(':');
try:
personality = browserpersonality.getRandomPersonality()
mainpg = pybrowse.Browser("http://" + ip + "/Site/Sound_of_music.html")
mainpg.open()
# Logs in
mainpg = pybrowse.Browser("http://" + ip + "/Site/Sound_of_music_files/widget2_markup.html")
mainpg.open()
mainpg.parse()
qForm = mainpg.forms[0]
qForm.fields["email"] = myemail
qForm.fields["password"] = mypassword
resultingPage = qForm.click( None )
resultingPage = resultingPage.doRedirects( )
successPtr = resultingPage.page.find("successfully authenticated")
if successPtr == -1:
oldFlag = ""
else:
mainpg = pybrowse.Browser("http://" + ip + "/Site/Sound_of_music.html")
mainpg.open()
mainpg.parse()
resultingPage = pybrowse.Browser("http://" + ip + "/~copyright/cgi-bin/star.php", resultingPage.personality, resultingPage.referer, resultingPage.cookies)
resultingPage.open()
resultingPage.parse()
successPtr = resultingPage.page.find("Hello ")
if successPtr != -1:
oldFlag = resultingPage.page[successPtr+6:][:len(flag)]
else:
oldFlag = ""
print "FLAG:",oldFlag
except Exception, e:
print "ERROR: got exception [%s] getting flag" % (e)
sys.exit(1)
def score(ip,flag, cookie):
global myHost
myHost = ip + ":" + port
username = ""
password = ""
# get old flag
if cookie != None:
try:
if cookie.find(':') != -1:
username, password = cookie.split(":")
personality = browserpersonality.getRandomPersonality()
mainpg = pybrowse.Browser("http://" + myHost + "/Therapy/")
mainpg.open()
mainpg.parse()
if mainpg.containsLink("/Therapy/login.do") == None:
print "ERROR: no login.do link is found on the front page"
return
resultPage = doLogin(username, password)
# view user's private information
resultPage = resultPage.click(resultPage.links[9])
resultPage.doRedirects()
rawPage = resultPage.page
successPtr = rawPage.find("addinfo")
if successPtr >= 0:
oldFlag = rawPage[successPtr + 21:][:len(flag)]
print "FLAG:",oldFlag
# logout
resultPage.parse()
resultPage = resultPage.click(resultPage.links[10])
resultPage.doRedirects()
except Exception, e:
print "ERROR: got exception when getting flag: %s" % e
def score(ip, flag, cookie):
#get old flag
if cookie != None:
try:
name = cookie
personality = browserpersonality.getRandomPersonality()
resultPage = pybrowse.Browser(
"http://" + ip + ":8081/notes?username="******"[" + name + ":")
if successPtr != -1:
oldFlag = resultPage.page[successPtr + len(name) +
2:][:len(flag)]
print "FLAG:", oldFlag
except Exception, e:
print "ERROR: got exception %s getting flag" % (e)
def score(ip,flag,cookie):
personality = browserpersonality.getRandomPersonality()
if cookie != None:
try:
name,password = cookie.split(":")
senderText = "<sender><user>"+name+"</user><password>"+password+"</password></sender>"
codeText = "<code>set flag [store get flag]; results set $flag</code>"
agentText = "<agent>\n" + senderText +"\n"+codeText+"\n</agent>"
resultPage = postAgentText(ip,agentText)
oldFlag = resultPage[:len(flag)]
print "FLAG:",oldFlag
except Exception, e:
print "ERROR: got exception '%s' when getting flag" % (e)
return
def score(ip, flag, cookie):
personality = browserpersonality.getRandomPersonality()
if cookie != None:
try:
name, password = cookie.split(":")
senderText = "<sender><user>" + name + "</user><password>" + password + "</password></sender>"
codeText = "<code>set flag [store get flag]; results set $flag</code>"
agentText = "<agent>\n" + senderText + "\n" + codeText + "\n</agent>"
resultPage = postAgentText(ip, agentText)
oldFlag = resultPage[:len(flag)]
print "FLAG:", oldFlag
except Exception, e:
print "ERROR: got exception '%s' when getting flag" % (e)
return
def score(ip,flag,cookie):
#get old flag
if cookie != None:
try:
cc = cookie
personality = browserpersonality.getRandomPersonality()
resultPage = pybrowse.Browser("http://" + ip + "/~support/"+cc+".php", personality)
resultPage.open()
resultPage.parse()
successPtr = resultPage.page.find("(")
if successPtr != -1:
oldFlag = resultPage.page[successPtr+1:][:len(flag)]
print "FLAG:",oldFlag
except Exception, e:
print "ERROR: got exception %s getting flag" % (e)
def score(ip, flag, cookie):
global myHost
myHost = ip + ":" + port
username = ""
password = ""
# get old flag
if cookie != None:
try:
if cookie.find(':') != -1:
username, password = cookie.split(":")
personality = browserpersonality.getRandomPersonality()
mainpg = pybrowse.Browser("http://" + myHost + "/Therapy/")
mainpg.open()
mainpg.parse()
if mainpg.containsLink("/Therapy/login.do") == None:
print "ERROR: no login.do link is found on the front page"
return
resultPage = doLogin(username, password)
# view user's private information
resultPage = resultPage.click(resultPage.links[9])
resultPage.doRedirects()
rawPage = resultPage.page
successPtr = rawPage.find("addinfo")
if successPtr >= 0:
oldFlag = rawPage[successPtr + 21:][:len(flag)]
print "FLAG:", oldFlag
# logout
resultPage.parse()
resultPage = resultPage.click(resultPage.links[10])
resultPage.doRedirects()
except Exception, e:
print "ERROR: got exception when getting flag: %s" % e
def score(ip,flag,cookie):
personality = browserpersonality.getRandomPersonality()
if cookie != None:
try:
first,last = cookie.split(":")
getFlagUrl = ip+"/~museum/cgi-bin/museum_admin.pl?first="+first+"&last="+last+"&password=unbreakable"
getFlagPage = pybrowse.Browser("http://" + getFlagUrl)
getFlagPage.open()
rawPage = getFlagPage.page
oldFlag = rawPage[253:][:len(flag)]
print "FLAG:",oldFlag
except Exception, e:
print "ERROR: got exception '%s' when getting flag" % (e)
return
def score(ip, flag, cookie):
#get old flag
if cookie != None:
try:
cc = cookie
personality = browserpersonality.getRandomPersonality()
resultPage = pybrowse.Browser(
"http://" + ip + "/~support/" + cc + ".php", personality)
resultPage.open()
resultPage.parse()
successPtr = resultPage.page.find("(")
if successPtr != -1:
oldFlag = resultPage.page[successPtr + 1:][:len(flag)]
print "FLAG:", oldFlag
except Exception, e:
print "ERROR: got exception %s getting flag" % (e)
def score(ip, flag, cookie):
personality = browserpersonality.getRandomPersonality()
if cookie != None:
try:
first, last = cookie.split(":")
getFlagUrl = ip + "/~museum/cgi-bin/museum_admin.pl?first=" + first + "&last=" + last + "&password=unbreakable"
getFlagPage = pybrowse.Browser("http://" + getFlagUrl)
getFlagPage.open()
rawPage = getFlagPage.page
oldFlag = rawPage[253:][:len(flag)]
print "FLAG:", oldFlag
except Exception, e:
print "ERROR: got exception '%s' when getting flag" % (e)
