From 505c1b5c7c530fb14d04c18386c1ef8d60036667 Mon Sep 17 00:00:00 2001 From: SirGankalot <73303677+SirGankalot@users.noreply.github.com> Date: Sun, 16 Jun 2024 12:42:08 +0200 Subject: [PATCH] Plan now change back from session to client -> -.- --- checker/src/checker.py | 345 ++++++++++++++++++++++++------- checker/src/checker_util_func.py | 154 +++++++------- 2 files changed, 354 insertions(+), 145 deletions(-) diff --git a/checker/src/checker.py b/checker/src/checker.py index bf5cd3a..cea4ed8 100644 --- a/checker/src/checker.py +++ b/checker/src/checker.py @@ -11,7 +11,8 @@ from bs4 import BeautifulSoup import re import datetime - +from requests import Session +from requests.exceptions import ConnectionError, Timeout import checker_util_func from Crypto.Cipher import AES @@ -47,8 +48,6 @@ checker = Enochecker("whatsscam", 9696) def app(): return checker.app - - """ CHECKER FUNCTIONS 0 """ @@ -56,37 +55,61 @@ def app(): return checker.app async def putflag_test( task: PutflagCheckerTaskMessage, db: ChainDB, - client: AsyncClient, logger: LoggerAdapter, ) -> None: - start = datetime.datetime.now() + client = Session() + address = "http://" + task.address + ":" + str(SERVICE_PORT) + try: - email_1, password1_1 = await checker_util_func.create_user(client, logger, public_key='on') - except: - print("time taken: ", datetime.datetime.now() - start) + #new + email_1, password1_1 = await checker_util_func.create_user(client, logger, public_key='on', address = address) + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") + except Exception: raise MumbleException("Could not create user 1") try: - await checker_util_func.logout(client, logger) + #new + await checker_util_func.logout(client, logger, address = address) + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not logout") try: - email_2, password1_2 = await checker_util_func.create_user(client, logger, public_key= None) + #new + email_2, password1_2 = await checker_util_func.create_user(client, logger, public_key= None, address = address) + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not create user 2") try: - public_key = await checker_util_func.get_user_of_userlist( client, logger, email = email_1) + #new + public_key = await checker_util_func.get_user_of_userlist( client, logger, email = email_1, address = address) + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not get public key") note = str(task.flag) try: - await checker_util_func.create_note(client, logger, note, public_key) - + #new + await checker_util_func.create_note(client, logger, note, public_key, address = address) + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not create note") @@ -102,22 +125,30 @@ async def putflag_test( async def getflag_test( task: GetflagCheckerTaskMessage, db: ChainDB, - client: AsyncClient, logger: LoggerAdapter, ) -> None: - + client = Session() + address = "http://" + task.address + ":" + str(SERVICE_PORT) try: email, password = await db.get("user_data_0") except KeyError: raise MumbleException("Missing database entry from putflag") try: - await checker_util_func.login_user(client, logger, email, password) + await checker_util_func.login_user(client, logger, email, password, address = address) + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not login user") try: - await checker_util_func.get_note( client, logger, note = str(task.flag)) + await checker_util_func.get_note( client, logger, note = str(task.flag), address = address) + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not get note") @@ -127,10 +158,11 @@ async def getflag_test( async def exploit_test( task: ExploitCheckerTaskMessage, db: ChainDB, - client: AsyncClient, logger: LoggerAdapter, searcher: FlagSearcher, ) -> None: + client = Session() + address = "http://" + task.address + ":" + str(SERVICE_PORT) if "@example.com" in task.attack_info: logger.info("attack_info is good") else: @@ -139,30 +171,50 @@ async def exploit_test( target_email = task.attack_info try: - email_attacker, password = await checker_util_func.create_user(client, logger, public_key= None) + email_attacker, password = await checker_util_func.create_user(client, logger, public_key= None, address = address) + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not create user 3") try: - public_key = await checker_util_func.get_user_of_userlist(client, logger, email = target_email) + public_key = await checker_util_func.get_user_of_userlist(client, logger, email = target_email, address = address) + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not get public key") try: public_key = checker_util_func.format_rsa_public_key(public_key) + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not format public key") key = rsa.PublicKey.load_pkcs1(public_key.encode()) try: private_key = checker_util_func.expprime(key) + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not create private key") private_key = private_key.save_pkcs1().decode() try: - get_all_notes = await checker_util_func.get_all_notes(client, logger) + get_all_notes = await checker_util_func.get_all_notes(client, logger, address = address) + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not get all notes") @@ -188,33 +240,50 @@ async def exploit_test( @checker.putnoise(0) async def putnoise0( task: PutnoiseCheckerTaskMessage, - db: ChainDB, - client: AsyncClient, + db: ChainDB, logger: LoggerAdapter ) -> None: - + client = Session() + address = "http://" + task.address + ":" + str(SERVICE_PORT) start = datetime.datetime.now() try: - email_1, password1_1 = await checker_util_func.create_user(client, logger, public_key='on') + email_1, password1_1 = await checker_util_func.create_user(client, logger, public_key='on', address = address) + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: - print("time taken: ", datetime.datetime.now() - start) raise MumbleException("Could not create user 1") try: - private_key = await checker_util_func.get_private_key(client, logger) + private_key = await checker_util_func.get_private_key(client, logger, address = address) + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not get private key") try: - await checker_util_func.logout(client, logger) + await checker_util_func.logout(client, logger, address = address) + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not logout") - try: - email_2, password1_2 = await checker_util_func.create_user(client, logger, public_key=None) + email_2, password1_2 = await checker_util_func.create_user(client, logger, public_key=None, address = address) + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not create user 2") - try: - public_key = await checker_util_func.get_user_of_userlist(client, logger, email = email_1) + public_key = await checker_util_func.get_user_of_userlist(client, logger, email = email_1, address = address) + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not get public key") @@ -222,65 +291,95 @@ async def putnoise0( randomNumber = random.randint(10, 1000) randomNote = "".join(random.choices(string.ascii_letters + string.digits, k=randomNumber)) try: - await checker_util_func.create_note(client, logger, randomNote, public_key) + await checker_util_func.create_note(client, logger, randomNote, public_key, address = address) + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not create note") - try: - time = await checker_util_func.get_note_time(client, logger, note = randomNote, dir = "/") + time = await checker_util_func.get_note_time(client, logger, note = randomNote, dir = address + "/", address = address) if time == None: raise MumbleException("Could not get note time") + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not get note time") - - - try: await db.set("user_data_0_noise", (email_2, password1_2, randomNote, time, private_key)) except: raise MumbleException("Could not set userdata") + @checker.getnoise(0) async def getnoise0( task: GetnoiseCheckerTaskMessage, db: ChainDB, - client: AsyncClient, logger: LoggerAdapter, ) -> None: + client = Session() + address = "http://" + task.address + ":" + str(SERVICE_PORT) try: email, password, Note, time, private_key = await db.get("user_data_0_noise") except KeyError: raise MumbleException("Missing database entry from putflag") try: - await checker_util_func.login_user(client, logger, email, password) + await checker_util_func.login_user(client, logger, email, password, address = address) + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not login user") try: - await checker_util_func.get_note(client, logger, note = str(Note)) + await checker_util_func.get_note(client, logger, note = str(Note), address = address) + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not get note") try: - await checker_util_func.logout(client, logger) + await checker_util_func.logout(client, logger, address = address) + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not logout") try: - await checker_util_func.create_user(client, logger, public_key=None) + await checker_util_func.create_user(client, logger, public_key=None, address = address) + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not create user") try: - boolean = await checker_util_func.time_correct(client, logger, time, dir = "/") + boolean = await checker_util_func.time_correct(client, logger, time, dir = "/", address = address) if not boolean: raise MumbleException("Time is not correct or encrypted note is not there") + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not check time") try: - boolean = await checker_util_func.try_private_key(client, logger, private_key, str(Note)) + boolean = await checker_util_func.try_private_key(client, logger, private_key, str(Note), address = address) if not boolean: raise MumbleException("Could not use private key") + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not use private key") @@ -292,23 +391,35 @@ async def getnoise0( @checker.putflag(1) async def putflag_test_1( task: PutflagCheckerTaskMessage, - client: AsyncClient, db: ChainDB, logger: LoggerAdapter, ) -> None: + client = Session() + address = "http://" + task.address + ":" + str(SERVICE_PORT) try: - email_1, password1_1 = await checker_util_func.create_user(client, logger, public_key=None) + email_1, password1_1 = await checker_util_func.create_user(client, logger, public_key=None, address = address) + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not create user 1") - for i in range(0, 2): - try: - group_name, group_key, redirect_url = await checker_util_func.create_group(client, logger) - break - except: - pass + try: + group_name, group_key, redirect_url = await checker_util_func.create_group(client, logger, address = address) + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") + except: + raise MumbleException("Could not create group") + group_id = str(redirect_url).split('/')[-1] try: - await checker_util_func.create_group_note(client, logger, note = task.flag, redirect_url = redirect_url) + await checker_util_func.create_group_note(client, logger, note = task.flag, redirect_url = redirect_url, address = address) + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not create group note") try: @@ -326,20 +437,34 @@ async def getflag_test_1( db: ChainDB, logger: LoggerAdapter, ) -> None: + client = Session() + address = "http://" + task.address + ":" + str(SERVICE_PORT) try: group_name, group_key, group_id = await db.get("group_data_1") except KeyError: raise MumbleException("Missing database entry from putflag") try: - await checker_util_func.create_user(client, logger, public_key=None) + await checker_util_func.create_user(client, logger, public_key=None, address = address) + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not create user") try: - await checker_util_func.join_group(client, logger, group_name, group_key, group_id) + await checker_util_func.join_group(client, logger, group_name, group_key, group_id, address = address) + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not join group") try: - await checker_util_func.get_group_note(client, logger, group_name, group_key, group_id, note = task.flag) + await checker_util_func.get_group_note(client, logger, group_name, group_key, group_id, note = task.flag, address = address) + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not get group note") @@ -351,6 +476,8 @@ async def exploit_test_1( logger: LoggerAdapter, searcher: FlagSearcher, ) -> None: + client = Session() + address = "http://" + task.address + ":" + str(SERVICE_PORT) if "@example.com" not in task.attack_info: logger.info("attack_info is good") else: @@ -358,11 +485,19 @@ async def exploit_test_1( target_email = task.attack_info try: - email_attacker, password = await checker_util_func.create_user(client, logger, public_key= None) + email_attacker, password = await checker_util_func.create_user(client, logger, public_key= None, address = address) + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not create user 3") try: - response = await checker_util_func.open_group_window(client, logger, task.attack_info) + response = await checker_util_func.open_group_window(client, logger, task.attack_info, address = address) + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not open group window") @@ -377,7 +512,11 @@ async def exploit_test_1( time = li[2] seed = str(int(time.split(":")[0]) + 2) + time.split(":")[1] try: - flag = await checker_util_func.exploit2(client, logger, cipher, str(seed), searcher) + flag = await checker_util_func.exploit2(client, logger, cipher, str(seed), searcher, address = address) + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not exploit") @@ -390,12 +529,18 @@ async def putnoise1( client: AsyncClient, logger: LoggerAdapter ) -> None: + client = Session() + address = "http://" + task.address + ":" + str(SERVICE_PORT) try: - email_1, password1_1 = await checker_util_func.create_user(client, logger, public_key=None) + email_1, password1_1 = await checker_util_func.create_user(client, logger, public_key=None, address = address) + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not create user 1") try: - group_name, group_key, redirect_url = await checker_util_func.create_group(client, logger) + group_name, group_key, redirect_url = await checker_util_func.create_group(client, logger, address = address) except: pass group_id = str(redirect_url).split('/')[-1] @@ -405,11 +550,19 @@ async def putnoise1( randomNumber = random.randint(10, 1000) randomNote = "".join(random.choices(string.ascii_letters + string.digits, k=randomNumber)) try: - await checker_util_func.create_group_note( client, logger, note = randomNote, redirect_url = redirect_url) + await checker_util_func.create_group_note( client, logger, note = randomNote, redirect_url = redirect_url, address = address) + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not create group note") try: - time_db = await checker_util_func.get_note_time(client, logger, note = randomNote, dir= redirect_url) + time_db = await checker_util_func.get_note_time(client, logger, note = randomNote, dir= redirect_url, address = address) + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not get note time") @@ -438,6 +591,8 @@ async def getnoise1( client: AsyncClient, logger: LoggerAdapter, ) -> None: + client = Session() + address = "http://" + task.address + ":" + str(SERVICE_PORT) try: #group_name, group_key, group_id, randomNote, time, key, nonce = await db.get("group_data_1_noise") group_name, group_key, group_id, randomNote, time = await db.get("group_data_1_noise") @@ -445,33 +600,57 @@ async def getnoise1( raise MumbleException("Missing database entry from putflag") try: - await checker_util_func.create_user(client, logger, public_key=None) + await checker_util_func.create_user(client, logger, public_key=None, address = address) + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not create user") try: - await checker_util_func.join_group(client, logger, group_name, group_key, group_id) + await checker_util_func.join_group(client, logger, group_name, group_key, group_id, address = address) + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not join group") try: - await checker_util_func.get_group_note(client, logger, group_name, group_key, group_id, note = randomNote) + await checker_util_func.get_group_note(client, logger, group_name, group_key, group_id, note = randomNote, address = address) + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not get group note") try: - await checker_util_func.logout(client, logger) + await checker_util_func.logout(client, logger, address = address) + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not logout") try: - await checker_util_func.create_user(client, logger, public_key=None) + await checker_util_func.create_user(client, logger, public_key=None, address = address) + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not create user") try: url = "/creategroup/" + group_id - boolean = await checker_util_func.time_correct(client, logger, time, dir = url) + boolean = await checker_util_func.time_correct(client, logger, time, dir = url, address = address) if not boolean: raise MumbleException("Time is not correct or encrypted note is not there") + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not check time") @@ -500,21 +679,39 @@ async def havoc_0( client: AsyncClient, logger: LoggerAdapter, ) -> None: + client = Session() + address = "http://" + task.address + ":" + str(SERVICE_PORT) try: - email_1, password1_1 = await checker_util_func.create_user(client, logger, public_key=None) + email_1, password1_1 = await checker_util_func.create_user(client, logger, public_key=None, address = address) + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not create user 1") try: - response = await checker_util_func.profile(client, logger) + response = await checker_util_func.profile(client, logger, address = address) + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not get profile") try: status = ''.join(random.choices(string.ascii_letters + string.digits, k=10)) - await checker_util_func.profile_change_status(client, logger, status) + await checker_util_func.profile_change_status(client, logger, status, address = address) + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not change status") try: - checker_util_func.profile_get_private_key(client, logger) + await checker_util_func.profile_get_private_key(client, logger, address = address) + except ConnectionError: + raise OfflineException("Failed to connect") + except Timeout: + raise OfflineException("The request timed out") except: raise MumbleException("Could not get private key") diff --git a/checker/src/checker_util_func.py b/checker/src/checker_util_func.py index cddbc3b..0680810 100644 --- a/checker/src/checker_util_func.py +++ b/checker/src/checker_util_func.py @@ -16,7 +16,7 @@ import datetime import rsa import math - +from requests import Session from Crypto.Cipher import AES import checker_util_func @@ -45,8 +45,6 @@ ) from enochecker3.utils import assert_equals, assert_in - - #util functions def parse(note): note = [n.strip() for n in note.split('\n')] @@ -63,9 +61,10 @@ def parse(note): #havoc checked async def create_user( - client: AsyncClient, + client: Session, logger: LoggerAdapter, - public_key: Optional[str] = None, + public_key: Optional[str] = None, + address: Optional[str] = None, ) -> None: # For later documentation this seed has to be set random because of threading issues from checker exploit 0 and 1 which generate the same email if seed is used normaly (seed exploit?) @@ -77,8 +76,8 @@ async def create_user( logger.info(f"Creating user with email: {email} firstName: {firstName} password1: {password1} password2: {password2}") logger.info(f"public_key on?: {public_key}") - response = await client.post( - "/sign-up", + response = client.post( + address + "/sign-up", data={ "email": email, "firstName": firstName, @@ -86,7 +85,7 @@ async def create_user( "password1": password1, "password2": password2, }, - follow_redirects=True, + allow_redirects=True, #timeout=3.0, #standard timeout 5.0 ) @@ -98,17 +97,18 @@ async def create_user( #havoc checked async def login_user( - client: AsyncClient, + client: Session, logger: LoggerAdapter, email: str, password: str, + address: Optional[str] = None, ) -> None: logger.info(f"Logging in with email: {email} password: {password}") - response = await client.post( - "/login", + response = client.post( + address + "/login", data={"email": email, "password": password}, - follow_redirects=True, + allow_redirects=True, ) logger.info(f"Server answered: {response.status_code} - {response.text}") @@ -116,17 +116,18 @@ async def login_user( #havoc checked async def create_note( - client: AsyncClient, + client: Session, logger: LoggerAdapter, note: str, public_key: str, + address: Optional[str] = None, ) -> None: logger.info(f"Creating note: {note} with public key: {public_key}") - response = await client.post( - "/", + response = client.post( + address + "/", data={"note": note, "public_key": public_key}, - follow_redirects=True, + allow_redirects=True, ) logger.info(f"Server answered: {response.status_code} - {response.text}") @@ -134,13 +135,14 @@ async def create_note( #havoc checked async def get_note( - client: AsyncClient, + client: Session, logger: LoggerAdapter, note: str, + address: Optional[str] = None, ) -> None: logger.info(f"Getting note") - response = await client.get(f"/", follow_redirects=True) + response = client.get(address + "/", allow_redirects=True) logger.info(f"Server answered: {response.status_code} - {response.text}") assert_equals(100 < response.status_code < 300, True, "Getting note failed") @@ -149,24 +151,26 @@ async def get_note( #havoc checked async def logout( - client: AsyncClient, + client: Session, logger: LoggerAdapter, + address: Optional[str] = None, ) -> None: logger.info(f"Logging out") - response = await client.get("/logout", follow_redirects=True)# change to get if error + response = client.get(address + "/logout", allow_redirects=True)# change to get if error logger.info(f"Server answered: {response.status_code} - {response.text}") assert_equals(100 < response.status_code < 300, True, "Logging out failed") #havoc checked async def get_user_of_userlist( - client: AsyncClient, + client: Session, logger: LoggerAdapter, - email: str, + email: str, + address: Optional[str] = None, ) -> None: logger.info(f"Getting user of userlist") - response = await client.get("/userlist", follow_redirects=True) + response = client.get(address + "/userlist", allow_redirects=True) logger.info(f"Server answered: {response.status_code} - {response.text}") assert_equals(100 < response.status_code < 300, True, "Getting user of userlist failed") @@ -182,12 +186,13 @@ async def get_user_of_userlist( #havoc checked async def get_all_notes( - client: AsyncClient, + client: Session, logger: LoggerAdapter, + address: Optional[str] = None, ) -> None: logger.info(f"Getting all notes") - response = await client.get("/", follow_redirects=True) + response = client.get(address + "/", allow_redirects=True) logger.info(f"Server answered: {response.status_code} - {response.text}") assert_equals(100 < response.status_code < 300, True, "Getting all notes failed") @@ -197,14 +202,15 @@ async def get_all_notes( #checked async def get_note_time( - client: AsyncClient, + client: Session, logger: LoggerAdapter, note: str, dir: str, + address: Optional[str] = None, ) -> None: logger.info(f"Getting note time") - response = await client.get(dir, follow_redirects=True) + response = client.get(dir, allow_redirects=True) logger.info(f"Server answered: {response.status_code} - {response.text}") assert_equals(100 < response.status_code < 300, True, "Getting note time failed") @@ -218,14 +224,15 @@ async def get_note_time( #checked async def time_correct( - client: AsyncClient, + client: Session, logger: LoggerAdapter, time: str, dir: str, + address: Optional[str] = None, ) -> None: logger.info(f"Checking time") - response = await client.get(dir, follow_redirects=True) + response = client.get(address + dir, allow_redirects=True) logger.info(f"Server answered: {response.status_code} - {response.text}") assert_equals(100 < response.status_code < 300, True, "Checking time failed") @@ -240,12 +247,13 @@ async def time_correct( #checked async def get_private_key( - client: AsyncClient, + client: Session, logger: LoggerAdapter, + address: Optional[str] = None, ) -> str: logger.info(f"Getting private key") - response = await client.get("/profil", follow_redirects=True) + response = client.get(address + "/profil", allow_redirects=True) logger.info(f"Server answered: {response.status_code} - {response.text}") assert_equals(100 < response.status_code < 300, True, "Getting private key failed") @@ -258,14 +266,15 @@ async def get_private_key( #checked async def try_private_key( - client: AsyncClient, + client: Session, logger: LoggerAdapter, private_key: str, note: str, + address: Optional[str] = None, ) -> None: logger.info(f"Getting note time") - response = await client.get(f"/", follow_redirects=True) + response = client.get(address + "/", allow_redirects=True) logger.info(f"Server answered: {response.status_code} - {response.text}") assert_equals(100 < response.status_code < 300, True, "Getting note time failed") @@ -317,7 +326,7 @@ def expprime(publickey): n = publickey.n e = publickey.e p = math.isqrt(n + 4)-2 - q = p + 4 + q = p + 6 # Calculate private exponent d = rsa.common.inverse(e, (p-1)*(q-1)) @@ -329,8 +338,9 @@ def expprime(publickey): # 2 exploit here async def create_group( - client: AsyncClient, + client: Session, logger: LoggerAdapter, + address: Optional[str] = None, ) -> None: random.seed(random.SystemRandom().random()) group_name = ''.join(random.choice(string.ascii_lowercase) for _ in range(10)) @@ -338,10 +348,10 @@ async def create_group( group_key = ''.join(random.choice(string.ascii_lowercase) for _ in range(10)) logger.info(f"Creating group with key: {group_key}") - response = await client.post( - "/creategroup", + response = client.post( + address + "/creategroup", data={"group_name": group_name, "group_key": group_key, "add_group": "add_group"}, - follow_redirects=True, + allow_redirects=True, ) redirect_url = response.url @@ -353,50 +363,53 @@ async def create_group( return group_name, group_key, redirect_url async def create_group_note( - client: AsyncClient, + client: Session, logger: LoggerAdapter, note: str, redirect_url: str, + address: Optional[str] = None, ) -> None: logger.info(f"Creating note: {note}") - response = await client.post( + response = client.post( redirect_url, data={"note_of_group": note}, - follow_redirects=True, + allow_redirects=True, ) logger.info(f"Server answered: {response.status_code} - {response.text}") assert_equals(100 < response.status_code < 300, True, "Creating note failed") async def join_group( - client: AsyncClient, + client: Session, logger: LoggerAdapter, group_name: str, group_key: str, group_id: str, + address: Optional[str] = None, ) -> None: logger.info(f"Getting group note") - response = await client.post( - "/creategroup", + response = client.post( + address + "/creategroup", data={"group_key_join_" + str(group_id): group_key, "join_group": group_id}, - follow_redirects=True, + allow_redirects=True, ) logger.info(f"Server answered: {response.status_code} - {response.text}") assert_equals(100 < response.status_code < 300, True, "Getting group note failed") async def get_group_note( - client: AsyncClient, + client: Session, logger: LoggerAdapter, group_name: str, group_key: str, group_id: str, note: str, + address: Optional[str] = None, ) -> None: logger.info(f"Getting group note") - response = await client.get("/creategroup/" + str(group_id), follow_redirects=True) + response = client.get(address + "/creategroup/" + str(group_id), allow_redirects=True) logger.info(f"Server answered: {response.status_code} - {response.text}") assert_equals(100 < response.status_code < 300, True, "Getting group note failed") @@ -405,12 +418,13 @@ async def get_group_note( assert_in(note, soup.text, "Getting group note failed") async def open_group_window( - client: AsyncClient, + client: Session, logger: LoggerAdapter, group_id: str, + address: Optional[str] = None, ) -> None: logger.info(f"Opening group window") - response = await client.get("/creategroup/" + str(group_id), follow_redirects=True) + response = client.get(address + "/creategroup/" + str(group_id), allow_redirects=True) logger.info(f"Server answered: {response.status_code} - {response.text}") assert_equals(100 < response.status_code < 300, True, "Opening group window failed") @@ -436,11 +450,12 @@ def insecure_aes_decrypt(ciphertext, seed): return plaintext async def exploit2( - client: AsyncClient, + client: Session, logger: LoggerAdapter, cipher: str, seed: str, searcher: FlagSearcher, + address: Optional[str] = None, ) -> None: for hour in range(24): for minute in range(60): @@ -456,13 +471,14 @@ async def exploit2( #not checked async def decrypt_aes( - client: AsyncClient, + client: Session, logger: LoggerAdapter, cipher: str, key: str, nonce: str, randomNote: str, response: str, + address: Optional[str] = None, ) -> bool: try: soup = BeautifulSoup(response.text, "html.parser") @@ -494,14 +510,15 @@ async def decrypt_aes( #here havoc helper functions async def profile( - client: AsyncClient, + client: Session, logger: LoggerAdapter, + address: Optional[str] = None, ) -> None: logger.info(f"Changing profile") - response = await client.get( - "/profil", - follow_redirects=True, + response = client.get( + address + "/profil", + allow_redirects=True, ) logger.info(f"Server answered: {response.status_code} - {response.text}") @@ -509,40 +526,35 @@ async def profile( return response async def profile_change_status( - client: AsyncClient, + client: Session, logger: LoggerAdapter, status: str, + address: Optional[str] = None, ) -> None: logger.info(f"Changing profile status") - response = await client.post( - "/profil", + response = client.post( + address + "/profil", data={"status": status}, - follow_redirects=True, + allow_redirects=True, ) logger.info(f"Server answered: {response.status_code} - {response.text}") assert_equals(100 < response.status_code < 300, True, "Changing profile status failed") async def profile_get_private_key( - client: AsyncClient, + client: Session, logger: LoggerAdapter, + address: Optional[str] = None, ) -> None: logger.info(f"Getting private key") - response = await client.post( - "/profil", + response = client.post( + address + "/profil", data={"public_key": "on"}, - follow_redirects=True, + allow_redirects=True, ) logger.info(f"Server answered: {response.status_code} - {response.text}") assert_equals(100 < response.status_code < 300, True, "Getting private key failed") - return response - - - - - - - \ No newline at end of file + return response \ No newline at end of file