Skip to content

Instantly share code, notes, and snippets.

@bullno1
Last active August 29, 2015 14:01
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save bullno1/3542179c43df937ae4f2 to your computer and use it in GitHub Desktop.
Give me SSD
#!/usr/bin/env python
import sys, httplib, urllib, hashlib, random, json
# Relevant JS code:
#
# return e = "52297d8e78ff8aed",
# t = CryptoJS.SHA256(Math.random().toString().substr(2, 5)).toString(),
# n = "//fastestgameonearth-com.herokuapp.com",
# $.ajax({
# url: n + "/handshake",
# type: "POST",
# data: {publicKey: t},
# error: this._onRegistrationError,
# success: function(r) {
# var s, o;
# return r.publicKey !== CryptoJS.SHA256(e + 1 + t).toString()
# ? i._onRegistrationError()
# : (t = CryptoJS.SHA256(7182 + r.publicKey).toString(),
# o = r.session_id, r = i.$("form").serialize(),
# s = "127.0.0.1",
# $.ajax({
# url: n + "/entries",
# type: "POST",
# data: r + "&entry[ip]=" + s + "&session_id=" + o + "&publicKey=" + t,
# success: i._onRegistrationSuccess,
# error: i._onRegistrationError
# })))
def main():
#Parse particulars
if len(sys.argv) >= 4:
first_name = sys.argv[1]
last_name = sys.argv[2]
email = sys.argv[3]
print "First name: " + first_name
print "Last name: " + last_name
print "Email: " + email
else:
print "Usage: give-me-ssd.py <first_name> <last_name> <email> [session_id]"
print "Run once for a session id and reuse it"
return
#Parse session id
session_id = None
headers = {
"Content-type": "application/x-www-form-urlencoded",
"Accept": "*",
'X-Requested-With': 'XMLHttpRequest'
}
if len(sys.argv) == 5:
session_id = sys.argv[4]
print "Using session_id: " + session_id
headers['Cookie'] = 'request_method=POST; _ssd-api_session=' + session_id
prefix = '52297d8e78ff8aed'
random.seed()
handshake_key = sha256(str(random.random())[2:5])
expected_key = sha256(prefix + '1' + handshake_key)
print "Handshake with key: " + handshake_key
print "Expect : " + expected_key
response = json.loads(post("/handshake", headers, {'publicKey': handshake_key})[1])
submit_key = response['publicKey']
session_id = response['session_id']
print "Got submit key: " + submit_key
print "Got session id: " + session_id
assert submit_key == expected_key
submit_key = sha256('7182' + submit_key)
submission = {
'entry[first_name]':first_name,
'entry[last_name]':last_name,
'entry[email]':email,
'entry[remember]':'on',
'entry[ip]':'127.0.0.1',
'session_id':session_id,
'publicKey':submit_key
}
headers['Cookie'] = 'request_method=POST; _ssd-api_session=' + session_id
print post('/entries', headers, submission)
def sha256(term):
return hashlib.sha256(term).hexdigest()
def post(path, headers, body):
params = urllib.urlencode(body, doseq = True)
conn = httplib.HTTPConnection("fastestgameonearth-com.herokuapp.com")
conn.request("POST", path, params, headers)
response = conn.getresponse()
return (response.status, response.read())
if __name__ == "__main__":
main()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment