diff --git a/web-security/level-10/victim b/web-security/level-10/victim
index 349c570..2cb80d2 100755
--- a/web-security/level-10/victim
+++ b/web-security/level-10/victim
@@ -30,18 +30,21 @@ open_ports = { s.laddr.port for s in psutil.net_connections(kind="inet") if s.st
if 80 in open_ports:
print("Port 80 is open. Will connect to the service there.")
challenge_url = "http://challenge.localhost:80/"
- password = open("/flag").read().strip()
+ flag = open("/flag").read().strip()
elif 8080 in open_ports:
- print("Port 8080 is open. Will connect to the service there.")
+ print("Port 8080 is open. Will connect to the service there. 8080 is the debug port, so you will earn a fake flag.")
challenge_url = "http://challenge.localhost:8080/"
- password = "pwn.college{fake_flag}"
+ flag = "pwn.college{fake_flag}"
+else:
+ print("Services don't seem to be running?")
+ sys.exit(1)
-print("Visiting http://challenge.localhost/")
-browser.get("http://challenge.localhost")
+print(f"Visiting {challenge_url}")
+browser.get(challenge_url)
print("Logging in as admin...")
browser.find_element(By.NAME, "username").send_keys("admin")
-browser.find_element(By.NAME, "password").send_keys(password)
+browser.find_element(By.NAME, "password").send_keys(flag)
browser.find_element(By.NAME, "submit").submit()
time.sleep(5)
diff --git a/web-security/level-11/victim b/web-security/level-11/victim
index 5a92ee3..584ac4b 100755
--- a/web-security/level-11/victim
+++ b/web-security/level-11/victim
@@ -1,7 +1,8 @@
#!/opt/pwn.college/python
-import contextlib
+import psutil
import urllib
+import atexit
import time
import sys
import os
@@ -9,7 +10,7 @@ import os
from selenium import webdriver
from selenium.webdriver.firefox.options import Options as FirefoxOptions
from selenium.webdriver.firefox.service import Service as FirefoxService
-from selenium.webdriver.common.by import By
+from selenium.webdriver.common.by import By
from selenium.webdriver.support.wait import WebDriverWait
from selenium.webdriver.support import expected_conditions as EC
from selenium.common.exceptions import TimeoutException, WebDriverException
@@ -18,60 +19,38 @@ os.setuid(os.geteuid())
os.environ.clear()
os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
-@contextlib.contextmanager
-def run_browser():
- options = FirefoxOptions()
- options.add_argument("--headless")
-
- # workaround for ubuntu
- if os.path.exists("/snap/bin/geckodriver"):
- service = FirefoxService(executable_path="/snap/bin/geckodriver", log_path="/dev/null")
- else:
- service = FirefoxService(log_path="/dev/null")
- driver = webdriver.Firefox(service=service, options=options)
-
- try:
- yield driver
- finally:
- driver.quit()
-
-if len(sys.argv) <= 1:
- print(f"Usage: {sys.argv[0]} URL")
+options = FirefoxOptions()
+options.add_argument("--headless")
+service = FirefoxService(log_path="/dev/null")
+
+browser = webdriver.Firefox(service=service, options=options)
+atexit.register(browser.quit)
+
+open_ports = { s.laddr.port for s in psutil.net_connections(kind="inet") if s.status == 'LISTEN' }
+if 80 in open_ports:
+ print("Port 80 is open. Will connect to the service there.")
+ challenge_url = "http://challenge.localhost:80/"
+ flag = open("/flag").read().strip()
+elif 8080 in open_ports:
+ print("Port 8080 is open. Will connect to the service there. 8080 is the debug port, so you will earn a fake flag.")
+ challenge_url = "http://challenge.localhost:8080/"
+ flag = "pwn.college{fake_flag}"
+else:
+ print("Services don't seem to be running?")
sys.exit(1)
-with run_browser() as browser:
- try:
- print("First logging in as admin to http://challenge.localhost:80/")
- try:
- port = 80
- browser.get("http://challenge.localhost:80")
- except WebDriverException as e:
- if "can%E2%80%99t%20establish%20a%20connection" not in str(e):
- raise
- print("Port 80 doesn't seem to be listening. Trying http://challenge.localhost:8080/")
- port = 8080
- browser.get("http://challenge.localhost:8080")
+print(f"Visiting {challenge_url}")
+browser.get(challenge_url)
- print("pwnpost loaded!")
- print("Logging in as admin...")
