This tool is designed to:
- Scan a specific IP address for open ports within a specified range.
- For each open port found, it sends HTTP requests to a list of known endpoints (paths) to fetch and display their responses.
- Depending on the endpoint, the tool might POST data to the service, retrieve certain information (like a secret or user level), and use this information in subsequent requests to other endpoints.
Challenge
,Content
,SubmitSolutionBody
: Data structures representing the body of POST requests for specific endpoints.ResponseDetails
: Struct to capture details of an HTTP response.PostBody
: General struct used for most POST requests.
CheckPort(host string, port int, timeout time.Duration) bool
: Checks if a specific port is open on a host.FindOpenPorts(host string, start, end int, timeout time.Duration) []int
: Uses goroutines to scan a range of ports concurrently and returns a list of open ports.FetchDetails(ip string, port int, path string) ResponseDetails
: Makes a GET request to a given IP, port, and path, and returns the response details.postBodyToCheckResponse(ip string, port int, path string, body interface{}) ([]byte, error)
: POSTs a JSON body to a specified endpoint and returns the response.
- Load configurations from a
.env
file: IP, start port, end port, and timeout. - Scan the IP for open ports within the given range.
- For each open port found:
- Fetch details from each known endpoint.
- If the endpoint is
/getUserSecret
, a loop tries to fetch a secret until successful. - The secret fetched is then used for other endpoints.
- If the endpoint is
/getUserLevel
, it fetches the user level. - If the endpoint is
/submitSolution
, it uses the previously fetched secret and user level to submit a solution.
- Ensure you have a
.env
file in the root with the following variables:IP
,START_PORT
,END_PORT
, andTIMEOUT
. - Run
source .env
to load the variables into your environment. - Run the program using
go run main.go
.
- The order of the paths in the list matters since some endpoints require information fetched from previous ones.
- The secret key for the
/submitSolution
endpoint currently has a humorous placeholder quote about pasting code. Ensure it's the right key for your application.
This README provides a high-level overview of your program. Depending on your audience and the purpose of this tool, you might want to expand on certain areas, add examples, or include other sections like "Prerequisites," "Installation," and "Contribution Guidelines."
Tiny Path [ctf-school-????????] = ctf-school-09292023 Today is a good day innit ? = Today date
Copy Trash 5FPprcvF-T75f91DQ2C = url : https://pastebin.com/5FPprcvF , password : T75f91DQ2C
Dabatase App : 72 44 90 = Protocol This is clearly not a binary : 81 49 56 53 50 51 53 = Q185235
Welcome to the challenge ! Here is your first Challenge: 77337396dc3250bc4c480e187a69b090 Don't forget that:Das Einfügen von Code aus dem Internet in Produktionscode ist ...
Secret Key = Pasting code from the Internet into production code is like chewing gum found in the street.