def score(ip,flag,cookie): #get old flag if cookie != None: try: userName,password = cookie.split(":") mainpage = pybrowse.Browser("http://" + ip + "/~estore/index.html") mainpage.open() mainpage.parse() loginMainPage = login(mainpage, userName, password) updatePage = loginMainPage.click("cgi-bin/update.php") updatePage.parse() updateForm = updatePage.forms[0] updateForm.fields['username'] = userName updateForm.fields['password'] = password updateForm.fields['email'] = CtfUtil.getRandomEmail() resultPage = updateForm.click(None) successPtr = resultPage.page.find("address was:") if(successPtr != -1): oldFlag = resultPage.page[successPtr+13:][:len(flag)] print "FLAG:",oldFlag logout(loginMainPage) except Exception, e: print "ERROR: got exception %s getting flag" % (e)
def createAccount(name, passwd, role): global myHost mainpg = pybrowse.Browser("http://" + myHost + "/Therapy/createuser.do?role=" + role) mainpg.open() mainpg.parse() userform = mainpg.forms[0] userform.fields['firstname'] = CtfUtil.getRandomString(random.randint(4,10)) userform.fields['lastname'] = CtfUtil.getRandomString(random.randint(5,10)) userform.fields['email'] = CtfUtil.getRandomEmail() userform.fields['username'] = name userform.fields['password'] = passwd userform.fields['role'] = role resultPage = userform.click("submit") resultPage = resultPage.doRedirects() return resultPage
def createAccount(name, passwd, role): global myHost mainpg = pybrowse.Browser("http://" + myHost + "/Therapy/createuser.do?role=" + role) mainpg.open() mainpg.parse() userform = mainpg.forms[0] userform.fields['firstname'] = CtfUtil.getRandomString( random.randint(4, 10)) userform.fields['lastname'] = CtfUtil.getRandomString(random.randint( 5, 10)) userform.fields['email'] = CtfUtil.getRandomEmail() userform.fields['username'] = name userform.fields['password'] = passwd userform.fields['role'] = role resultPage = userform.click("submit") resultPage = resultPage.doRedirects() return resultPage
except Exception, e: print "ERROR: got exception %s getting flag" % (e) # set the new flag try: personality = browserpersonality.getRandomPersonality() mainpg = pybrowse.Browser("http://" + ip + "/Site/Petition.html") mainpg.open() mainpg = pybrowse.Browser("http://" + ip + "/Site//Petition_files/widget1_markup.html") mainpg.open() mainpg.parse() myform = mainpg.forms[0] myform.fields["first"] = CtfUtil.getRandomString(random.randint(4,10)) myform.fields["last"] = CtfUtil.getRandomString(random.randint(4,10)) myform.fields["email"] = CtfUtil.getRandomEmail() myform.fields["comment"] = flag myform.fields["id"] = "" resultingPage = myform.click(None) resultingPage = resultingPage.doRedirects() successPtr = resultingPage.page.find( "Your ID is " ) if successPtr != -1: cookie = resultingPage.page[successPtr+11:][:8] print "COOKIE:",cookie except Exception, e: print "ERROR: got exception %s setting new flag" % (e) if __name__ == "__main__":
successPtr = resultPage.page.find("NOTE:") if successPtr != -1: endPointer = resultPage.page[successPtr+6:].find("\n") oldFlagText = resultPage.page[successPtr+6:][:endPointer] oldFlag = urllib.unquote(oldFlagText)[:len(flag)] print "FLAG:",oldFlag except Exception, e: print "ERROR: got exception %s setting new flag" % (e) sys.exit(1) #set the new flag try: user = CtfUtil.getRandomString(random.randint(6,8)) email = CtfUtil.getRandomEmail() note = flag resultPage = getNotePage(ip,user,email,note) successPtr = resultPage.page.find("Annotation saved!") if successPtr == -1: return cookie = user+":"+email print "COOKIE:",cookie except Exception, e: print "ERROR: got exception %s setting new flag" % (e) if __name__ == "__main__":
