pwnshopize xss-context

pwncollege · Dec 24, 2024 · 5154881 · 5154881
1 parent 61dc2dc
commit 5154881
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 2 deletions.
diff --git a/web-security/pwnshop.yml b/web-security/pwnshop.yml
@@ -32,3 +32,5 @@ challenges:
   challenge: XSSStoredAlert
 - id: xss-reflected
   challenge: XSSReflected
+- id: xss-context
+  challenge: XSSContext
diff --git a/web-security/xss-context/server b/web-security/xss-context/server
@@ -5,6 +5,7 @@ import os
 
 app = flask.Flask(__name__)
 
+
 @app.route("/", methods=["GET"])
 def challenge_get():
     return f"""
@@ -18,6 +19,7 @@ def challenge_get():
         </body></html>
     """
 
+
 app.secret_key = os.urandom(8)
-app.config['SERVER_NAME'] = f"challenge.localhost:80"
+app.config["SERVER_NAME"] = f"challenge.localhost:80"
 app.run("challenge.localhost", 80)
diff --git a/web-security/xss-context/victim b/web-security/xss-context/victim
@@ -25,11 +25,17 @@ service = FirefoxService(log_path="/dev/null")
 browser = webdriver.Firefox(service=service, options=options)
 atexit.register(browser.quit)
 
+open_ports = {s.laddr.port for s in psutil.net_connections(kind="inet") if s.status == "LISTEN"}
+if 80 not in open_ports:
+    print("Service doesn't seem to be running?")
+    sys.exit(1)
+
 if len(sys.argv) == 1:
     print(f"Usage: {sys.argv[0]} URL")
     sys.exit(1)
 
 challenge_url = sys.argv[1]
+
 url_parsed = urllib.parse.urlparse(challenge_url)
 if url_parsed.hostname != "challenge.localhost":
     print("Hostname should be 'challenge.localhost'.")
@@ -47,4 +53,4 @@ except TimeoutException:
     sys.exit(3)
 else:
     print("Alert triggered! Your reward:")
-    print(open("/flag").read())
+    print(open("/flag").read().strip())