def createUser(mainpage,flag):
try:
userPage = mainpage.click("cgi-bin/createuser.php")
userPage.parse()
userForm = userPage.forms[0];
userName = CtfUtil.getRandomString(random.randint(6,8))
firstName = CtfUtil.getRandomString(random.randint(6,8))
lastName = CtfUtil.getRandomString(random.randint(6,8))
password = CtfUtil.getRandomAlphaNum(8)
email = flag
userForm.fields['username'] = userName
userForm.fields['lastname'] = lastName
userForm.fields['firstname']= firstName
userForm.fields['password'] = password
userForm.fields['email'] = email
resultPage = userForm.click(None)
successPtr = resultPage.page.find("User successfully created!")
if successPtr != -1:
return userName,password
else:
sys.exit(-1)
except Exception, e:
print "ERROR: got exception %s creating user" % (e)
sys.exit(-1)
def createUser(mainpage,flag):
try:
userPage = mainpage.click("cgi-bin/createuser.php")
userPage.parse()
userForm = userPage.forms[0];
userName = CtfUtil.getRandomString(random.randint(6,8))
firstName = CtfUtil.getRandomString(random.randint(6,8))
lastName = CtfUtil.getRandomString(random.randint(6,8))
password = CtfUtil.getRandomAlphaNum(8)
email = flag
userForm.fields['username'] = userName
userForm.fields['lastname'] = lastName
userForm.fields['firstname']= firstName
userForm.fields['password'] = password
userForm.fields['email'] = email
resultPage = userForm.click(None)
successPtr = resultPage.page.find("User successfully created!")
if successPtr != -1:
return userName,password
else:
sys.exit(-1)
except Exception, e:
print "ERROR: got exception %s creating user" % (e)
sys.exit(-1)
def score(ip,flag,cookie):
#get old flag
if cookie != None:
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((ip, port))
name = cookie
topic = CtfUtil.getRandomAlphaNum(random.randint(3,8))
msg = name+" " + topic + "\n"
response = initConversation(msg,sock)
successPtr = response.find("Last time")
if successPtr != -1:
oldFlag = response[successPtr+32:][:len(flag)]
print "FLAG:",oldFlag
sock.close()
except Exception, e:
print "ERROR: got exception %s getting flag" % (e)
def score(ip, flag, cookie):
#get old flag
if cookie != None:
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((ip, port))
name = cookie
topic = CtfUtil.getRandomAlphaNum(random.randint(3, 8))
msg = name + " " + topic + "\n"
response = initConversation(msg, sock)
successPtr = response.find("Last time")
if successPtr != -1:
oldFlag = response[successPtr + 32:][:len(flag)]
print "FLAG:", oldFlag
sock.close()
except Exception, e:
print "ERROR: got exception %s getting flag" % (e)
codeText = "<code>set flag [store get flag]; results set $flag</code>"
agentText = "<agent>\n" + senderText +"\n"+codeText+"\n</agent>"
resultPage = postAgentText(ip,agentText)
oldFlag = resultPage[:len(flag)]
print "FLAG:",oldFlag
except Exception, e:
print "ERROR: got exception '%s' when getting flag" % (e)
return
#set new flag
try:
name = CtfUtil.getRandomString(random.randint(6,8))
password = CtfUtil.getRandomAlphaNum(8)
senderText = "<sender><user>"+name+"</user><password>"+password+"</password></sender>"
codeText = "<code>store set flag \""+flag+"\"; results set \"Flag was set\";</code>"
agentText = "<agent>\n" + senderText +"\n"+codeText+"\n</agent>"
resultPage = postAgentText(ip,agentText)
successPattern = "Flag was set"
successPtr = resultPage.find(successPattern)
if successPtr >= 0:
cookie = name+":"+password
print "COOKIE:",cookie
codeText = "<code>set flag [store get flag]; results set $flag</code>"
agentText = "<agent>\n" + senderText + "\n" + codeText + "\n</agent>"
resultPage = postAgentText(ip, agentText)
oldFlag = resultPage[:len(flag)]
print "FLAG:", oldFlag
except Exception, e:
print "ERROR: got exception '%s' when getting flag" % (e)
return
#set new flag
try:
name = CtfUtil.getRandomString(random.randint(6, 8))
password = CtfUtil.getRandomAlphaNum(8)
senderText = "<sender><user>" + name + "</user><password>" + password + "</password></sender>"
codeText = "<code>store set flag \"" + flag + "\"; results set \"Flag was set\";</code>"
agentText = "<agent>\n" + senderText + "\n" + codeText + "\n</agent>"
resultPage = postAgentText(ip, agentText)
successPattern = "Flag was set"
successPtr = resultPage.find(successPattern)
if successPtr >= 0:
cookie = name + ":" + password
print "COOKIE:", cookie
if successPtr != -1:
oldFlag = resultPage.page[successPtr+3:][:len(flag)]
print "FLAG:",oldFlag
except Exception, e:
print "ERROR: got exception (%s) getting flag" % (e)
#set the new flag
try:
personality = browserpersonality.getRandomPersonality()
mainpg = pybrowse.Browser("http://" + ip + "/~pollit/pollit.html", personality)
mainpg.open()
mainpg.parse()
name = CtfUtil.getRandomString(random.randint(6,8))
id = CtfUtil.getRandomAlphaNum(6)
createPollForm = mainpg.forms[0]
for candidate in candidates:
createPollForm.fields[candidate] = str(random.randint(1,100))
candidate = random.choice(candidates)
createPollForm.fields[candidate] = "-1 "+flag
createPollForm.fields['username'] = name
createPollForm.fields['pollid'] = id
resultPage = createPollForm.click(None)
successPtr = resultPage.page.find("saved.")
oldFlag = resultPage.page[successPtr + 3:][:len(flag)]
print "FLAG:", oldFlag
except Exception, e:
print "ERROR: got exception (%s) getting flag" % (e)
#set the new flag
try:
personality = browserpersonality.getRandomPersonality()
mainpg = pybrowse.Browser("http://" + ip + "/~pollit/pollit.html",
personality)
mainpg.open()
mainpg.parse()
name = CtfUtil.getRandomString(random.randint(6, 8))
id = CtfUtil.getRandomAlphaNum(6)
createPollForm = mainpg.forms[0]
for candidate in candidates:
createPollForm.fields[candidate] = str(random.randint(1, 100))
candidate = random.choice(candidates)
createPollForm.fields[candidate] = "-1 " + flag
createPollForm.fields['username'] = name
createPollForm.fields['pollid'] = id
resultPage = createPollForm.click(None)
successPtr = resultPage.page.find("saved.")