#set the new flag try: personality = browserpersonality.getRandomPersonality() mainpg = pybrowse.Browser("http://" + ip + "/~register/register.html", personality) mainpg.open() mainpg.parse() registrationForm = mainpg.forms[0] password = CtfUtil.getRandomAlphaNum(8) wwid = flag registrationForm.fields['first'] = CtfUtil.getRandomString(random.randint(5,7)) registrationForm.fields['last'] = CtfUtil.getRandomString(random.randint(6,9)) registrationForm.fields['dob'] = str(random.choice(months))+" "+str(random.randint(1,29))+", "+str(random.randint(1900,2000)) registrationForm.fields['email'] = CtfUtil.getRandomEmail() registrationForm.fields['password'] = password registrationForm.fields['wwid'] = wwid resultingPage = registrationForm.click(None) successPtr = resultingPage.page.find("Registration successful!") if successPtr == -1: print "ERROR: Could not set new flag" return cookie = password+":"+wwid print "COOKIE:",cookie except Exception, e:
sys.exit(1) # set the new flag try: personality = browserpersonality.getRandomPersonality() mainpg = pybrowse.Browser("http://" + ip + "/Site/Sound_of_music.html") mainpg.open() mainpg = pybrowse.Browser("http://" + ip + "/Site/Sound_of_music_files/widget1_markup.html") mainpg.open() mainpg.parse() qForm = mainpg.forms[0] myfirst =flag mylast = CtfUtil.getRandomString(random.randint(3,10)) myemail = CtfUtil.getRandomEmail() mypassword = CtfUtil.getRandomString(random.randint(3,10)) qForm.fields["first"] = myfirst qForm.fields["last"] = mylast qForm.fields["email"] = myemail qForm.fields["password"] = mypassword cookie = qForm.fields["email"] + ":" + qForm.fields["password"] resultingPage = qForm.click(None) resultingPage = resultingPage.doRedirects() successPtr = resultingPage.page.find("successfully created") if successPtr == -1: print "ERROR: Error setting new flag" return
except Exception, e: print "ERROR: got exception '%s' when getting flag" % (e) sys.exit(1) # set new flag try: url = "http://" + ip + "/Site/Make_amends.html" personality = browserpersonality.getRandomPersonality() mainpg = pybrowse.Browser(url, personality) mainpg.open() # create a new user acccount fname = CtfUtil.getRandomString(random.randint(6, 10)) lname = CtfUtil.getRandomString(random.randint(6, 10)) eaddr = CtfUtil.getRandomEmail() files = getRandomPiratedFiles(random.randint(1, 5)) price = getRandomDollarAmount(random.randint(1, 5)) resultPage = createAccount(ip, fname, lname, eaddr, files, price) # choose settlement letter format preference and get case id caseid = chooseFormatPref(resultPage) # login using the new account resultPage = doNewLogin(ip, eaddr, caseid) # view the settlement letter viewSettlementLetter(resultPage) # settle with the MAFIA resultPage = paySettlement(resultPage, flag)
except Exception, e: print "ERROR: got exception '%s' when getting flag" % (e) sys.exit(1) # set new flag try: url = "http://" + ip + "/Site/Make_amends.html" personality = browserpersonality.getRandomPersonality() mainpg = pybrowse.Browser(url, personality) mainpg.open() # create a new user acccount fname = CtfUtil.getRandomString(random.randint(6,10)) lname = CtfUtil.getRandomString(random.randint(6,10)) eaddr = CtfUtil.getRandomEmail() files = getRandomPiratedFiles(random.randint(1,5)) price = getRandomDollarAmount(random.randint(1,5)) resultPage = createAccount(ip,fname, lname, eaddr, files, price) # choose settlement letter format preference and get case id caseid = chooseFormatPref(resultPage) # login using the new account resultPage = doNewLogin(ip, eaddr, caseid) # view the settlement letter viewSettlementLetter(resultPage) # settle with the MAFIA resultPage = paySettlement(resultPage,flag)
mainpg.open() mainpg.parse() registrationForm = mainpg.forms[0] password = CtfUtil.getRandomAlphaNum(8) wwid = flag registrationForm.fields['first'] = CtfUtil.getRandomString( random.randint(5, 7)) registrationForm.fields['last'] = CtfUtil.getRandomString( random.randint(6, 9)) registrationForm.fields['dob'] = str( random.choice(months)) + " " + str(random.randint( 1, 29)) + ", " + str(random.randint(1900, 2000)) registrationForm.fields['email'] = CtfUtil.getRandomEmail() registrationForm.fields['password'] = password registrationForm.fields['wwid'] = wwid resultingPage = registrationForm.click(None) successPtr = resultingPage.page.find("Registration successful!") if successPtr == -1: print "ERROR: Could not set new flag" return cookie = password + ":" + wwid print "COOKIE:", cookie except Exception, e: