Created
September 17, 2018 11:18
-
-
Save LuD1161/b2759d89be343dfcdbaa3337cb0fc743 to your computer and use it in GitHub Desktop.
Files for Hacker Movie Club Challenge - CSAW Quals 2018
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var token = null; | |
Promise.all([ | |
fetch('/api/movies').then(r=>r.json()), | |
fetch(`//3fad5c9a76928974bc36ef08fb1dfa2c98e98740.hm.vulnerable.services/cdn/main.mst`).then(r=>r.text()), | |
new Promise((resolve) => { | |
if (window.loaded_recapcha === true) | |
return resolve(); | |
window.loaded_recapcha = resolve; | |
}), | |
new Promise((resolve) => { | |
if (window.loaded_mustache === true) | |
return resolve(); | |
window.loaded_mustache = resolve; | |
}) | |
]).then(([user, view])=>{ | |
document.getElementById('content').innerHTML = Mustache.render(view,user); | |
grecaptcha.render(document.getElementById("captcha"), { | |
sitekey: '6Lc8ymwUAAAAAM7eBFxU1EBMjzrfC5By7HUYUud5', | |
theme: 'dark', | |
callback: t=> { | |
token = t; | |
document.getElementById('report').disabled = false; | |
} | |
}); | |
let hidden = true; | |
document.getElementById('report').onclick = () => { | |
if (hidden) { | |
document.getElementById("captcha").parentElement.style.display='block'; | |
document.getElementById('report').disabled = true; | |
hidden = false; | |
return; | |
} | |
fetch('/api/report',{ | |
method: 'POST', | |
body: JSON.stringify({token:token}) | |
}).then(r=>r.json()).then(j=>{ | |
if (j.success) { | |
// The admin is on her way to check the page | |
alert("Neo... nobody has ever done this before."); | |
alert("That's why it's going to work."); | |
} else { | |
alert("Dodge this."); | |
} | |
}); | |
} | |
}); | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
for (let t of document.head.children) { | |
if (t.tagName !== 'SCRIPT') | |
continue; | |
let { cdn, src } = t.dataset; | |
if (cdn === undefined || src === undefined) | |
continue; | |
fetch(`//${cdn}/cdn/${src}`,{ | |
headers: { | |
'X-Forwarded-Host':cdn | |
}} | |
).then(r=>r.blob()).then(b=> { | |
let u = URL.createObjectURL(b); | |
let s = document.createElement('script'); | |
s.src = u; | |
document.head.appendChild(s); | |
}); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment