This repository has been archived by the owner on Dec 24, 2022. It is now read-only.
/
index.js
91 lines (74 loc) · 2.1 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
const net = require("node:net");
const dns = require("node:dns").promises;
const puppeteer = require("puppeteer");
const FLAG = process.env.FLAG ?? console.log("No flag") ?? process.exit(1);
const PORT = process.env.PORT ?? "8000";
const APP_HOST = process.env.APP_HOST ?? "nginx";
const APP_PORT = process.env.APP_PORT ?? "3000";
const REPORT_HOST = process.env.REPORT_HOST ?? "report";
if (!/^SECCON{[a-zA-Z0-9_]+}$/.test(FLAG)) {
console.log("Bad flag");
process.exit(1);
}
const sleep = async (msec) =>
new Promise((resolve) => setTimeout(resolve, msec));
const visit = async (expr) => {
console.log(`start: ${expr}`);
const browser = await puppeteer.launch({
headless: false,
executablePath: "/usr/bin/google-chrome-stable",
args: ["--no-sandbox"],
});
const context = await browser.createIncognitoBrowserContext();
const url = `http://${APP_HOST}:${APP_PORT}/`;
const page = await context.newPage();
await page.setCookie({
name: "flag",
value: FLAG,
domain: APP_HOST,
path: "/",
httpOnly: true,
});
try {
await page.goto(url, { timeout: 1000 });
await sleep(1 * 1000);
await page.waitForSelector("#expr");
await page.type("#expr", expr);
await page.waitForSelector("#calc");
await page.click("#calc");
await sleep(10 * 1000);
} catch (e) {
console.log(e);
}
await page.close();
await context.close();
await browser.close();
console.log(`end: ${expr}`);
};
const main = async () => {
const reportIp = (await dns.lookup(REPORT_HOST)).address;
const server = net.createServer((socket) => {
if (socket.remoteAddress !== reportIp) {
socket.destroy();
return;
}
socket.first = true;
socket.on("data", async (data) => {
try {
if (!socket.first) return;
socket.first = false;
const expr = data.toString().trim();
socket.write("Received :)");
await visit(expr);
socket.end();
socket.destroy();
} catch (e) {
console.log(e);
}
});
});
server.listen(PORT, "0.0.0.0", () => {
console.log("Started");
});
};
main();