- login = { "username": "admin", "password": open("/flag").read().strip() if port != 8080 else "pwn.college{fake_flag}" }
- for name, value in login.items():
- field = browser.find_element(By.NAME, name)
- field.send_keys(value)
- submit_field = browser.find_element(By.NAME, "submit")
- submit_field.submit()
- WebDriverWait(browser, 10).until(EC.staleness_of(submit_field))
- time.sleep(3)
- print("Logged in!")
+print("Logging in as admin...")
+browser.find_element(By.NAME, "username").send_keys("admin")
+browser.find_element(By.NAME, "password").send_keys(flag)
+browser.find_element(By.NAME, "submit").submit()
+time.sleep(3)
+print("Logged in!")
- print("Visiting the attacker's website (http://hacker.localhost:1337/)...")
- browser.get("http://hacker.localhost:1337/")
- time.sleep(3)
+print("Visiting the attacker's website (http://hacker.localhost:1337/)...")
+browser.get("http://hacker.localhost:1337/")
+time.sleep(3)
- print("Visited! Go check if the attack worked!")
- except WebDriverException as e:
- if "can%E2%80%99t%20establish%20a%20connection" in str(e):
- print("Connection error! Is the server running?")
- else:
- print(f"Failure: {e}...")
- sys.exit(4)
+print("Visited! Go check if the attack worked!")
diff --git a/web-security/level-8/victim b/web-security/level-8/victim
index ad5e7df..aa74ac7 100755
--- a/web-security/level-8/victim
+++ b/web-security/level-8/victim
@@ -1,14 +1,16 @@
#!/opt/pwn.college/python
-import contextlib
+import psutil
import urllib
+import atexit
+import time
import sys
import os
from selenium import webdriver
from selenium.webdriver.firefox.options import Options as FirefoxOptions
from selenium.webdriver.firefox.service import Service as FirefoxService
-from selenium.webdriver.common.by import By
+from selenium.webdriver.common.by import By
from selenium.webdriver.support.wait import WebDriverWait
from selenium.webdriver.support import expected_conditions as EC
from selenium.common.exceptions import TimeoutException, WebDriverException
@@ -17,55 +19,38 @@ os.setuid(os.geteuid())
os.environ.clear()
os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
-@contextlib.contextmanager
-def run_browser():
- options = FirefoxOptions()
- options.add_argument("--headless")
+options = FirefoxOptions()
+options.add_argument("--headless")
+service = FirefoxService(log_path="/dev/null")
- # workaround for ubuntu
- if os.path.exists("/snap/bin/geckodriver"):
- service = FirefoxService(executable_path="/snap/bin/geckodriver", log_path="/dev/null")
- else:
- service = FirefoxService(log_path="/dev/null")
- driver = webdriver.Firefox(service=service, options=options)
+browser = webdriver.Firefox(service=service, options=options)
+atexit.register(browser.quit)
- try:
- yield driver
- finally:
- driver.quit()
-
-if len(sys.argv) <= 1:
+if len(sys.argv) == 1:
print(f"Usage: {sys.argv[0]} URL")
sys.exit(1)
-url = sys.argv[1]
-url_parsed = urllib.parse.urlparse(url)
-try:
- assert url_parsed.hostname == "challenge.localhost", "hostname should be 'challenge.localhost'"
- assert url_parsed.port in {None, 80, 8080}, "port should be 80 or 8080"
-except AssertionError as e:
- print(f"Invalid URL: {e}")
+challenge_url = sys.argv[1]
+url_parsed = urllib.parse.urlparse(challenge_url)
+if url_parsed.hostname != "challenge.localhost":
+ print("Hostname should be 'challenge.localhost'.")
sys.exit(2)
-
-
-print("Visiting the URL!")
-with run_browser() as browser:
- try:
- browser.get(url)
- print("URL loaded...")
- WebDriverWait(browser, 1).until(EC.alert_is_present())
- except TimeoutException:
- print("Failure: JavaScript alert did not trigger...")
- sys.exit(3)
- except WebDriverException as e:
- if "can%E2%80%99t%20establish%20a%20connection" in str(e):
- print("Connection error! Is the service running?")
- else:
- print(f"Failure: {e}...")
- sys.exit(4)
- else:
- if url_parsed.port != 8080:
- print("Alert triggered! Your flag:")
- print(open("/flag").read())
- else:
- print("Alert triggered! Now do it on the real service (port 80)!")
+if url_parsed.port == 8080:
+ print("Will give fake flag for debug port (8080)...")
+ reward = "pwn.college{fake_flag}"
+elif url_parsed.port in {None, 80}:
+ reward = open("/flag").read()
+else:
+ print("Port should be 80 (real service) or 8080 (debug port).")
+ sys.exit(3)
+
+print(f"Visiting {challenge_url}")
+browser.get(challenge_url)
+try:
+ WebDriverWait(browser, 1).until(EC.alert_is_present())
+except TimeoutException:
+ print("Failure: JavaScript alert did not trigger...")
+ sys.exit(3)
+else:
+ print("Alert triggered! Your reward:")
+ print(reward)
diff --git a/web-security/level-9/victim b/web-security/level-9/victim
index b6f0037..aa74ac7 100755
--- a/web-security/level-9/victim
+++ b/web-security/level-9/victim
@@ -1,14 +1,16 @@
#!/opt/pwn.college/python
-import contextlib
+import psutil
import urllib
+import atexit
+import time
import sys
import os
from selenium import webdriver
from selenium.webdriver.firefox.options import Options as FirefoxOptions
from selenium.webdriver.firefox.service import Service as FirefoxService
-from selenium.webdriver.common.by import By
+from selenium.webdriver.common.by import By
from selenium.webdriver.support.wait import WebDriverWait
from selenium.webdriver.support import expected_conditions as EC
from selenium.common.exceptions import TimeoutException, WebDriverException
@@ -17,50 +19,38 @@ os.setuid(os.geteuid())
os.environ.clear()
os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
-@contextlib.contextmanager
-def run_browser():
- options = FirefoxOptions()
- options.add_argument("--headless")
- service = FirefoxService(log_path="/dev/null")
- driver = webdriver.Firefox(service=service, options=options)
+options = FirefoxOptions()
+options.add_argument("--headless")
+service = FirefoxService(log_path="/dev/null")
- try:
- yield driver
- finally:
- driver.quit()
+browser = webdriver.Firefox(service=service, options=options)
+atexit.register(browser.quit)
-if len(sys.argv) <= 1:
+if len(sys.argv) == 1:
print(f"Usage: {sys.argv[0]} URL")
sys.exit(1)
-url = sys.argv[1]
-url_parsed = urllib.parse.urlparse(url)
-try:
- assert url_parsed.hostname == "challenge.localhost", "hostname should be 'challenge.localhost'"
- assert url_parsed.port in {None, 80, 8080}, "port should be 80 or 8080"
-except AssertionError as e:
- print(f"Invalid URL: {e}")
+challenge_url = sys.argv[1]
+url_parsed = urllib.parse.urlparse(challenge_url)
+if url_parsed.hostname != "challenge.localhost":
+ print("Hostname should be 'challenge.localhost'.")
sys.exit(2)
-
-
-print("Visiting the URL!")
-with run_browser() as browser:
- try:
- browser.get(url)
- print("URL loaded...")
- WebDriverWait(browser, 1).until(EC.alert_is_present())
- except TimeoutException:
- print("Failure: JavaScript alert did not trigger...")
- sys.exit(3)
- except WebDriverException as e:
- if "can%E2%80%99t%20establish%20a%20connection" in str(e):
- print("Connection error! Is the service running?")
- else:
- print(f"Failure: {e}...")
- sys.exit(4)
- else:
- if url_parsed.port != 8080:
- print("Alert triggered! Your flag:")
- print(open("/flag").read())
- else:
- print("Alert triggered! Now do it on the real service (port 80)!")
+if url_parsed.port == 8080:
+ print("Will give fake flag for debug port (8080)...")
+ reward = "pwn.college{fake_flag}"
+elif url_parsed.port in {None, 80}:
+ reward = open("/flag").read()
+else:
+ print("Port should be 80 (real service) or 8080 (debug port).")
+ sys.exit(3)
+
+print(f"Visiting {challenge_url}")
+browser.get(challenge_url)
+try:
+ WebDriverWait(browser, 1).until(EC.alert_is_present())
+except TimeoutException:
+ print("Failure: JavaScript alert did not trigger...")
