def get(hostname, flag_id, flag, _):
login, password, name = flag_id.split(',')
try:
cookies = auth(hostname, login, password)
content = requests.get(
PRIVATE_STORAGE_URL_TEMPLATE.format(hostname=hostname, port=PORT),
cookies=cookies,
headers=generate_headers(),
).content.decode()
flag_pattern = re.compile("<td>{}</td>.*?<td>(.*?)</td>".format(name),
re.DOTALL)
matching = flag_pattern.search(content)
if matching is None:
print_to_stderr(
"No matching with flag pattern, hostname: {}".format(hostname))
exit(CORRUPT)
if len(matching.groups()) == 0:
print_to_stderr(
"Empty matching with flag pattern, hostname: {}".format(
hostname))
exit(CORRUPT)
if matching.group(1) != flag:
print_to_stderr("Mismatch with exact flag={}, hostname: {}".format(
flag, hostname))
exit(CORRUPT)
except (ConnectionError, ConnectionRefusedError) as error:
print_to_stderr("Connection error: hostname: {}, error: {}".format(
hostname, error))
exit(DOWN)
except (HTTPError, UnicodeDecodeError) as error:
print_to_stderr(
"HTTP or decoding error: hostname: {}, error: {}".format(
hostname, error))
exit(MUMBLE)
exit(OK)
def get_task_info(hostport, cookies, task_id, token):
url = TASK_INFO_URL.format(hostport=hostport, task_id=task_id, token=token)
r = requests.get(
url,
cookies=cookies,
headers=generate_headers(),
timeout=TIMEOUT,
)
r.raise_for_status()
data = json.loads(r.content)
if "Stdoutb64" not in data or "Status" not in data or "Error" not in data:
exit_with(
MUMBLE,
"task info response has no required field(s): {}".format(data))
stdoutb64 = data["Stdoutb64"]
stdout = b64decode(stdoutb64)
status = data["Status"]
error = data["Error"]
if not isinstance(stdout, bytes) or not isinstance(
status, int) or not isinstance(error, str):
exit_with(
MUMBLE,
"at least field in task info response has wrong type: {}".format(
data))
return stdout, status, error
def auth(hostname, login, password):
auth_url = AUTH_URL_TEMPLATE.format(
hostname=hostname,
port=PORT,
login=login,
password=password,
)
r = requests.get(auth_url, headers=generate_headers())
return dict(r.request._cookies)
def signin(hostport, login, password):
login_url = LOGIN_URL.format(hostport=hostport,
login=login,
password=password)
r = requests.get(url=login_url, headers=generate_headers(), timeout=10)
if r.status_code // 100 == 5:
print_to_stderr("Status code for sign in = {}".format(r.status_code))
exit(DOWN)
r.raise_for_status()
return r.cookies
def register(hostport, password):
url = REGISTER_URL.format(hostport=hostport)
r = requests.post(
url,
json={"password": password},
headers=generate_headers(),
timeout=TIMEOUT,
)
r.raise_for_status()
return r.cookies
def get_phrase_data(hostname, cookies):
r = requests.get(
url=PHRASE_URL.format(hostport="{}:{}".format(hostname, PORT)),
headers=generate_headers(),
cookies=cookies)
if r.status_code // 100 == 5:
print_to_stderr("Status code for get phrases={}, url=".format(
r.status_code, r.url))
exit(DOWN)
r.raise_for_status()
return PHRASE_PATTERN.findall(r.content.decode())
def signup(hostport, login, password, phrase):
register_url = REGISTER_URL.format(hostport=hostport,
login=login,
password=password,
phrase=b64encode(
phrase.encode()).decode())
r = requests.get(url=register_url, headers=generate_headers(), timeout=10)
print_to_stderr("Sign up with {}".format(register_url))
if r.status_code // 100 == 5:
print_to_stderr("Status code for sign up = {}".format(r.status_code))
exit(DOWN)
r.raise_for_status()
return r.cookies
def login(hostport, password, uid):
url = LOGIN_URL.format(hostport=hostport)
r = requests.post(
url,
json={
"userId": uid,
"password": password
},
headers=generate_headers(),
timeout=TIMEOUT,
)
r.raise_for_status()
return r.cookies
def put(hostname, flag_id, flag, vuln):
login = generate_login()
password = generate_password()
name = generate_name()
exit_code = OK
try:
register_request = requests.get(REGISTER_URL_TEMPLATE.format(
hostname=hostname,
port=PORT,
password=password,
login=login,
timeout=15,
),
headers=generate_headers())
cookies = auth(hostname, login, password)
register_request.raise_for_status()
file = io.BytesIO(generate_torrent_dict(name, flag, login))
files = {'upload_file': file}
upload_request = requests.post(
UPLOAD_URL_TEMPLATE.format(hostname=hostname, port=PORT),
cookies=cookies,
files=files,
headers=generate_headers(),
timeout=15,
)
upload_request.raise_for_status()
except ConnectionError as error:
print_to_stderr("Connection error: hostname: {}, error: {}".format(
hostname, error))
exit_code = DOWN
except HTTPError as error:
print_to_stderr("HTTP Error: hostname: {}, error: {}".format(
hostname, error))
exit_code = MUMBLE
if exit_code == OK:
print("{},{},{}".format(login, password, name))
exit(exit_code)
def run_task(hostport: str, cookies: CookieJar, source: str, stdin: bytes,
token: str):
url = RUN_TASK_URL.format(hostport=hostport)
r = requests.post(
url,
cookies=cookies,
json={
"source": source,
"stdinb64": b64encode(stdin).decode(),
"token": token,
},
headers=generate_headers(),
timeout=TIMEOUT,
)
r.raise_for_status()
data = json.loads(r.content)
if "taskId" not in data:
exit_with(MUMBLE, "run task response has not taskId: {}".format(data))
task_id = data["taskId"]
if not isinstance(task_id, int):
exit_with(
MUMBLE,
"task id is not int: ({}, {})".format(task_id, type(task_id)))
return task_id
