Untitled

#!/usr/bin/env python

import string
import urllib
import urllib2
import time
import re
import base64
import sys
from PIL import Image
import pytesseract
import hashlib

## Settings
URL_BASE = "http://51.15.73.163/BOT-WORLD/"
URL_INDEX = URL_BASE + "index.php"
URL_GENERATE = URL_BASE + "generate_captcha.php"

def sha256(text):
    h = hashlib.new('sha256')

    h.update(text.encode("utf-8"))

    return h.hexdigest()

def is_ascii(s):
    return all(ord(c) < 128 for c in s)

def getTitle(data):
    result = re.search(r"<h4>(.+)</h4>", data, re.M|re.I)
    title = result.group(1) if result else ""

    return title

def getWebsiteCode(data):
    data = urllib.unquote(data).decode('utf8')

    result = re.search(r"data=(.+)\'", data, re.M|re.I)
    website_code = result.group(1) if result else ""

    return website_code

def getFlag(data):
    result = re.search(r"(CTF{.+})", data, re.M|re.I)

    flag = result.group(1) if result else ""

    return flag

"""
    Results get/save
"""
def getResults():
    list = {}

    with open('results.txt') as fp:
        for line in fp:
            result = re.search(r"(.+)   (.+)", line, re.M|re.I)

            ## Get website code
            website_code = result.group(1)

            ## Get captcha code
            captcha_code = result.group(2)

            list[website_code] = captcha_code

    return list

def saveResults(website_code, captcha_code):
    f = open("results.txt","a+")

    if f:
        f.write("{} {}\n".format(website_code, captcha_code))

        f.close()

"""

"""
def createSession():
    session = urllib2.build_opener()

    ## Go to index page
    response = session.open(URL_INDEX)
    data = response.read()

    ## Get Cookie
    cookie = response.info().getheader('Set-cookie')
    cookie = cookie[cookie.find("=")+1:cookie.find(";")]

    ## Set Cookie
    session.addheaders.append(("Cookie", "PHPSESSID={}".format(cookie)))

    return session, getWebsiteCode(data)

def downloadImage(session, website_code):
    website_code = urllib.quote(website_code, safe='')

    file_name = "download/{}.png".format(website_code)

    ## Download Picture
    response = session.open(URL_GENERATE + "?data=" + website_code)
    data = response.read()

    ## Save picture
    f = open(file_name, "wb")
    f.write(data)
    f.close()

def removeNoice(website_code):
    website_code = urllib.quote(website_code, safe='')

    infile_path = "download/{}.png".format(website_code)
    outfile_path = "unfilter/{}.png".format(website_code)

    im = Image.open(infile_path)
    im = im.convert('RGB')
    pix = im.load()

    w = im.size[0]
    h = im.size[1]

    gen_im = Image.new("RGB", (w, h), "white")
    gen_pix = gen_im.load()

    # Patch pixels
    for y in range(h):
        for x in range(w):
            if pix[x, y][0] != 15 and pix[x, y][1] != 15 and pix[x, y][2] != 15:
                gen_pix[x, y] = pix[x, y]

    gen_im.save(outfile_path, "PNG")

    return gen_im

"""

"""
def genReverse(results):
    reverse = [{} for x in range(10)]

    for website_code in results:
        decode_web = base64.b64decode(website_code)
        captcha_code = results[website_code]

        ## Create results
        reverse[0][ord(decode_web[0])] = captcha_code[0]
        reverse[1][ord(decode_web[1])] = captcha_code[1]
        reverse[2][ord(decode_web[2])] = captcha_code[2]
        reverse[3][ord(decode_web[3])] = captcha_code[3]
        reverse[4][ord(decode_web[4])] = captcha_code[4]
        reverse[5][ord(decode_web[5])] = captcha_code[5]
        reverse[6][ord(decode_web[6])] = captcha_code[6]
        reverse[7][ord(decode_web[7])] = captcha_code[7]
        reverse[8][ord(decode_web[8])] = captcha_code[8]
        reverse[9][ord(decode_web[9])] = captcha_code[9]

    return reverse

def decode(reverse, website_code):
    decode_web = base64.b64decode(website_code)

    ## Debug
    ##print(decode_web)

    captcha_code = reverse[0][ord(decode_web[0])]
    captcha_code += reverse[1][ord(decode_web[1])]
    captcha_code += reverse[2][ord(decode_web[2])]
    captcha_code += reverse[3][ord(decode_web[3])]
    captcha_code += reverse[4][ord(decode_web[4])]
    captcha_code += reverse[5][ord(decode_web[5])]
    captcha_code += reverse[6][ord(decode_web[6])]
    captcha_code += reverse[7][ord(decode_web[7])]
    captcha_code += reverse[8][ord(decode_web[8])]
    captcha_code += reverse[9][ord(decode_web[9])]

    return captcha_code

def test(results, reverse):
    for website_code in results:
        captcha_code = decode(reverse, website_code)

        if captcha_code != results[website_code]:
            print(website_code)
            print(captcha_code)
            print(results[website_code])
            print("-------------")

            print("Oeps something went wrong! :O YOU FAILL!!!!")

            return False

    print("Passed all tests! Good Job! :D")

    return True

def total(reverse):
    c = 0

    for l in reverse:
        c += len(l)

    return c

def analiseResults():
    results = getResults()
    reverse = genReverse(results)

    print("total found = {}".format(total(reverse)))

    test(results, reverse)

def runChallange():
    save = False

    results = getResults()
    reverse = genReverse(results)

    session, website_code = createSession()

    for i in range(100000):
        ## Try to decode with know results
        try:
            ## Generate captcha code
            captcha_code = decode(reverse, website_code)

            save = False
        except:
            ## Not enough results, try to decode the captcha picture

            ## Download image
            downloadImage(session, website_code)

            ## Remove noice out of picture
            im = removeNoice(website_code)

            ## Generate captcha
            captcha_code = pytesseract.image_to_string(im)
            captcha_code = captcha_code if is_ascii(captcha_code) else ""

            save = True

        ## Go to index page
        post = urllib.urlencode({"captcha" : captcha_code, "Submit" : "Submit"})
        response = session.open(URL_INDEX, post)

        data = response.read()
        title = getTitle(data)

        if not "Incorrect solution" in title:
            if not "Solve captchas to get invitation" in title:
                ## New valid captcha found
                if title != "" and save:
                    ## Save result
                    saveResults(website_code, captcha_code)

                    ## Refresh
                    results = getResults()
                    reverse = genReverse(results)

                print("---------------------------------------")
                print("title = {}".format(title))
                print("website_code = {}".format(website_code))
                print("captcha_code = {}".format(captcha_code))
                print("Found reversed = {}/620".format(total(reverse)))
                print("---------------------------------------")

        ## Solved challange! :D
        if "You have proved yourself bot" in title:
            flag = getFlag(title)

            print("Flag = {}".format(flag))
            print("Sha256 = {}".format(sha256(flag)))
            return

        ## Get next website code
        website_code = getWebsiteCode(data)

        ## Debug
        ##print("website_code = {}".format(website_code))

        if website_code == "":
            ## Create new session
            session, website_code = createSession()

def main(argv):
    if "-a" in argv:
        analiseResults()
    else:
        runChallange()

if __name__ == "__main__":
   main(sys.argv[1:])