return
def doReturningLogin(ip, eaddr, caseid):
url = "http://" + ip + "/~amends/cgi-bin/settlement.php"
personality = browserpersonality.getRandomPersonality()
mainpg = pybrowse.Browser(url, personality)
mainpg.open()
mainpg.parse()
loginForm = mainpg.forms[0]
loginForm.fields['email'] = eaddr
loginForm.fields['caseid'] = caseid
resultPage = loginForm.click(None)
resultPage = resultPage.doRedirects()
rawPage = resultPage.page
successPattern = "Settlement Confirmation"
successPtr = rawPage.find(successPattern)
if successPtr < 0:
print "ERROR: error in doReturningLogin"
sys.exit(2)
return resultPage
def doReturningLogin(ip,eaddr, caseid):
url = "http://" + ip + "/~amends/cgi-bin/settlement.php"
personality = browserpersonality.getRandomPersonality()
mainpg = pybrowse.Browser(url, personality);
mainpg.open()
mainpg.parse()
loginForm = mainpg.forms[0]
loginForm.fields['email'] = eaddr
loginForm.fields['caseid'] = caseid
resultPage = loginForm.click(None)
resultPage = resultPage.doRedirects()
rawPage = resultPage.page
successPattern = "Settlement Confirmation"
successPtr = rawPage.find(successPattern)
if successPtr < 0:
print "ERROR: error in doReturningLogin"
sys.exit(2)
return resultPage
def score(ip, flag, cookie):
personality = browserpersonality.getRandomPersonality()
if cookie != None:
try:
getFlagUrl = ip + "/~contribute/cgi-bin/history.py?name=" + cookie
getFlagPage = pybrowse.Browser("http://" + getFlagUrl)
getFlagPage.open()
rawPage = getFlagPage.page
successPattern = "address"
successPtr = rawPage.find(successPattern)
if successPtr >= 0:
oldFlag = rawPage[successPtr + 8:][:len(flag)]
print "FLAG:", oldFlag
except Exception, e:
print "ERROR: got exception '%s' when getting flag" % (e)
return
def score(ip,flag,cookie):
personality = browserpersonality.getRandomPersonality()
if cookie != None:
try:
getFlagUrl = ip+"/~contribute/cgi-bin/history.py?name="+cookie
getFlagPage = pybrowse.Browser("http://" + getFlagUrl)
getFlagPage.open()
rawPage = getFlagPage.page
successPattern = "address"
successPtr = rawPage.find(successPattern)
if successPtr >= 0:
oldFlag = rawPage[successPtr+8:][:len(flag)]
print "FLAG:",oldFlag
except Exception, e:
print "ERROR: got exception '%s' when getting flag" % (e)
return
def score(ip,flag,cookie):
personality = browserpersonality.getRandomPersonality()
if cookie != None:
try:
getFlagUrl = ip+"/~aqs/cgi-bin/guestbook.py?name="+cookie+"&command=lookup"
getFlagPage = pybrowse.Browser("http://" + getFlagUrl)
getFlagPage.open()
rawPage = getFlagPage.page
successPattern = cookie
successPtr = rawPage.find(successPattern)
if successPtr >= 0:
successPtr += len(cookie)
oldFlag = rawPage[successPtr+8:][:len(flag)]
print "FLAG:",oldFlag
except Exception, e:
print "ERROR: got exception '%s' when getting flag" % (e)
return
def score(ip, flag, cookie):
personality = browserpersonality.getRandomPersonality()
if cookie != None:
try:
getFlagUrl = ip + "/~acquire/cgi-bin/get.php?ip=" + cookie
getFlagPage = pybrowse.Browser("http://" + getFlagUrl)
getFlagPage.open()
rawPage = getFlagPage.page
successPattern = "entry was "
successPtr = rawPage.find(successPattern)
if successPtr < 0:
print "ERROR: Failed to retrieve a flag!"
else:
oldFlag = rawPage[successPtr + 48:][:len(flag)]
print "FLAG:", oldFlag
except Exception, e:
print "ERROR: got exception '%s' when getting flag" % (e)
def score(ip,flag,cookie):
personality = browserpersonality.getRandomPersonality()
if cookie != None:
try:
getFlagUrl = ip+"/~aqs/cgi-bin/guestbook.py?name="+cookie+"&command=lookup"
getFlagPage = pybrowse.Browser("http://" + getFlagUrl)
getFlagPage.open()
rawPage = getFlagPage.page
successPattern = cookie
successPtr = rawPage.find(successPattern)
if successPtr >= 0:
successPtr += len(cookie)
oldFlag = rawPage[successPtr+8:][:len(flag)]
print "FLAG:",oldFlag
except Exception, e:
print "ERROR: got exception '%s' when getting flag" % (e)
return
def score(ip,flag,cookie):
personality = browserpersonality.getRandomPersonality()
if cookie != None:
try:
getFlagUrl = ip+"/~acquire/cgi-bin/get.php?ip="+cookie
getFlagPage = pybrowse.Browser("http://" + getFlagUrl)
getFlagPage.open()
rawPage = getFlagPage.page
successPattern = "entry was "
successPtr = rawPage.find(successPattern)
if successPtr < 0:
print "ERROR: Failed to retrieve a flag!"
else:
oldFlag = rawPage[successPtr+48:][:len(flag)]
print "FLAG:",oldFlag
except Exception, e:
print "ERROR: got exception '%s' when getting flag" % (e)
def score(ip,flag,cookie):
#get old flag
if cookie != None:
try:
name,password = cookie.split(":")
personality = browserpersonality.getRandomPersonality()
mainpg = pybrowse.Browser("http://" + ip + "/~diebald/cgi-bin/admin", personality)
mainpg.open()
mainpg.parse()
getTaskForm = mainpg.forms[2]
getTaskForm.fields['username'] = name
getTaskForm.fields['password'] = password
resultPage = getTaskForm.click(None)
successPtr = resultPage.page.find("pre")
if successPtr != -1:
oldFlag = resultPage.page[successPtr+5:][:len(flag)]
print "FLAG:",oldFlag
except Exception, e:
print "ERROR: got exception %s getting flag" % (e)
def createAccount(ip,fname, lname, eaddr, files, price):
url = "http://" + ip + "/Site/Make_amends_files/widget1_markup.html"
personality = browserpersonality.getRandomPersonality()
mainpg = pybrowse.Browser(url, personality)
mainpg.open()
mainpg.parse()
userForm = mainpg.forms[0]
userForm.fields['first'] = fname
userForm.fields['last'] = lname
userForm.fields['email'] = eaddr
userForm.fields['comment'] = files
userForm.fields['price'] = price
resultPage = userForm.click(None)
rawPage = resultPage.page
successPattern = "Thank you for participating"
successPtr = rawPage.find(successPattern)
if successPtr < 0:
print "ERROR: error creating account"
sys.exit(2)
return resultPage
def createAccount(ip, fname, lname, eaddr, files, price):
url = "http://" + ip + "/Site/Make_amends_files/widget1_markup.html"
personality = browserpersonality.getRandomPersonality()
mainpg = pybrowse.Browser(url, personality)
mainpg.open()
mainpg.parse()
userForm = mainpg.forms[0]
userForm.fields['first'] = fname
userForm.fields['last'] = lname
userForm.fields['email'] = eaddr
userForm.fields['comment'] = files
userForm.fields['price'] = price
resultPage = userForm.click(None)
rawPage = resultPage.page
successPattern = "Thank you for participating"
successPtr = rawPage.find(successPattern)
if successPtr < 0:
print "ERROR: error creating account"
sys.exit(2)
return resultPage
def score(ip, flag, cookie):
myPort = "4242"
oldFlag = None
# get old flag
if cookie != None:
artist_name, artist_pwd = cookie.split(":")
