def score(ip,flag,cookie):
#get old flag
if cookie != None:
try:
userName,password = cookie.split(":")
mainpage = pybrowse.Browser("http://" + ip + "/~estore/index.html")
mainpage.open()
mainpage.parse()
loginMainPage = login(mainpage, userName, password)
updatePage = loginMainPage.click("cgi-bin/update.php")
updatePage.parse()
updateForm = updatePage.forms[0]
updateForm.fields['username'] = userName
updateForm.fields['password'] = password
updateForm.fields['email'] = CtfUtil.getRandomEmail()
resultPage = updateForm.click(None)
successPtr = resultPage.page.find("address was:")
if(successPtr != -1):
oldFlag = resultPage.page[successPtr+13:][:len(flag)]
print "FLAG:",oldFlag
logout(loginMainPage)
except Exception, e:
print "ERROR: got exception %s getting flag" % (e)
def score(ip,flag,cookie):
#get old flag
if cookie != None:
try:
userName,password = cookie.split(":")
mainpage = pybrowse.Browser("http://" + ip + "/~estore/index.html")
mainpage.open()
mainpage.parse()
loginMainPage = login(mainpage, userName, password)
updatePage = loginMainPage.click("cgi-bin/update.php")
updatePage.parse()
updateForm = updatePage.forms[0]
updateForm.fields['username'] = userName
updateForm.fields['password'] = password
updateForm.fields['email'] = CtfUtil.getRandomEmail()
resultPage = updateForm.click(None)
successPtr = resultPage.page.find("address was:")
if(successPtr != -1):
oldFlag = resultPage.page[successPtr+13:][:len(flag)]
print "FLAG:",oldFlag
logout(loginMainPage)
except Exception, e:
print "ERROR: got exception %s getting flag" % (e)
def createAccount(name, passwd, role):
global myHost
mainpg = pybrowse.Browser("http://" + myHost + "/Therapy/createuser.do?role=" + role)
mainpg.open()
mainpg.parse()
userform = mainpg.forms[0]
userform.fields['firstname'] = CtfUtil.getRandomString(random.randint(4,10))
userform.fields['lastname'] = CtfUtil.getRandomString(random.randint(5,10))
userform.fields['email'] = CtfUtil.getRandomEmail()
userform.fields['username'] = name
userform.fields['password'] = passwd
userform.fields['role'] = role
resultPage = userform.click("submit")
resultPage = resultPage.doRedirects()
return resultPage
def createAccount(name, passwd, role):
global myHost
mainpg = pybrowse.Browser("http://" + myHost +
"/Therapy/createuser.do?role=" + role)
mainpg.open()
mainpg.parse()
userform = mainpg.forms[0]
userform.fields['firstname'] = CtfUtil.getRandomString(
random.randint(4, 10))
userform.fields['lastname'] = CtfUtil.getRandomString(random.randint(
5, 10))
userform.fields['email'] = CtfUtil.getRandomEmail()
userform.fields['username'] = name
userform.fields['password'] = passwd
userform.fields['role'] = role
resultPage = userform.click("submit")
resultPage = resultPage.doRedirects()
return resultPage
except Exception, e:
print "ERROR: got exception %s getting flag" % (e)
# set the new flag
try:
personality = browserpersonality.getRandomPersonality()
mainpg = pybrowse.Browser("http://" + ip + "/Site/Petition.html")
mainpg.open()
mainpg = pybrowse.Browser("http://" + ip + "/Site//Petition_files/widget1_markup.html")
mainpg.open()
mainpg.parse()
myform = mainpg.forms[0]
myform.fields["first"] = CtfUtil.getRandomString(random.randint(4,10))
myform.fields["last"] = CtfUtil.getRandomString(random.randint(4,10))
myform.fields["email"] = CtfUtil.getRandomEmail()
myform.fields["comment"] = flag
myform.fields["id"] = ""
resultingPage = myform.click(None)
resultingPage = resultingPage.doRedirects()
successPtr = resultingPage.page.find( "Your ID is " )
if successPtr != -1:
cookie = resultingPage.page[successPtr+11:][:8]
print "COOKIE:",cookie
except Exception, e:
print "ERROR: got exception %s setting new flag" % (e)
if __name__ == "__main__":
successPtr = resultPage.page.find("NOTE:")
if successPtr != -1:
endPointer = resultPage.page[successPtr+6:].find("\n")
oldFlagText = resultPage.page[successPtr+6:][:endPointer]
oldFlag = urllib.unquote(oldFlagText)[:len(flag)]
print "FLAG:",oldFlag
except Exception, e:
print "ERROR: got exception %s setting new flag" % (e)
sys.exit(1)
#set the new flag
try:
user = CtfUtil.getRandomString(random.randint(6,8))
email = CtfUtil.getRandomEmail()
note = flag
resultPage = getNotePage(ip,user,email,note)
successPtr = resultPage.page.find("Annotation saved!")
if successPtr == -1:
return
cookie = user+":"+email
print "COOKIE:",cookie
except Exception, e:
print "ERROR: got exception %s setting new flag" % (e)
if __name__ == "__main__":
#set the new flag
try:
personality = browserpersonality.getRandomPersonality()
mainpg = pybrowse.Browser("http://" + ip + "/~register/register.html", personality)
mainpg.open()
mainpg.parse()
registrationForm = mainpg.forms[0]
password = CtfUtil.getRandomAlphaNum(8)
wwid = flag
registrationForm.fields['first'] = CtfUtil.getRandomString(random.randint(5,7))
registrationForm.fields['last'] = CtfUtil.getRandomString(random.randint(6,9))
registrationForm.fields['dob'] = str(random.choice(months))+" "+str(random.randint(1,29))+", "+str(random.randint(1900,2000))
registrationForm.fields['email'] = CtfUtil.getRandomEmail()
registrationForm.fields['password'] = password
registrationForm.fields['wwid'] = wwid
resultingPage = registrationForm.click(None)
successPtr = resultingPage.page.find("Registration successful!")
if successPtr == -1:
print "ERROR: Could not set new flag"
return
cookie = password+":"+wwid
print "COOKIE:",cookie
except Exception, e:
sys.exit(1)
# set the new flag
try:
personality = browserpersonality.getRandomPersonality()
mainpg = pybrowse.Browser("http://" + ip + "/Site/Sound_of_music.html")
mainpg.open()
mainpg = pybrowse.Browser("http://" + ip + "/Site/Sound_of_music_files/widget1_markup.html")
mainpg.open()
mainpg.parse()
qForm = mainpg.forms[0]
myfirst =flag
mylast = CtfUtil.getRandomString(random.randint(3,10))
myemail = CtfUtil.getRandomEmail()
mypassword = CtfUtil.getRandomString(random.randint(3,10))
qForm.fields["first"] = myfirst
qForm.fields["last"] = mylast
qForm.fields["email"] = myemail
qForm.fields["password"] = mypassword
cookie = qForm.fields["email"] + ":" + qForm.fields["password"]
resultingPage = qForm.click(None)
resultingPage = resultingPage.doRedirects()
successPtr = resultingPage.page.find("successfully created")
if successPtr == -1:
print "ERROR: Error setting new flag"
return
except Exception, e:
print "ERROR: got exception '%s' when getting flag" % (e)
sys.exit(1)
# set new flag
try:
url = "http://" + ip + "/Site/Make_amends.html"
personality = browserpersonality.getRandomPersonality()
mainpg = pybrowse.Browser(url, personality)
mainpg.open()
# create a new user acccount
fname = CtfUtil.getRandomString(random.randint(6, 10))
lname = CtfUtil.getRandomString(random.randint(6, 10))
eaddr = CtfUtil.getRandomEmail()
files = getRandomPiratedFiles(random.randint(1, 5))
price = getRandomDollarAmount(random.randint(1, 5))
resultPage = createAccount(ip, fname, lname, eaddr, files, price)
# choose settlement letter format preference and get case id
caseid = chooseFormatPref(resultPage)
# login using the new account
resultPage = doNewLogin(ip, eaddr, caseid)
# view the settlement letter
viewSettlementLetter(resultPage)
# settle with the MAFIA
resultPage = paySettlement(resultPage, flag)
except Exception, e:
print "ERROR: got exception '%s' when getting flag" % (e)
sys.exit(1)
# set new flag
try:
url = "http://" + ip + "/Site/Make_amends.html"
personality = browserpersonality.getRandomPersonality()
mainpg = pybrowse.Browser(url, personality)
mainpg.open()
# create a new user acccount
fname = CtfUtil.getRandomString(random.randint(6,10))
lname = CtfUtil.getRandomString(random.randint(6,10))
eaddr = CtfUtil.getRandomEmail()
files = getRandomPiratedFiles(random.randint(1,5))
price = getRandomDollarAmount(random.randint(1,5))
resultPage = createAccount(ip,fname, lname, eaddr, files, price)
# choose settlement letter format preference and get case id
caseid = chooseFormatPref(resultPage)
# login using the new account
resultPage = doNewLogin(ip, eaddr, caseid)
# view the settlement letter
viewSettlementLetter(resultPage)
# settle with the MAFIA
resultPage = paySettlement(resultPage,flag)
mainpg.open()
mainpg.parse()
registrationForm = mainpg.forms[0]
password = CtfUtil.getRandomAlphaNum(8)
wwid = flag
registrationForm.fields['first'] = CtfUtil.getRandomString(
random.randint(5, 7))
registrationForm.fields['last'] = CtfUtil.getRandomString(
random.randint(6, 9))
registrationForm.fields['dob'] = str(
random.choice(months)) + " " + str(random.randint(
1, 29)) + ", " + str(random.randint(1900, 2000))
registrationForm.fields['email'] = CtfUtil.getRandomEmail()
registrationForm.fields['password'] = password
registrationForm.fields['wwid'] = wwid
resultingPage = registrationForm.click(None)
successPtr = resultingPage.page.find("Registration successful!")
if successPtr == -1:
print "ERROR: Could not set new flag"
return
cookie = password + ":" + wwid
print "COOKIE:", cookie
except Exception, e:
