Scripted HTS Login

Put your programming skills to the test in these challenges.

Re: Scripted HTS Login

Post by WallShadow on Sat Dec 13, 2014 1:28 pm
([msg=85823]see Re: Scripted HTS Login[/msg])

Fuck it, this is now a thread for posting login solutions and etc.

Here's the general perl code i use to login:

Code: Select all
use WWW::Mechanize;

my $mech = WWW::Mechanize->new;
$mech->get('https://www.hackthissite.org/');

$mech->form_number(0);
$mech->field('username', 'WallShadow');
$mech->field('password', 'thisisnotmypassword');
$mech->submit();


From there, solving challenges is a breeze, for example, this is my code for solving prog2:

Code: Select all
my $mech = WWW::Mechanize->new;
$mech->get('https://www.hackthissite.org/');

$mech->form_number(0);
$mech->field('username', 'WallShadow');
$mech->field('password', 'thisisnotmypassword');
$mech->submit();

$mech->get('https://www.hackthissite.org/missions/prog/2/');

$mech->get('https://www.hackthissite.org/missions/prog/2/PNG');
dtf($mech->content, 'prog2.png');
my $soul = decipher_morse(decipher_image('prog2.png'));

print "solution: $soul\n";

$mech->back;

$mech->form_number(0);
$mech->field('solution', $soul);
my $res = $mech->click('submitbutton');



print $1, "\n" if $res->decoded_content =~ /(<div class="dark-td">.{1,100})/;
dtf($res->decoded_content);
User avatar
WallShadow
Contributor
Contributor
 
Posts: 686
Joined: Tue Mar 06, 2012 9:37 pm
Blog: View Blog (0)


Re: Scripted HTS Login

Post by tremor77 on Sat Dec 13, 2014 9:13 pm
([msg=85829]see Re: Scripted HTS Login[/msg])

pretentious wrote:I'm waiting for someone to upload python code so I can pass programming 11 XD


The PHP i posted was what I used to pass 11, should be easy enough to convert for python.
User avatar
tremor77
Addict
Addict
 
Posts: 1098
Joined: Wed Mar 31, 2010 12:00 pm
Location: New York
Blog: View Blog (0)


Re: Scripted HTS Login

Post by QtDevl on Sun Dec 14, 2014 9:19 am
([msg=85838]see Re: Scripted HTS Login[/msg])

cyberdrain wrote:Wait, you created shell code for logging in? Sure, post away :)


Yup,

Code: Select all
#!/bin/bash
USERNAME=""
PASSWORD=""
SOLUTION=""
wget -q -O http://www.hackthissite.org/user/login --post-data="username=$USERNAME&password=$PASSWORD&btn_submit=Login" --save-cookies=.cookies.txt --keep-session-cookies --referer http://www.hackthissite.org/
wget -q -O - PROG_MISSION_HERE --load-cookies=.cookies.txt --keep-session-cookies --referer http://www.hackthissite.org/missions/programming/ > mission_data.txt

#do stuff with mission_data

wget -q -O - PROG_MISSION_HERE --post-data="solution=$SOLUTION"  --load-cookies=.cookies.txt --keep-session-cookies --referer http://www.hackthissite.org/missions/prog/XX/ > result.txt


For example for prog6, it was easier/faster/whatever for me to read the array data from javascript like this ( grep, cut, done!)
then simply pass it to a java prog that did the processing.
If freedom is outlawed, only outlaws will have freedom...
QtDevl
New User
New User
 
Posts: 40
Joined: Sat May 17, 2008 3:50 pm
Location: my own world
Blog: View Blog (0)


Re: Scripted HTS Login

Post by cyberdrain on Sun Dec 14, 2014 6:59 pm
([msg=85843]see Re: Scripted HTS Login[/msg])

Ah, that's a bit different than what I expected. I thought you created custom shell code in assembly for use in a binary exploit, now that would've been cool. Still, it's a nice solution. One question: why don't you pipe the mission data directly into the program you're using to analyze the data?
Free your mind / Think clearly
User avatar
cyberdrain
Expert
Expert
 
Posts: 2160
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: Scripted HTS Login

Post by QtDevl on Mon Dec 15, 2014 3:28 am
([msg=85848]see Re: Scripted HTS Login[/msg])

cyberdrain wrote: I thought you created custom shell code in assembly for use in a binary exploit, now that would've been cool.

Oh god no... binary shell code that I have to inject in a random executable just to login? that makes no sense, I mean it would be cool but it would be just an over complication

cyberdrain wrote:One question: why don't you pipe the mission data directly into the program you're using to analyze the data?


To be honest, with prog 6 I've done the analysis in java because I've already worked with graphical libraries and ocr BUT since java does not like client side scripts that much, you'd have to do the same thing in java as with the shell script ( download page, some regex to get data, process ), I've already had the shell script from another challenge ready so I was just lazy and used that. Prog6 took me 4 days( the longest ) so I just wanted to be over with it.
For most of the other apps I have login both in java and c#.
If freedom is outlawed, only outlaws will have freedom...
QtDevl
New User
New User
 
Posts: 40
Joined: Sat May 17, 2008 3:50 pm
Location: my own world
Blog: View Blog (0)


Previous

Return to Programming

Who is online

Users browsing this forum: No registered users and 0 guests