try:
personality = browserpersonality.getRandomPersonality()
# 1. go to the main page
mainpg = pybrowse.Browser("http://" + ip +
"/Site/Bosses_and_artists.html")
mainpg.open()
# 2. login as an artist
mainpg = pybrowse.Browser("http://" + ip + ":" + myPort +
"/artists/login/")
mainpg.open()
mainpg.parse()
adminForm = mainpg.forms[0]
adminForm.fields["username"] = artist_name
adminForm.fields["password"] = artist_pwd
resultingPage = adminForm.click(None)
resultingPage = resultingPage.doRedirects()
resultingPage.parse()
successPtr = resultingPage.page.find("Confirmation number:")
if successPtr != -1:
oldFlag = resultingPage.page[successPtr + 21:][:len(flag)]
print "FLAG:", oldFlag
except Exception, e:
print "ERROR: got exception %s getting flag" % (e)
def score(ip, flag, cookie):
#get old flag
if cookie != None:
try:
name, password = cookie.split(":")
personality = browserpersonality.getRandomPersonality()
mainpg = pybrowse.Browser(
"http://" + ip + "/~diebald/cgi-bin/admin", personality)
mainpg.open()
mainpg.parse()
getTaskForm = mainpg.forms[2]
getTaskForm.fields['username'] = name
getTaskForm.fields['password'] = password
resultPage = getTaskForm.click(None)
successPtr = resultPage.page.find("pre")
if successPtr != -1:
oldFlag = resultPage.page[successPtr + 5:][:len(flag)]
print "FLAG:", oldFlag
except Exception, e:
print "ERROR: got exception %s getting flag" % (e)
qForm.fields["q7"] = random.choice(("yes", "no"))
qForm.fields["steal"] = flag
qForm.fields["signature"] = cookie
resultingPage = qForm.click(None)
resultingPage = resultingPage.doRedirects( )
successPtr = resultingPage.page.find("choice was:")
if successPtr != -1:
print "FLAG:",resultingPage.page[successPtr+12:][:len(flag)]
except Exception, e:
print "ERROR: got exception %s getting flag" % (e)
# set the new flag
try:
personality = browserpersonality.getRandomPersonality()
mainpg = pybrowse.Browser("http://" + ip + "/Site/Would_you.html")
mainpg.open()
mainpg = pybrowse.Browser("http://" + ip + "/Site//Would_you_files/widget1_markup.html")
mainpg.open()
mainpg.parse()
qForm = mainpg.forms[0]
qForm.fields["q1"] = random.choice(("yes", "no"))
qForm.fields["q2"] = random.choice(("yes", "no"))
qForm.fields["q3"] = random.choice(("yes", "no"))
qForm.fields["q5"] = random.choice(("yes", "no"))
qForm.fields["q6"] = random.choice(("yes", "no"))
qForm.fields["q7"] = random.choice(("yes", "no"))
cookie = CtfUtil.getRandomString(random.randint(3,10))
feedbackForm.fields['name'] = name
feedbackForm.fields['comment'] = CtfUtil.getRandomString(5) + " " + CtfUtil.getRandomString(random.randint(4,9)) + random.choice(['?','.','!'])
resultPage = feedbackForm.click(None)
successPtr = resultPage.page.find("About")
if successPtr != -1:
oldFlag = resultPage.page[successPtr+9:][:len(flag)]
print "FLAG:",oldFlag
except Exception, e:
print "ERROR: got exception %s getting flag" % (e)
#set the new flag
try:
personality = browserpersonality.getRandomPersonality()
mainpg = pybrowse.Browser("http://" + ip + "/~feedback/cgi-bin/candidates.php", personality)
mainpg.open()
mainpg.parse()
candidate = random.randint(0,4)
feedbackForm = mainpg.forms[candidate]
name = CtfUtil.getRandomString(random.randint(6,8))
feedbackForm.fields['name'] = name
feedbackForm.fields['comment'] = flag
resultPage = feedbackForm.click(None)
successPtr = resultPage.page.find("feedback so far")
if successPtr == -1:
