96 lines
2.7 KiB
Common Lisp
96 lines
2.7 KiB
Common Lisp
(ql:quickload '(:cl-ppcre
|
|
:cl-base64
|
|
:ironclad
|
|
:jsown))
|
|
|
|
(defpackage #:cl-secninja
|
|
(:use #:common-lisp #:cl #:uiop #:cl-ppcre #:ironclad #:cl-base64))
|
|
|
|
(in-package #:cl-secninja)
|
|
|
|
(defvar *url* "redacted")
|
|
|
|
(defun run-curl (command)
|
|
(let* ((curl-command (concatenate 'string "curl -i " command))
|
|
(result (uiop:run-program curl-command
|
|
:output :string
|
|
:error-output T)))
|
|
result))
|
|
|
|
(defun one ()
|
|
(let* ((command *url*)
|
|
(result (run-curl *url*)))
|
|
(format t "~%COMMAND: curl ~a" command)
|
|
(format t "~%RESULT: curl ~a" result)
|
|
(car (ppcre:all-matches-as-strings "\\?.*" result))))
|
|
|
|
(defun two ()
|
|
(let* ((command (concatenate 'string
|
|
"\"" *url* (one) "\""))
|
|
(result (run-curl command)))
|
|
result))
|
|
|
|
(defun three ()
|
|
(let ((headers (ppcre:all-matches-as-strings "X-.*" (two))))
|
|
(print headers)
|
|
(print (car headers))
|
|
(print (cadr headers))
|
|
(let ((command (concatenate 'string
|
|
"\"" *url* "\?step=2" "\""
|
|
" -H \"" (car headers) "\""
|
|
" -H \"" (cadr headers) "\"")))
|
|
(let ((result (run-curl command)))
|
|
(format t "~%RESULT: curl ~a" result)
|
|
result))))
|
|
|
|
(defun four ()
|
|
(let*
|
|
((data (three))
|
|
(input
|
|
(car (ppcre:all-matches-as-strings "(?sm)\{.*}$" data)))
|
|
(challenge
|
|
(string-left-trim "challenge: " (car (ppcre:all-matches-as-strings "challenge:(.*)" data))))
|
|
(timestamp
|
|
(string-left-trim "timestamp: " (car (ppcre:all-matches-as-strings "timestamp:(.*)" data))))
|
|
(sorted (sort (cdr (jsown:parse input)) #'string<= :key #'first))
|
|
(connected
|
|
(string-right-trim "\&"
|
|
(format nil "~{~A~}"
|
|
(loop
|
|
for item in sorted
|
|
collect
|
|
(concatenate 'string (car item) "\=" (cdr item) "\&")))))
|
|
(hash (sha-256 connected))
|
|
(command
|
|
(string-right-trim "\-"
|
|
(concatenate 'string
|
|
"-X POST \"" *url* "\?step=3" "\""
|
|
" -H \"Content-Type: application/x-www-form-urlencoded\" "
|
|
" -d \"challenge=" challenge "\""
|
|
" -d \"timestamp=" timestamp "\""
|
|
" -d \"hash=" hash "\""
|
|
))))
|
|
(terpri)
|
|
(print challenge)
|
|
(print timestamp)
|
|
(print hash)
|
|
(terpri)
|
|
(format t "~%COMMAND: curl ~a" command)
|
|
(terpri)
|
|
(let ((result (run-curl command)))
|
|
(format t "~%RESULT: curl ~a" result))
|
|
(terpri)))
|
|
|
|
(defun sha-256 (str)
|
|
(ironclad:byte-array-to-hex-string
|
|
(ironclad:digest-sequence :sha256
|
|
(ironclad:ascii-string-to-byte-array str))))
|
|
|
|
(defvar *email* (alexandria:read-file-into-string "email"))
|
|
|
|
(defun base64 ()
|
|
(let ((email *email*))
|
|
(loop repeat 100 do
|
|
(if (ppcre:scan "@" email)
|
|
(print email)
|
|
(setf email (cl-base64:base64-string-to-string email))))))
|