Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import re
- import urllib
- import urllib2
- import basin
- import base64
- COOKIE = 'PHPSESSID=☆(ゝω・)v'
- def get(url):
- opener = urllib2.build_opener()
- request = urllib2.Request(url)
- request.add_header('Cookie', COOKIE)
- response = opener.open(request)
- return response
- def post(url, param):
- opener = urllib2.build_opener()
- request = urllib2.Request(url, urllib.urlencode(param))
- request.add_header('Cookie', COOKIE)
- response = opener.open(request)
- return response
- def getSolution(js):
- js = js.split(';')
- varname = js[0][4:5]
- result = {}
- for i in range(1, len(js)):
- if js[i][0:3] != 'var':
- continue
- if varname + '.createLinearGradient' in js[i]:
- continue
- # expression
- expression = js[i][6:]
- order = ''
- for j in range(i + 1, i + 8):
- matches = re.search('fillText\(\w+,(\d+),\d+\)', js[j])
- if matches != None:
- order = matches.group(1)
- break
- matches = re.match('/(\w+)/\.source', expression)
- if matches != None:
- result[order] = matches.group(1)
- continue
- matches = re.match('String\.fromCharCode\((\d+)\)', expression)
- if matches != None:
- result[order] = chr(int(matches.group(1)))
- continue
- matches = re.match('\(\'\'\+\!1\)\[(\d+)\]', expression)
- if matches != None:
- result[order] = 'false'[int(matches.group(1))]
- continue
- matches = re.match('\(\'\'\+\!0\)\[(\d+)\]', expression)
- if matches != None:
- result[order] = 'true'[int(matches.group(1))]
- continue
- matches = re.match('\(\[\]\[\+\[\]\]\+""\)\[(\d+)\]', expression)
- if matches != None:
- result[order] = 'undefined'[int(matches.group(1))]
- continue
- matches = re.match('\(\[\]\+\{\}\)\[(\d+)\]', expression)
- if matches != None:
- result[order] = '[object Object]'[int(matches.group(1))]
- continue
- matches = re.match('\((\d+)\)\.toString\(36\)', expression)
- if matches != None:
- result[order] = basin.encode("0123456789abcdefghijklmnopqrstuvwxyz", int(matches.group(1)))
- continue
- matches = re.match('atob\(\'([a-zA-Z0-9\=]+)\'\)', expression)
- if matches != None:
- result[order] = base64.b64decode(matches.group(1))
- continue
- matches = re.match('location\.pathname\[(\d+)\]', expression)
- if matches != None:
- result[order] = '/index.php'[int(matches.group(1))]
- continue
- print expression
- solution = ''
- for key in sorted(map(int, result.keys())):
- solution += result[str(key)]
- return solution
- if __name__ == '__main__':
- output = open('result.html', 'wb')
- body = get('https://wildwildweb.fluxfingers.net:1422/').read()
- for i in range(10):
- matches = re.search('<script>(.*?)</script>', body)
- solution = getSolution(matches.group(1))
- body = post('https://wildwildweb.fluxfingers.net:1422/index.php', {'solution': solution}).read()
- output.write(body)
- state = re.search('<p class=\'(?:pos|neg)\'>(.*?)</p>', body).group(1)
- print state
- if state == 'Code VALID !':
- matches = re.search('\?login\=(\w+)', body)
- open('login.html', 'wb').write(get('https://wildwildweb.fluxfingers.net:1422/index.php?login=' + matches.group(1)).read())
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement