enowars
diff --git a/‎checker/src/checker.py‎
Lines changed: 85 additions & 3 deletions b/‎checker/src/checker.py‎
Lines changed: 85 additions & 3 deletions
@@ -55,7 +55,8 @@ async def login_user(self, username: str, password: str):
             follow_redirects=True
         )
         text = resp.text
-        if resp.status_code != 200 or "success" not in text.lower():
+        if resp.status_code not in (200, 302) or "Make a post" not in text:
+            self.logger.error(f"Login response: {text}")
             raise MumbleException("Failed to login user")
 
     async def create_post(self, text: str) -> str:
@@ -84,7 +85,8 @@ async def get_post(self, post_id: str) -> str:
 
         resp = await self.client.get(f"/profile/{post_id}")
         if resp.status_code != 200:
-            raise MumbleException("Failed to retrieve post")
+            self.logger.error(f"Failed to retrieve post {post_id}, status {resp.status_code}")
+            raise MumbleException("Failed to retrieve relevant information")
 
         match = re.search(r'<p>DEBUG:(.*?)</p>', resp.text)
         r=match.group(1)
@@ -93,6 +95,37 @@ async def get_post(self, post_id: str) -> str:
         assert d, "No debug comment found in HTML"
 
         return d
+    
+    async def event_post(self, flag: str) -> tuple[str, str]:
+        data = {
+            "title": "CTF BBQ",
+            "description": "Come hungry.",
+            "date": f"{''.join(random.choices('0123456789', k=4))}-{str(random.randint(1, 12)).zfill(2)}-{str(random.randint(5, 27)).zfill(2)}",
+            "location": "The Cloud",
+            "notes": flag,
+        }
+
+        resp = await self.client.post("/create-event", data=data, follow_redirects=True)
+        html = resp.text
+
+        if resp.status_code not in (200, 302) or "Event Created Successfully!" not in html:
+            self.logger.error(f"Unexpected response during object creation:\n{html}")
+            raise MumbleException("Service returned unexpected content after submission")
+
+        event_id_match = re.search(r"/event/([A-F0-9\-]{36})", html)
+        event_id = event_id_match.group(1) if event_id_match else None
+
+        key_match = re.search(r"<pre[^>]*>([a-f0-9]{32})</pre>", html, re.IGNORECASE)
+        full_key = key_match.group(1) if key_match else None
+
+        if not event_id or not full_key:
+            self.logger.error("Could not extract required tokens from service response")
+            raise MumbleException("Service response malformed or missing expected fields")
+
+        return event_id, full_key
+
+
+
 
 
 @checker.putflag(0)
@@ -105,6 +138,15 @@ async def putflag(task: PutflagCheckerTaskMessage, db: ChainDB, logger: LoggerAd
     await db.set("userdata", (username, password, post_id))
     return username  # from here the users can get the attack info for the exploit
 
+@checker.putflag(1)
+async def putflag_v2(task: PutflagCheckerTaskMessage, db: ChainDB, logger: LoggerAdapter, client: AsyncClient):
+    conn = HTTPConnection(logger, client)
+    username = 'Dr' + ''.join(random.choices(string.ascii_letters, k=8))
+    password = ''.join(random.choices(string.ascii_letters, k=10))
+    await conn.register_user(username, password)
+    event_id, event_key = await conn.event_post(task.flag)
+    await db.set("userdata", (username, password, event_id, event_key))
+    return username
 
 @checker.getflag(0)
 async def getflag(task: GetflagCheckerTaskMessage, db: ChainDB, logger: LoggerAdapter, client: AsyncClient):
@@ -120,8 +162,46 @@ async def getflag(task: GetflagCheckerTaskMessage, db: ChainDB, logger: LoggerAd
     normalized_content = unicodedata.normalize("NFC", content)
 
     assert_in(normalized_flag, normalized_content, "Flag not found in post")
+
+@checker.getflag(1)
+async def getflag_v2(task: GetflagCheckerTaskMessage, db: ChainDB, logger: LoggerAdapter, client: AsyncClient):
+    conn = HTTPConnection(logger, client)
+
+    try:
+        _, _, event_id, event_key = await db.get("userdata")
+    except KeyError:
+        logger.error("No event data found in database")
+        raise MumbleException("Missing data for this flag (Err 5)")
+    
+    user = ''.join(random.choices(string.ascii_letters, k=10))
+    pw   = ''.join(random.choices(string.ascii_letters + string.digits, k=10))
+    logger.debug(f"Created user {user} with password {pw} for flag access with key {event_key} for event {event_id}")  # SECRET
+    await conn.register_user(user, pw)
+
+    await client.get(f"/event/{event_id}", follow_redirects=True)
+    resp = await client.post(f"/event/{event_id}",
+                             data={"key": event_key},
+                             follow_redirects=True)
+    if resp.status_code not in (200, 302):
+        logger.warning(f"Key ({event_key}) submission response:\n{resp.text}")  # SECRET
+        raise MumbleException("Could not submit key")
+    
+    resp = await client.post("/event-accept",
+                             data={"eventID": event_id},
+                             follow_redirects=True)
+    if resp.status_code not in (200, 302):
+        logger.warning(f"Accept invite response:\n{resp.text}")  # SECRET
+        raise MumbleException("Path not found (Err 6)")
 
+    resp = await client.get(f"/event/{event_id}", follow_redirects=True)
+    logger.debug(f"Final event page:\n{resp.text} at {event_id}")  # SECRET
 
+    normalized_flag = unicodedata.normalize("NFC", task.flag)
+    unescaped_html  = html.unescape(resp.text)
+    normalized_page = unicodedata.normalize("NFC", unescaped_html)
+    assert_in(normalized_flag, normalized_page, "Flag not found (Err 7)")
+
+    
 
 @checker.putnoise(0)
 async def putnoise(task: PutnoiseCheckerTaskMessage, db: ChainDB, logger: LoggerAdapter, client: AsyncClient):
@@ -141,7 +221,7 @@ async def getnoise(task: GetnoiseCheckerTaskMessage, db: ChainDB, logger: Logger
     try:
         username, password, post_id, original_text = await db.get("userdata")
     except KeyError:
-        raise MumbleException("No post found for this flag (putflag never called)")
+        raise MumbleException("Nothing found for this flag (putflag never called)")
 
     content = await conn.get_post(post_id)
     assert_in(original_text, content, "Noise content not found")
@@ -155,6 +235,8 @@ async def havoc(task: HavocCheckerTaskMessage, logger: LoggerAdapter, client: As
     assert_in("Facepalm", content, "Unexpected service index page")
 
 
+
+
 # === Exploit ===
 
 SERVICE_PORT = 4269