mountainstorm · August 29, 2015 14:15
diff --git a/search.py b/search.py
 #!/usr/bin/python
 # coding: utf-8


 import sys
 import os
 import re
 import subprocess
 import cgi
 import cgitb

 cgitb.enable()

 print "Content-type: text/html"
 print ""
 sys.stdout.flush()


 #
 # Thankfully the way python runs its nice and safe from Shellshock :)
 #
 # FLAG: 5543F709-0851-4D00-8F98-AED696763EAC
 #

 WEBROOT = "/var/www/html"
 SEARCH_TEMPLATE = os.path.join(WEBROOT, "search.html")
 TAG_RESULTS = "!!!search-results!!!"


 def output_template(results):
 	rep = "<!-- CTF search code: https://gist.github.com/mountainstorm/7a5d47acf9dbace4f11a -->\n"
 	# turn results into a string
 	if results is not None and len(results) > 0:
 		rep += "<h1>Results</h1>\n"
 		for r in results:
 			rep += "<p><a href='%s'>%s</a></p>\n" % (r[0], r[1])
 	else:
 		# no results
 		rep += """
 		<h1>No Results Found</h1>
 		<p>Sorry, but nothing matched your search terms. Please try again with some different keywords.</p>
 """	

 	with open(SEARCH_TEMPLATE, "rt") as f:
 		html = f.read()
 		print html.replace(TAG_RESULTS, rep)


 #
 # We don't want people passing nasty stuff in the search term, check it
 #
 form = cgi.FieldStorage()
 if "s" not in form or re.match("^[a-zA-Z0-9 -_]*$", form["s"].value) is None:
 	output_template(None) # invalid search term - spit it back out
 	sys.exit(1)
 s = form["s"].value

 #
 # Seach all files next to and below the SEARCH_TEMPLATE for the term in 's'
 #

 # XXX should do this in python, but for now we'll use grep
 d = os.path.dirname(SEARCH_TEMPLATE)
 cmd = 'grep -lir --binary-files=without-match "%s" "%s"' % (s, d)

 results = []
 proc = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE)
 out = proc.communicate()[0]

 #
 # process the output and create results
 #
 for fn in out.split("\n"):
 	url = fn[len(WEBROOT):] # strip off so we get an absolute url
 	name = fn[len(d):] # strip the 'root'
 	results.append((url, name))
 output_template(results)
	#!/usr/bin/python
	# coding: utf-8


	import sys
	import os
	import re
	import subprocess
	import cgi
	import cgitb

	cgitb.enable()

	print "Content-type: text/html"
	print ""
	sys.stdout.flush()


	#
	# Thankfully the way python runs its nice and safe from Shellshock :)
	#
	# FLAG: 5543F709-0851-4D00-8F98-AED696763EAC
	#

	WEBROOT = "/var/www/html"
	SEARCH_TEMPLATE = os.path.join(WEBROOT, "search.html")
	TAG_RESULTS = "!!!search-results!!!"


	def output_template(results):
	rep = "<!-- CTF search code: https://gist.github.com/mountainstorm/7a5d47acf9dbace4f11a -->\n"
	# turn results into a string
	if results is not None and len(results) > 0:
	rep += "<h1>Results</h1>\n"
	for r in results:
	rep += "<p><a href='%s'>%s</a></p>\n" % (r[0], r[1])
	else:
	# no results
	rep += """
	<h1>No Results Found</h1>
	<p>Sorry, but nothing matched your search terms. Please try again with some different keywords.</p>
	"""

	with open(SEARCH_TEMPLATE, "rt") as f:
	html = f.read()
	print html.replace(TAG_RESULTS, rep)


	#
	# We don't want people passing nasty stuff in the search term, check it
	#
	form = cgi.FieldStorage()
	if "s" not in form or re.match("^[a-zA-Z0-9 -_]*$", form["s"].value) is None:
	output_template(None) # invalid search term - spit it back out
	sys.exit(1)
	s = form["s"].value

	#
	# Seach all files next to and below the SEARCH_TEMPLATE for the term in 's'
	#

	# XXX should do this in python, but for now we'll use grep
	d = os.path.dirname(SEARCH_TEMPLATE)
	cmd = 'grep -lir --binary-files=without-match "%s" "%s"' % (s, d)

	results = []
	proc = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE)
	out = proc.communicate()[0]

	#
	# process the output and create results
	#
	for fn in out.split("\n"):
	url = fn[len(WEBROOT):] # strip off so we get an absolute url
	name = fn[len(d):] # strip the 'root'
	results.append((url, name))
	output_template(results)
No results found