+ sys.exit(3)
+else:
+ print("Alert triggered! Your reward:")
+ print(reward)
diff --git a/web-security/xss-exfil-cookie/victim b/web-security/xss-exfil-cookie/victim
index e54fae6..2cb80d2 100755
--- a/web-security/xss-exfil-cookie/victim
+++ b/web-security/xss-exfil-cookie/victim
@@ -1,7 +1,8 @@
#!/opt/pwn.college/python
-import contextlib
+import psutil
import urllib
+import atexit
import time
import sys
import os
@@ -9,7 +10,7 @@ import os
from selenium import webdriver
from selenium.webdriver.firefox.options import Options as FirefoxOptions
from selenium.webdriver.firefox.service import Service as FirefoxService
-from selenium.webdriver.common.by import By
+from selenium.webdriver.common.by import By
from selenium.webdriver.support.wait import WebDriverWait
from selenium.webdriver.support import expected_conditions as EC
from selenium.common.exceptions import TimeoutException, WebDriverException
@@ -18,60 +19,33 @@ os.setuid(os.geteuid())
os.environ.clear()
os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
-@contextlib.contextmanager
-def run_browser():
- options = FirefoxOptions()
- options.add_argument("--headless")
-
- # workaround for ubuntu
- if os.path.exists("/snap/bin/geckodriver"):
- service = FirefoxService(executable_path="/snap/bin/geckodriver", log_path="/dev/null")
- else:
- service = FirefoxService(log_path="/dev/null")
- driver = webdriver.Firefox(service=service, options=options)
-
- try:
- yield driver
- finally:
- driver.quit()
-
-if len(sys.argv) <= 1:
- print(f"Usage: {sys.argv[0]} URL")
+options = FirefoxOptions()
+options.add_argument("--headless")
+service = FirefoxService(log_path="/dev/null")
+
+browser = webdriver.Firefox(service=service, options=options)
+atexit.register(browser.quit)
+
+open_ports = { s.laddr.port for s in psutil.net_connections(kind="inet") if s.status == 'LISTEN' }
+if 80 in open_ports:
+ print("Port 80 is open. Will connect to the service there.")
+ challenge_url = "http://challenge.localhost:80/"
+ flag = open("/flag").read().strip()
+elif 8080 in open_ports:
+ print("Port 8080 is open. Will connect to the service there. 8080 is the debug port, so you will earn a fake flag.")
+ challenge_url = "http://challenge.localhost:8080/"
+ flag = "pwn.college{fake_flag}"
+else:
+ print("Services don't seem to be running?")
sys.exit(1)
-url = sys.argv[1]
-url_parsed = urllib.parse.urlparse(url)
-try:
- assert url_parsed.hostname == "challenge.localhost", "hostname should be 'challenge.localhost'"
- assert url_parsed.port in {None, 80, 8080}, "port should be 80 or 8080"
-except AssertionError as e:
- print(f"Invalid URL: {e}")
- sys.exit(2)
-
-
-print("Visiting the URL!")
-with run_browser() as browser:
- try:
- browser.get(url)
- print("URL loaded...")
+print(f"Visiting {challenge_url}")
+browser.get(challenge_url)
- print("Logging in as admin...")
- login = {
- "username": "admin",
- "password": (open("/flag").read().strip() if url_parsed.port != 8080 else "pwn.college{fake_flag}")[-10:]
- }
- for name, value in login.items():
- field = browser.find_element(By.NAME, name)
- field.send_keys(value)
- submit_field = browser.find_element(By.NAME, "submit")
- submit_field.submit()
+print("Logging in as admin...")
+browser.find_element(By.NAME, "username").send_keys("admin")
+browser.find_element(By.NAME, "password").send_keys(flag)
+browser.find_element(By.NAME, "submit").submit()
- WebDriverWait(browser, 10).until(EC.staleness_of(submit_field))
- time.sleep(3)
- print("Visited! Go check if the attack worked!")
- except WebDriverException as e:
- if "can%E2%80%99t%20establish%20a%20connection" in str(e):
- print("Connection error! Is the service running?")
- else:
- print(f"Failure: {e}...")
- sys.exit(4)
+time.sleep(5)
+print("Visited! Go check if the attack worked!")
diff --git a/web-security/xss-rf-post/victim b/web-security/xss-rf-post/victim
index 6b034ee..2cb80d2 100755
--- a/web-security/xss-rf-post/victim
+++ b/web-security/xss-rf-post/victim
@@ -1,7 +1,8 @@
#!/opt/pwn.college/python
-import contextlib
+import psutil
import urllib
+import atexit
import time
import sys
import os
@@ -9,7 +10,7 @@ import os
from selenium import webdriver
from selenium.webdriver.firefox.options import Options as FirefoxOptions
from selenium.webdriver.firefox.service import Service as FirefoxService
-from selenium.webdriver.common.by import By
+from selenium.webdriver.common.by import By
from selenium.webdriver.support.wait import WebDriverWait
from selenium.webdriver.support import expected_conditions as EC
from selenium.common.exceptions import TimeoutException, WebDriverException
@@ -18,57 +19,33 @@ os.setuid(os.geteuid())
os.environ.clear()
os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
-@contextlib.contextmanager
-def run_browser():
- options = FirefoxOptions()
- options.add_argument("--headless")
-
- # workaround for ubuntu
- if os.path.exists("/snap/bin/geckodriver"):
- service = FirefoxService(executable_path="/snap/bin/geckodriver", log_path="/dev/null")
- else:
- service = FirefoxService(log_path="/dev/null")
- driver = webdriver.Firefox(service=service, options=options)
-
- try:
- yield driver
- finally:
- driver.quit()
-
-if len(sys.argv) <= 1:
- print(f"Usage: {sys.argv[0]} URL")
+options = FirefoxOptions()
+options.add_argument("--headless")
+service = FirefoxService(log_path="/dev/null")
+
+browser = webdriver.Firefox(service=service, options=options)
+atexit.register(browser.quit)
+
+open_ports = { s.laddr.port for s in psutil.net_connections(kind="inet") if s.status == 'LISTEN' }
+if 80 in open_ports:
+ print("Port 80 is open. Will connect to the service there.")
+ challenge_url = "http://challenge.localhost:80/"
+ flag = open("/flag").read().strip()
+elif 8080 in open_ports:
+ print("Port 8080 is open. Will connect to the service there. 8080 is the debug port, so you will earn a fake flag.")
+ challenge_url = "http://challenge.localhost:8080/"
+ flag = "pwn.college{fake_flag}"
+else:
+ print("Services don't seem to be running?")
sys.exit(1)
-url = sys.argv[1]
-url_parsed = urllib.parse.urlparse(url)
-try:
- assert url_parsed.hostname == "challenge.localhost", "hostname should be 'challenge.localhost'"
- assert url_parsed.port in {None, 80, 8080}, "port should be 80 or 8080"
-except AssertionError as e:
- print(f"Invalid URL: {e}")
- sys.exit(2)
-
-
-print("Visiting the URL!")
-with run_browser() as browser:
- try:
- browser.get(url)
- print("URL loaded...")
+print(f"Visiting {challenge_url}")
+browser.get(challenge_url)
- print("Logging in as admin...")
- login = { "username": "admin", "password": open("/flag").read().strip() if url_parsed.port != 8080 else "pwn.college{fake_flag}" }
- for name, value in login.items():
- field = browser.find_element(By.NAME, name)
- field.send_keys(value)
- submit_field = browser.find_element(By.NAME, "submit")
- submit_field.submit()
+print("Logging in as admin...")
+browser.find_element(By.NAME, "username").send_keys("admin")
+browser.find_element(By.NAME, "password").send_keys(flag)
+browser.find_element(By.NAME, "submit").submit()
- WebDriverWait(browser, 10).until(EC.staleness_of(submit_field))
- time.sleep(3)
- print("Visited! Go check if the attack worked!")
- except WebDriverException as e:
- if "can%E2%80%99t%20establish%20a%20connection" in str(e):
- print("Connection error! Is the service running?")
- else:
- print(f"Failure: {e}...")
- sys.exit(4)
+time.sleep(5)
+print("Visited! Go check if the attack worked!")
diff --git a/web-security/xss-stored-alert/victim b/web-security/xss-stored-alert/victim
index b6f0037..c9c6a80 100755
--- a/web-security/xss-stored-alert/victim
+++ b/web-security/xss-stored-alert/victim
@@ -1,14 +1,16 @@
#!/opt/pwn.college/python
-import contextlib
+import psutil
import urllib
+import atexit
+import time
import sys
import os
from selenium import webdriver
from selenium.webdriver.firefox.options import Options as FirefoxOptions
from selenium.webdriver.firefox.service import Service as FirefoxService
-from selenium.webdriver.common.by import By
+from selenium.webdriver.common.by import By
from selenium.webdriver.support.wait import WebDriverWait
from selenium.webdriver.support import expected_conditions as EC
from selenium.common.exceptions import TimeoutException, WebDriverException
@@ -17,50 +19,33 @@ os.setuid(os.geteuid())
os.environ.clear()
os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
-@contextlib.contextmanager
-def run_browser():
- options = FirefoxOptions()
- options.add_argument("--headless")
- service = FirefoxService(log_path="/dev/null")
- driver = webdriver.Firefox(service=service, options=options)
-
- try:
- yield driver
- finally:
- driver.quit()
-
-if len(sys.argv) <= 1:
- print(f"Usage: {sys.argv[0]} URL")
+options = FirefoxOptions()
+options.add_argument("--headless")
+service = FirefoxService(log_path="/dev/null")
+
+browser = webdriver.Firefox(service=service, options=options)
+atexit.register(browser.quit)
+
+open_ports = { s.laddr.port for s in psutil.net_connections(kind="inet") if s.status == 'LISTEN' }
+if 80 in open_ports:
+ print("Port 80 is open. Will connect to the service there.")
+ challenge_url = "http://challenge.localhost:80/"
+ flag = open("/flag").read().strip()
+elif 8080 in open_ports:
+ print("Port 8080 is open. Will connect to the service there. 8080 is the debug port, so you will earn a fake flag.")
+ challenge_url = "http://challenge.localhost:8080/"
+ flag = "pwn.college{fake_flag}"
+else:
+ print("Services don't seem to be running?")
sys.exit(1)
-url = sys.argv[1]
-url_parsed = urllib.parse.urlparse(url)
+print(f"Visiting {challenge_url}")
+browser.get(challenge_url)
try:
- assert url_parsed.hostname == "challenge.localhost", "hostname should be 'challenge.localhost'"
- assert url_parsed.port in {None, 80, 8080}, "port should be 80 or 8080"
-except AssertionError as e:
- print(f"Invalid URL: {e}")
- sys.exit(2)
-
-
-print("Visiting the URL!")
-with run_browser() as browser:
- try:
- browser.get(url)
- print("URL loaded...")
- WebDriverWait(browser, 1).until(EC.alert_is_present())
- except TimeoutException:
- print("Failure: JavaScript alert did not trigger...")
- sys.exit(3)
- except WebDriverException as e:
- if "can%E2%80%99t%20establish%20a%20connection" in str(e):
- print("Connection error! Is the service running?")
- else:
- print(f"Failure: {e}...")
- sys.exit(4)
- else:
- if url_parsed.port != 8080:
- print("Alert triggered! Your flag:")
- print(open("/flag").read())
- else:
- print("Alert triggered! Now do it on the real service (port 80)!")
+ WebDriverWait(browser, 1).until(EC.alert_is_present())
+except TimeoutException:
+ print("Failure: JavaScript alert did not trigger...")
+ sys.exit(3)
+else:
+ print("Alert triggered! Your reward:")
+ print(flag)
diff --git a/web-security/xss-stored-html/victim b/web-security/xss-stored-html/victim
index e81d455..134af34 100755
--- a/web-security/xss-stored-html/victim
+++ b/web-security/xss-stored-html/victim
@@ -1,32 +1,30 @@
#!/opt/pwn.college/python
import requests
-import urllib
+import psutil
import sys
import re
-url = sys.argv[1]
-url_parsed = urllib.parse.urlparse(url)
-try:
- assert url_parsed.hostname == "challenge.localhost", "hostname should be 'challenge.localhost'"
- assert url_parsed.port in {None, 80, 8080}, "port should be 80 or 8080"
-except AssertionError as e:
- print(f"Invalid URL: {e}")
- sys.exit(2)
-
-if len(sys.argv) <= 1:
- print(f"Usage: {sys.argv[0]} URL")
+open_ports = { s.laddr.port for s in psutil.net_connections(kind="inet") if s.status == 'LISTEN' }
+if 80 in open_ports:
+ print("Port 80 is open. Will connect to the service there.")
+ challenge_url = "http://challenge.localhost:80/"
+ flag = open("/flag").read().strip()
+elif 8080 in open_ports:
+ print("Port 8080 is open. Will connect to the service there.")
+ challenge_url = "http://challenge.localhost:8080/"
+ flag = "pwn.college{fake_flag}"
+else:
+ print("Services don't seem to be running?")
sys.exit(1)
-print("Visiting the URL...")
+print(f"Visiting {challenge_url}...")
try:
- num_inputs = len(re.findall(r"", requests.get(url, timeout=1).text))
+ num_inputs = len(re.findall(r"", requests.get(challenge_url, timeout=1).text))
if num_inputs <= 2:
print("You did not inject an textbox...")
- elif url_parsed.port == 8080:
- print("You got it! Now do it for real (on port 80).")
else:
print("You got it! Here is your flag:")
- print(open("/flag").read())
+ print(flag)
except requests.exceptions.ConnectionError:
print("Connection error... Is the service running?")