@app.route('/read') defread(): try: url = request.args.get('url') m = re.findall('^file.*', url, re.IGNORECASE) n = re.findall('flag', url, re.IGNORECASE) if m or n: return'No Hack' res = urllib.urlopen(url) return res.read() except Exception as ex: printstr(ex) return'no response'
@app.route('/flag') defflag(): if session and session['username'] == 'fuck': returnopen('/flag.txt').read() else: return'Access denied'
if __name__=='__main__': app.run( debug=True, host="0.0.0.0" )
h = hashlib.md5() for bit in chain(probably_public_bits, private_bits): ifnot bit: continue ifisinstance(bit, str): bit = bit.encode('utf-8') h.update(bit) h.update(b'cookiesalt')
cookie_name = '__wzd' + h.hexdigest()[:20]
num = None if num isNone: h.update(b'pinsalt') num = ('%09d' % int(h.hexdigest(), 16))[:9]
rv =None if rv isNone: for group_size in5, 4, 3: iflen(num) % group_size == 0: rv = '-'.join(num[x:x + group_size].rjust(group_size, '0') for x inrange(0, len(num), group_size)) break else: rv = num