Scripted HTS Login

Put your programming skills to the test in these challenges.

Scripted HTS Login

Post by occamsrzr on Sat Nov 29, 2014 8:52 pm
([msg=85485]see Scripted HTS Login[/msg])

Hey guys,

I did a quick search and didn't find any threads containing this information (live threads that is, there's a dead one from a few years back), so I hope this isn't violating any rules. I'm not giving any answers to any of the missions, so it should be OK.

Anyway, here is some PoSh code I wrote to allow my scripts to login and complete the programming missions. It's just bare-bones right now, but I'll probably be adding a wrapper later to facilitate even more automation. And without further ado:

Code: Select all
[Microsoft.PowerShell.Commands.HtmlWebResponseObject]$WebResponse = Invoke-WebRequest -Uri "https://www.hackthissite.org" -SessionVariable SessionVariable
[System.Net.HttpWebRequest]$WebRequest = [System.Net.HttpWebRequest]([System.Net.WebRequest]::Create("https://www.hackthissite.org/user/login"))

[String]$Username = ""
[String]$Password = ""

[Byte[]]$Body = (New-Object System.Text.ASCIIEncoding).GetBytes("username=$Username&password=$Password&btn_submit=Login")

$WebRequest.ContentLength = $Body.Length
$WebRequest.ContentType = "application/x-www-form-urlencoded"
$WebRequest.CookieContainer = $SessionVariable.Cookies
$WebRequest.Method = "POST"
$WebRequest.Referer = "https://www.hackthissite.org"

[System.IO.Stream]($WebRequest.GetRequestStream()).Write($Body, 0, $Body.Length)
occamsrzr
Experienced User
Experienced User
 
Posts: 60
Joined: Wed Aug 24, 2011 10:28 pm
Blog: View Blog (0)


Re: Scripted HTS Login

Post by cyberdrain on Sun Nov 30, 2014 9:52 am
([msg=85488]see Re: Scripted HTS Login[/msg])

Powershell? I am working on the same thing in Python. I don't do Powershell however :P
Free your mind / Think clearly
User avatar
cyberdrain
Expert
Expert
 
Posts: 2160
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: Scripted HTS Login

Post by centip3de on Mon Dec 01, 2014 2:10 pm
([msg=85543]see Re: Scripted HTS Login[/msg])

As long as they're not spamming our servers with requests, or our forums with posts, then bots are allowed. I did something somewhat similar in C awhile back (automated forum post-checker), actually. Interesting choice to write it in Powershell, as well. Code for mine is here: http://pastebin.com/xnc4hF5F (Don't judge me. I was young and wanted to comment every line)
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -Rick Cook
User avatar
centip3de
Addict
Addict
 
Posts: 1479
Joined: Fri Aug 20, 2010 5:46 pm
Blog: View Blog (0)


Re: Scripted HTS Login

Post by pretentious on Mon Dec 01, 2014 2:20 pm
([msg=85545]see Re: Scripted HTS Login[/msg])

centip3de wrote:Don't judge me. I was young and wanted to comment every line

Code: Select all
int I = 5; // set I to 5

:) hey at least you did comment. Even today I'm not all that dicaplined.
Goatboy wrote:Oh, that's simple. All you need to do is dedicate many years of your life to studying security.

IF you feel like exchanging ASCII arrays, let me know ;)
Can you say brainwashing It's a non stop disco
User avatar
pretentious
Addict
Addict
 
Posts: 1211
Joined: Wed Mar 03, 2010 12:48 am
Blog: View Blog (0)


Re: Scripted HTS Login

Post by cyberdrain on Mon Dec 01, 2014 3:31 pm
([msg=85553]see Re: Scripted HTS Login[/msg])

pretentious wrote:hey at least you did comment. Even today I'm not all that disciplined.

I was going to say, this is centip3de we're talking about here. Then I found out you didn't make that up. :lol:

centip3de wrote:I was young and wanted to comment every line

Well, at least you were persistent there.
Free your mind / Think clearly
User avatar
cyberdrain
Expert
Expert
 
Posts: 2160
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: Scripted HTS Login

Post by tremor77 on Tue Dec 02, 2014 1:10 am
([msg=85563]see Re: Scripted HTS Login[/msg])

I did a deep dive into my saved script crap because this reminded me of something hacked up in PHP once upon a long time ago. I wrote this as a wrapper to automate solving missions, I have no idea if it still works or not, likely now I would use Python to do this sort of thing..

Code: Select all
<?php
// Set your username and password
$uname = "username";
$pwd = "password";
// example target url
$target_url = "http://www.hackthissite.org/missions/prog/11";
// Dont forget to create a "cookie.txt" file
// *********  HOW CURL_GRAB_PAGE WORKS ****************
// $url = page to POST data to
// $ref_url = tell the server which page you came from (referrer spoofing)
// $data = the information being posted
// $login = true will make a clean cookie-file, false will use existing cookie file
// $proxy = proxy data
// $proxystatus = do you use a proxy ? true/false
function curl_grab_page($url,$ref_url,$data,$login,$proxy,$proxystatus){
    if($login == 'true') {
        $fp = fopen("cookie.txt", "w");
        fclose($fp);
    }
    $ch = curl_init();
        curl_setopt($ch, CURLOPT_COOKIEJAR, "cookie.txt");
        curl_setopt($ch, CURLOPT_COOKIEFILE, "cookie.txt");
        curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
        curl_setopt($ch, CURLOPT_TIMEOUT, 40);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
    if ($proxystatus == 'true') {
        curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, TRUE);
        curl_setopt($ch, CURLOPT_PROXY, $proxy);
    }
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_REFERER, $ref_url);
        curl_setopt($ch, CURLOPT_HEADER, TRUE);
        curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
        curl_setopt($ch, CURLOPT_POST, TRUE);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
    ob_start();
    return curl_exec ($ch); // execute the curl command
    ob_end_clean();
    curl_close ($ch);
    unset($ch);
    }

// Use curl_grab_page to just login to HTS - uses credentials defined above, writes successful login to cookie.txt
curl_grab_page("http://www.hackthissite.org/user/login/", "http://www.hackthissite.org/", "username=$uname&password=$pwd", "true", "null", "false");

// Use curl_grab_page to import target page (html source) as a  string. You should already be logged in from the above.
$contents = curl_grab_page("$target_url", "http://www.hackthissite.org/", "", "false", "null", "false");

// Develop your code to analyze the page here


// Your code will have to have an answer, put that answer in $result.
$result = "Some Answer to the challenge goes here";

// Once the mission has been completed post the result using curl_grab_page once again.  Echo results so you can see your success!
echo curl_grab_page("$target_url", "http://www.hackthissite.org/", "solution=$result", "false", "null", "false");
?>


You could easily re-purpose something like this to login and do any number of things. Don't judge me on this code either lol, :roll: it's easily 5+ years old.
User avatar
tremor77
Addict
Addict
 
Posts: 1098
Joined: Wed Mar 31, 2010 12:00 pm
Location: New York
Blog: View Blog (0)


Re: Scripted HTS Login

Post by cyberdrain on Tue Dec 02, 2014 5:33 pm
([msg=85588]see Re: Scripted HTS Login[/msg])

Cool, with this and centip3de's help I can finish my script when I have the time. Thanks guys :)
Free your mind / Think clearly
User avatar
cyberdrain
Expert
Expert
 
Posts: 2160
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: Scripted HTS Login

Post by QtDevl on Fri Dec 12, 2014 4:44 am
([msg=85805]see Re: Scripted HTS Login[/msg])

If anyone is interested I can post my code for the login part.
I have java, c# and shell script code available( I like to use whatever is easier and/or faster for the task :P ).
If freedom is outlawed, only outlaws will have freedom...
QtDevl
New User
New User
 
Posts: 40
Joined: Sat May 17, 2008 3:50 pm
Location: my own world
Blog: View Blog (0)


Re: Scripted HTS Login

Post by cyberdrain on Fri Dec 12, 2014 6:19 pm
([msg=85815]see Re: Scripted HTS Login[/msg])

Wait, you created shell code for logging in? Sure, post away :)
Free your mind / Think clearly
User avatar
cyberdrain
Expert
Expert
 
Posts: 2160
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: Scripted HTS Login

Post by pretentious on Sat Dec 13, 2014 12:55 am
([msg=85819]see Re: Scripted HTS Login[/msg])

I'm waiting for someone to upload python code so I can pass programming 11 XD
Goatboy wrote:Oh, that's simple. All you need to do is dedicate many years of your life to studying security.

IF you feel like exchanging ASCII arrays, let me know ;)
Can you say brainwashing It's a non stop disco
User avatar
pretentious
Addict
Addict
 
Posts: 1211
Joined: Wed Mar 03, 2010 12:48 am
Blog: View Blog (0)


Next

Return to Programming

Who is online

Users browsing this forum: No registered users and 0 guests