lionaneesh · April 1, 2021 02:41
diff --git a/umassctf2021_replme_fuzz.py b/umassctf2021_replme_fuzz.py
 import requests

 url = "http://34.72.244.178:8085/"
 proxy = {"http":"http://127.0.0.1:8080"}
 results = {}

 funcs = "% %= * *= + ++ += - -- -= -> ->> -?> -?>> / /= < <= = == > >= abstract? all all-bindings all-dynamics and apply array array/concat array/ensure array/insert array/new array/peek array/pop array/push array/remove array/slice array? as-> as?-> asm bad-compile bad-parse band blshift bnot boolean? bor brshift brushift buffer buffer/bit buffer/bit-clear buffer/bit-set buffer/bit-toggle buffer/blit buffer/clear buffer/format buffer/new buffer/new-filled buffer/popn buffer/push-byte buffer/push-string buffer/push-word buffer/slice buffer? bxor bytes? case cfunction? comment comp compile complement cond coro count debug debug/arg-stack debug/break debug/fbreak debug/lineage debug/stack debug/stacktrace debug/unbreak debug/unfbreak dec deep-not= deep= def- default defglobal defmacro defmacro- defn defn- describe dictionary? disasm distinct doc doc* doc-format dofile drop drop-until drop-while dyn each empty? env-lookup error eval eval-string even? every? extreme false? fiber/current fiber/getenv fiber/maxstack fiber/new fiber/setenv fiber/setmaxstack fiber/status fiber? file/close file/fdopen file/fileno file/flush file/open file/popen file/read file/seek file/write filter find find-index first flatten flatten-into for freeze frequencies function? gccollect gcinterval gcsetinterval generate gensym get get-in getline hash idempotent? identity if-let if-not import import* inc indexed? int/s64 int/u64 int? interleave interpose invert janet/build janet/config-bits janet/version juxt juxt* keep keys keyword keyword? kvs last length let load-image loop macex macex1 make-env make-image map mapcat marshal match math/abs math/acos math/asin math/atan math/atan2 math/ceil math/cos math/cosh math/e math/exp math/floor math/inf math/log math/log10 math/pi math/pow math/random math/seedrandom math/sin math/sinh math/sqrt math/tan math/tanh max max-order mean merge merge-into min min-order module/cache module/expand-path module/find module/loaders module/loading module/paths nat? native neg? next nil? not not= not== number? odd? one? or order< order<= order> order>= os/arch os/cd os/clock os/cwd os/date os/dir os/execute os/exit os/getenv os/link os/mkdir os/rename os/rm os/rmdir os/setenv os/shell os/sleep os/stat os/time os/touch os/which pairs parser/byte parser/clone parser/consume parser/eof parser/error parser/flush parser/has-more parser/insert parser/new parser/produce parser/state parser/status parser/where partial partition peg/compile peg/match pos? postwalk pp prewalk print printf product propagate put put-in range reduce repl require resume reverse run-context scan-number seq setdyn short-fn slurp some sort sorted spit stderr stdin stdout string string/ascii-lower string/ascii-upper string/bytes string/check-set string/find string/find-all string/format string/from-bytes string/has-prefix? string/has-suffix? string/join string/repeat string/replace string/replace-all string/reverse string/slice string/split string/trim string/triml string/trimr string? struct struct? sum symbol symbol? table table/clone table/getproto table/new table/rawget table/setproto table/to-struct table? take take-until take-while tarray/buffer tarray/copy-bytes tarray/length tarray/new tarray/properties tarray/slice tarray/swap-bytes trace true? try tuple tuple/brackets tuple/setmap tuple/slice tuple/sourcemap tuple/type tuple? type unless unmarshal untrace update update-in use values varglobal walk when when-let with with-dyns with-syms yield zero? zipcoll"
 funcs = funcs.strip().split(" ")

 def sendCommand(cmd):
    r = requests.post(url, data=cmd)
    if "Function" and "not allowed" in r.text:
        print(cmd, "Blacklisted")
    else:
        print(cmd, "Allowed")
    return r.text

 for func in funcs:
    print(sendCommand('(' + func + ')'))
	import requests

	url = "http://34.72.244.178:8085/"
	proxy = {"http":"http://127.0.0.1:8080"}
	results = {}

	funcs = "% %= * = + ++ += - -- -= -> ->> -?> -?>> / /= < <= = == > >= abstract? all all-bindings all-dynamics and apply array array/concat array/ensure array/insert array/new array/peek array/pop array/push array/remove array/slice array? as-> as?-> asm bad-compile bad-parse band blshift bnot boolean? bor brshift brushift buffer buffer/bit buffer/bit-clear buffer/bit-set buffer/bit-toggle buffer/blit buffer/clear buffer/format buffer/new buffer/new-filled buffer/popn buffer/push-byte buffer/push-string buffer/push-word buffer/slice buffer? bxor bytes? case cfunction? comment comp compile complement cond coro count debug debug/arg-stack debug/break debug/fbreak debug/lineage debug/stack debug/stacktrace debug/unbreak debug/unfbreak dec deep-not= deep= def- default defglobal defmacro defmacro- defn defn- describe dictionary? disasm distinct doc doc doc-format dofile drop drop-until drop-while dyn each empty? env-lookup error eval eval-string even? every? extreme false? fiber/current fiber/getenv fiber/maxstack fiber/new fiber/setenv fiber/setmaxstack fiber/status fiber? file/close file/fdopen file/fileno file/flush file/open file/popen file/read file/seek file/write filter find find-index first flatten flatten-into for freeze frequencies function? gccollect gcinterval gcsetinterval generate gensym get get-in getline hash idempotent? identity if-let if-not import import* inc indexed? int/s64 int/u64 int? interleave interpose invert janet/build janet/config-bits janet/version juxt juxt* keep keys keyword keyword? kvs last length let load-image loop macex macex1 make-env make-image map mapcat marshal match math/abs math/acos math/asin math/atan math/atan2 math/ceil math/cos math/cosh math/e math/exp math/floor math/inf math/log math/log10 math/pi math/pow math/random math/seedrandom math/sin math/sinh math/sqrt math/tan math/tanh max max-order mean merge merge-into min min-order module/cache module/expand-path module/find module/loaders module/loading module/paths nat? native neg? next nil? not not= not== number? odd? one? or order< order<= order> order>= os/arch os/cd os/clock os/cwd os/date os/dir os/execute os/exit os/getenv os/link os/mkdir os/rename os/rm os/rmdir os/setenv os/shell os/sleep os/stat os/time os/touch os/which pairs parser/byte parser/clone parser/consume parser/eof parser/error parser/flush parser/has-more parser/insert parser/new parser/produce parser/state parser/status parser/where partial partition peg/compile peg/match pos? postwalk pp prewalk print printf product propagate put put-in range reduce repl require resume reverse run-context scan-number seq setdyn short-fn slurp some sort sorted spit stderr stdin stdout string string/ascii-lower string/ascii-upper string/bytes string/check-set string/find string/find-all string/format string/from-bytes string/has-prefix? string/has-suffix? string/join string/repeat string/replace string/replace-all string/reverse string/slice string/split string/trim string/triml string/trimr string? struct struct? sum symbol symbol? table table/clone table/getproto table/new table/rawget table/setproto table/to-struct table? take take-until take-while tarray/buffer tarray/copy-bytes tarray/length tarray/new tarray/properties tarray/slice tarray/swap-bytes trace true? try tuple tuple/brackets tuple/setmap tuple/slice tuple/sourcemap tuple/type tuple? type unless unmarshal untrace update update-in use values varglobal walk when when-let with with-dyns with-syms yield zero? zipcoll"
	funcs = funcs.strip().split(" ")

	def sendCommand(cmd):
	r = requests.post(url, data=cmd)
	if "Function" and "not allowed" in r.text:
	print(cmd, "Blacklisted")
	else:
	print(cmd, "Allowed")
	return r.text

	for func in funcs:
	print(sendCommand('(' + func + ')'))