def createUser(mainpage,flag): try: userPage = mainpage.click("cgi-bin/createuser.php") userPage.parse() userForm = userPage.forms[0]; userName = CtfUtil.getRandomString(random.randint(6,8)) firstName = CtfUtil.getRandomString(random.randint(6,8)) lastName = CtfUtil.getRandomString(random.randint(6,8)) password = CtfUtil.getRandomAlphaNum(8) email = flag userForm.fields['username'] = userName userForm.fields['lastname'] = lastName userForm.fields['firstname']= firstName userForm.fields['password'] = password userForm.fields['email'] = email resultPage = userForm.click(None) successPtr = resultPage.page.find("User successfully created!") if successPtr != -1: return userName,password else: sys.exit(-1) except Exception, e: print "ERROR: got exception %s creating user" % (e) sys.exit(-1)
def score(ip,flag,cookie): #get old flag if cookie != None: try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.connect((ip, port)) name = cookie topic = CtfUtil.getRandomAlphaNum(random.randint(3,8)) msg = name+" " + topic + "\n" response = initConversation(msg,sock) successPtr = response.find("Last time") if successPtr != -1: oldFlag = response[successPtr+32:][:len(flag)] print "FLAG:",oldFlag sock.close() except Exception, e: print "ERROR: got exception %s getting flag" % (e)
def score(ip, flag, cookie): #get old flag if cookie != None: try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.connect((ip, port)) name = cookie topic = CtfUtil.getRandomAlphaNum(random.randint(3, 8)) msg = name + " " + topic + "\n" response = initConversation(msg, sock) successPtr = response.find("Last time") if successPtr != -1: oldFlag = response[successPtr + 32:][:len(flag)] print "FLAG:", oldFlag sock.close() except Exception, e: print "ERROR: got exception %s getting flag" % (e)
codeText = "<code>set flag [store get flag]; results set $flag</code>" agentText = "<agent>\n" + senderText +"\n"+codeText+"\n</agent>" resultPage = postAgentText(ip,agentText) oldFlag = resultPage[:len(flag)] print "FLAG:",oldFlag except Exception, e: print "ERROR: got exception '%s' when getting flag" % (e) return #set new flag try: name = CtfUtil.getRandomString(random.randint(6,8)) password = CtfUtil.getRandomAlphaNum(8) senderText = "<sender><user>"+name+"</user><password>"+password+"</password></sender>" codeText = "<code>store set flag \""+flag+"\"; results set \"Flag was set\";</code>" agentText = "<agent>\n" + senderText +"\n"+codeText+"\n</agent>" resultPage = postAgentText(ip,agentText) successPattern = "Flag was set" successPtr = resultPage.find(successPattern) if successPtr >= 0: cookie = name+":"+password print "COOKIE:",cookie
codeText = "<code>set flag [store get flag]; results set $flag</code>" agentText = "<agent>\n" + senderText + "\n" + codeText + "\n</agent>" resultPage = postAgentText(ip, agentText) oldFlag = resultPage[:len(flag)] print "FLAG:", oldFlag except Exception, e: print "ERROR: got exception '%s' when getting flag" % (e) return #set new flag try: name = CtfUtil.getRandomString(random.randint(6, 8)) password = CtfUtil.getRandomAlphaNum(8) senderText = "<sender><user>" + name + "</user><password>" + password + "</password></sender>" codeText = "<code>store set flag \"" + flag + "\"; results set \"Flag was set\";</code>" agentText = "<agent>\n" + senderText + "\n" + codeText + "\n</agent>" resultPage = postAgentText(ip, agentText) successPattern = "Flag was set" successPtr = resultPage.find(successPattern) if successPtr >= 0: cookie = name + ":" + password print "COOKIE:", cookie
if successPtr != -1: oldFlag = resultPage.page[successPtr+3:][:len(flag)] print "FLAG:",oldFlag except Exception, e: print "ERROR: got exception (%s) getting flag" % (e) #set the new flag try: personality = browserpersonality.getRandomPersonality() mainpg = pybrowse.Browser("http://" + ip + "/~pollit/pollit.html", personality) mainpg.open() mainpg.parse() name = CtfUtil.getRandomString(random.randint(6,8)) id = CtfUtil.getRandomAlphaNum(6) createPollForm = mainpg.forms[0] for candidate in candidates: createPollForm.fields[candidate] = str(random.randint(1,100)) candidate = random.choice(candidates) createPollForm.fields[candidate] = "-1 "+flag createPollForm.fields['username'] = name createPollForm.fields['pollid'] = id resultPage = createPollForm.click(None) successPtr = resultPage.page.find("saved.")
oldFlag = resultPage.page[successPtr + 3:][:len(flag)] print "FLAG:", oldFlag except Exception, e: print "ERROR: got exception (%s) getting flag" % (e) #set the new flag try: personality = browserpersonality.getRandomPersonality() mainpg = pybrowse.Browser("http://" + ip + "/~pollit/pollit.html", personality) mainpg.open() mainpg.parse() name = CtfUtil.getRandomString(random.randint(6, 8)) id = CtfUtil.getRandomAlphaNum(6) createPollForm = mainpg.forms[0] for candidate in candidates: createPollForm.fields[candidate] = str(random.randint(1, 100)) candidate = random.choice(candidates) createPollForm.fields[candidate] = "-1 " + flag createPollForm.fields['username'] = name createPollForm.fields['pollid'] = id resultPage = createPollForm.click(None) successPtr = resultPage.page.find("saved.")