ArtificialUniversity Discussion [WEB] [HTB]

Let’s talk about ArtificialUniversity. Please do not share any flags or writeups.

Okay, we somehow have to trigger this function.

def bot_runner(email, password, payment_id):
    firefox_options = Options()

    firefox_binary_path = "/opt/firefox/firefox"
    geckodriver_path = "/usr/local/bin/geckodriver"

    firefox_options.add_argument("--headless")
    firefox_options.binary_location = firefox_binary_path

    firefox_service = Service(geckodriver_path)
    client = webdriver.Firefox(service=firefox_service, options=firefox_options)

    try:
        client.get("http://127.0.0.1:1337/login")
        time.sleep(3)

        client.find_element(By.ID, "email").send_keys(email)
        client.find_element(By.ID, "password").send_keys(password)
        client.execute_script("document.getElementById('login-btn').click()")
        time.sleep(3)

        client.get(f"http://127.0.0.1:1337/static/invoices/invoice_{payment_id}.pdf")
        time.sleep(10)
    finally:
        client.quit()

And there’s only way to trigger it

$ grep -r "bot_runner"
src/store/application/util/bot.py:def bot_runner(email, password, payment_id):
src/store/application/blueprints/routes.py:from application.util.bot import bot_runner
src/store/application/blueprints/routes.py:     bot_runner(current_app.config["ADMIN_EMAIL"], current_app.config["ADMIN_PASS"], payment_id)

This is really insnae

Check the source code meticulously you’ll figure it out

What the f is grpc. it’s working on port 50051

These should help you