Created
October 11, 2018 22:00
-
-
Save victorazzam/c9ef11599eca9ebda9693edb50f1faf0 to your computer and use it in GitHub Desktop.
Interact with the RingZer0 challenge site.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
import bs4, getpass, urllib3 | |
url = "https://ringzer0ctf.com" | |
url1 = f"{url}/login" | |
url2 = f"{url}/challenges" | |
# Set up the connection pool | |
http = urllib3.PoolManager() | |
# Disable InsecureRequestWarning | |
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) | |
# Initial request | |
r = http.request("GET", url1) | |
# Grab the session ID | |
cookie = r.headers["Set-Cookie"] | |
# Grab the CSRF token | |
csrf = r.data.decode("ascii").split("var _")[1][12:44] | |
# User details | |
user = input("Username: ") | |
pswd = getpass.getpass() | |
# Prepare the form data | |
form = {"username":user, "password":pswd, "csrf":csrf} | |
# Login | |
r = http.request("POST", url1, headers={"Cookie":cookie}, fields=form) | |
if u"Login failed" in r.data.decode("ascii"): | |
exit("Incorrect username or password!") | |
# Function to receive challenge info | |
def get_chall(n): | |
print(f"Getting challenge: {n}") | |
r = http.request("GET", f"{url2}/{n}", headers={"Cookie":cookie}) | |
recv = r.data.decode("ascii") | |
html = bs4.BeautifulSoup(recv, "html.parser") | |
return [x.text for x in html.findAll("div", {"class":"challenge-wrapper"})][0] | |
# Function to submit answer and logout | |
def answer_chall(n, a): | |
r = http.request("GET", f"{url2}/{n}/{a}", headers={"Cookie":cookie}) | |
recv = r.data.decode("ascii") | |
if "Wrong" in recv: | |
return "Incorrect answer or too slow!" | |
html = bs4.BeautifulSoup(recv, "html.parser") | |
flag = [x.text for x in html.findAll("div") if x.text.startswith("FLAG-")][0] | |
http.request("GET", f"{url1}/logout", headers={"Cookie":cookie}) | |
return flag | |
##### Solve challenge below! ##### | |
data = get_chall(13) | |
print(data) | |
import hashlib | |
msg = data.split("-----")[2].encode("ascii").strip() | |
hash = hashlib.sha512(msg).hexdigest() | |
print("Result: " + answer_chall(13, hash)) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment