#include <iostream> #include <string> #include <vector> #include <sstream> #include <windows.h> #include <winhttp.h> typedef HINTERNET (WINAPI *pWinHttpOpen)(LPCWSTR, DWORD, LPCWSTR, LPCWSTR, DWORD); typedef HINTERNET (WINAPI *pWinHttpConnect)(HINTERNET, LPCWSTR, INTERNET_PORT, DWORD); typedef HINTERNET (WINAPI *pWinHttpOpenRequest)(HINTERNET, LPCWSTR, LPCWSTR, LPCWSTR, LPCWSTR, LPCWSTR*, DWORD); typedef BOOL (WINAPI *pWinHttpSendRequest)(HINTERNET, LPCWSTR, DWORD, LPVOID, DWORD, DWORD, DWORD_PTR); typedef BOOL (WINAPI *pWinHttpReceiveResponse)(HINTERNET, LPVOID); typedef BOOL (WINAPI *pWinHttpQueryHeaders)(HINTERNET, DWORD, LPCWSTR, LPVOID, LPDWORD, LPDWORD); typedef BOOL (WINAPI *pWinHttpQueryDataAvailable)(HINTERNET, LPDWORD); typedef BOOL (WINAPI *pWinHttpReadData)(HINTERNET, LPVOID, DWORD, LPDWORD); typedef BOOL (WINAPI *pWinHttpCrackUrl)(LPCWSTR, DWORD, DWORD, LPURL_COMPONENTS); typedef BOOL (WINAPI *pWinHttpCloseHandle)(HINTERNET); typedef BOOL (WINAPI *pWinHttpSetOption)(HINTERNET, DWORD, LPVOID, DWORD); typedef BOOL (WINAPI *pWinHttpAddRequestHeaders)(HINTERNET, LPCWSTR, DWORD, DWORD); std::string urlEncode(const std::string& value) { std::string encoded; char hex[] = "0123456789ABCDEF"; for (unsigned char c : value) { if (isalnum(c) || c == '-' || c == '_' || c == '.' || c == '~') { encoded += c; } else { encoded += '%'; encoded += hex[(c >> 4) & 0xF]; encoded += hex[c & 0xF]; } } return encoded; } std::string extractCookie(const std::string& headers, const std::string& cookieName) { std::string lowerHeaders = headers; for (auto& c : lowerHeaders) c = tolower(c); std::string search = "set-cookie: " + cookieName + "="; size_t pos = lowerHeaders.find(search); if (pos == std::string::npos) { search = "Set-Cookie: " + cookieName + "="; pos = headers.find(search); } if (pos == std::string::npos) return ""; size_t start = headers.find("=", pos) + 1; size_t end = headers.find(";", start); if (end == std::string::npos) end = headers.find("\r\n", start); return headers.substr(start, end - start); } std::string extractCsrfTokenFromHtml(const std::string& html) { size_t pos = html.find("name=\"csrf-token\""); if (pos == std::string::npos) { pos = html.find("name=\"_csrf\""); if (pos != std::string::npos) { pos = html.find("value=\"", pos); if (pos != std::string::npos) { pos += 7; size_t end = html.find("\"", pos); return html.substr(pos, end - pos); } } return ""; } pos = html.find("content=\"", pos); if (pos == std::string::npos) return ""; pos += 9; size_t end = html.find("\"", pos); if (end == std::string::npos) return ""; return html.substr(pos, end - pos); } std::string extractLocation(const std::string& headers) { std::string lowerHeaders = headers; for (auto& c : lowerHeaders) c = tolower(c); size_t pos = lowerHeaders.find("location: "); if (pos == std::string::npos) return ""; size_t start = pos + 10; size_t end = headers.find("\r\n", start); return headers.substr(start, end - start); } // 提取状态码 int extractStatusCode(const std::string& headers) { if (headers.find("HTTP/1.1 302") != std::string::npos || headers.find("HTTP/1.0 302") != std::string::npos) return 302; if (headers.find("HTTP/1.1 200") != std::string::npos || headers.find("HTTP/1.0 200") != std::string::npos) return 200; if (headers.find("HTTP/1.1 400") != std::string::npos) return 400; return 0; } class SimpleHTTP { HMODULE hWinHttp; pWinHttpOpen fnOpen; pWinHttpConnect fnConnect; pWinHttpOpenRequest fnOpenRequest; pWinHttpSendRequest fnSendRequest; pWinHttpReceiveResponse fnReceiveResponse; pWinHttpQueryHeaders fnQueryHeaders; pWinHttpQueryDataAvailable fnQueryDataAvailable; pWinHttpReadData fnReadData; pWinHttpCrackUrl fnCrackUrl; pWinHttpCloseHandle fnCloseHandle; pWinHttpSetOption fnSetOption; pWinHttpAddRequestHeaders fnAddRequestHeaders; public: SimpleHTTP() { hWinHttp = LoadLibraryA("winhttp.dll"); if (!hWinHttp) return; fnOpen = (pWinHttpOpen)GetProcAddress(hWinHttp, "WinHttpOpen"); fnConnect = (pWinHttpConnect)GetProcAddress(hWinHttp, "WinHttpConnect"); fnOpenRequest = (pWinHttpOpenRequest)GetProcAddress(hWinHttp, "WinHttpOpenRequest"); fnSendRequest = (pWinHttpSendRequest)GetProcAddress(hWinHttp, "WinHttpSendRequest"); fnReceiveResponse = (pWinHttpReceiveResponse)GetProcAddress(hWinHttp, "WinHttpReceiveResponse"); fnQueryHeaders = (pWinHttpQueryHeaders)GetProcAddress(hWinHttp, "WinHttpQueryHeaders"); fnQueryDataAvailable = (pWinHttpQueryDataAvailable)GetProcAddress(hWinHttp, "WinHttpQueryDataAvailable"); fnReadData = (pWinHttpReadData)GetProcAddress(hWinHttp, "WinHttpReadData"); fnCrackUrl = (pWinHttpCrackUrl)GetProcAddress(hWinHttp, "WinHttpCrackUrl"); fnCloseHandle = (pWinHttpCloseHandle)GetProcAddress(hWinHttp, "WinHttpCloseHandle"); fnSetOption = (pWinHttpSetOption)GetProcAddress(hWinHttp, "WinHttpSetOption"); fnAddRequestHeaders = (pWinHttpAddRequestHeaders)GetProcAddress(hWinHttp, "WinHttpAddRequestHeaders"); } ~SimpleHTTP() { if (hWinHttp) FreeLibrary(hWinHttp); } bool request(const std::wstring& url, const std::wstring& method, const std::string& postData, const std::string& cookies, std::string& outBody, std::string& outHeaders, bool autoRedirect = true) { if (!hWinHttp || !fnOpen) return false; URL_COMPONENTS urlComp = { sizeof(urlComp) }; wchar_t hostName[256] = {0}, urlPath[1024] = {0}; urlComp.lpszHostName = hostName; urlComp.dwHostNameLength = 256; urlComp.lpszUrlPath = urlPath; urlComp.dwUrlPathLength = 1024; urlComp.dwSchemeLength = 1; if (!fnCrackUrl(url.c_str(), 0, 0, &urlComp)) return false; HINTERNET hSession = fnOpen(L"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36", WINHTTP_ACCESS_TYPE_DEFAULT_PROXY, WINHTTP_NO_PROXY_NAME, WINHTTP_NO_PROXY_BYPASS, 0); if (!hSession) return false; HINTERNET hConnect = fnConnect(hSession, hostName, urlComp.nPort, 0); if (!hConnect) { fnCloseHandle(hSession); return false; } DWORD flags = 0; if (urlComp.nScheme == INTERNET_SCHEME_HTTPS) flags |= WINHTTP_FLAG_SECURE; HINTERNET hRequest = fnOpenRequest(hConnect, method.c_str(), urlPath, NULL, WINHTTP_NO_REFERER, WINHTTP_DEFAULT_ACCEPT_TYPES, flags); if (!hRequest) { fnCloseHandle(hConnect); fnCloseHandle(hSession); return false; } if (!autoRedirect && fnSetOption) { DWORD dwOption = WINHTTP_DISABLE_REDIRECTS; fnSetOption(hRequest, WINHTTP_OPTION_DISABLE_FEATURE, &dwOption, sizeof(dwOption)); } if (method == L"POST" && fnAddRequestHeaders) { fnAddRequestHeaders(hRequest, L"Content-Type: application/x-www-form-urlencoded", (DWORD)-1, WINHTTP_ADDREQ_FLAG_ADD); } if (!cookies.empty() && fnAddRequestHeaders) { std::wstring cookieHeader = L"Cookie: "; int len = MultiByteToWideChar(CP_UTF8, 0, cookies.c_str(), -1, NULL, 0); std::vector<wchar_t> buf(len); MultiByteToWideChar(CP_UTF8, 0, cookies.c_str(), -1, buf.data(), len); cookieHeader += buf.data(); fnAddRequestHeaders(hRequest, cookieHeader.c_str(), (DWORD)-1, WINHTTP_ADDREQ_FLAG_ADD); } DWORD totalLen = postData.length(); BOOL bResults = fnSendRequest(hRequest, WINHTTP_NO_ADDITIONAL_HEADERS, 0, (LPVOID)postData.c_str(), totalLen, totalLen, 0); if (bResults) bResults = fnReceiveResponse(hRequest, NULL); if (bResults) { DWORD headerSize = 0; if (fnQueryHeaders) { fnQueryHeaders(hRequest, WINHTTP_QUERY_RAW_HEADERS_CRLF, WINHTTP_HEADER_NAME_BY_INDEX, NULL, &headerSize, WINHTTP_NO_HEADER_INDEX); } if (headerSize > 0) { std::vector<wchar_t> headers(headerSize); if (fnQueryHeaders) { fnQueryHeaders(hRequest, WINHTTP_QUERY_RAW_HEADERS_CRLF, WINHTTP_HEADER_NAME_BY_INDEX, headers.data(), &headerSize, WINHTTP_NO_HEADER_INDEX); } int len = WideCharToMultiByte(CP_UTF8, 0, headers.data(), -1, NULL, 0, NULL, NULL); std::vector<char> buf(len); WideCharToMultiByte(CP_UTF8, 0, headers.data(), -1, buf.data(), len, NULL, NULL); outHeaders = buf.data(); } DWORD dwSize = 0; do { dwSize = 0; if (fnQueryDataAvailable) { fnQueryDataAvailable(hRequest, &dwSize); } if (dwSize == 0) break; std::vector<char> buffer(dwSize + 1); DWORD dwDownloaded = 0; if (fnReadData) { fnReadData(hRequest, buffer.data(), dwSize, &dwDownloaded); } outBody.append(buffer.data(), dwDownloaded); } while (dwSize > 0); } fnCloseHandle(hRequest); fnCloseHandle(hConnect); fnCloseHandle(hSession); return bResults; } }; int main() { SetConsoleOutputCP(CP_UTF8); std::string username, password; std::cout << "Username: "; std::getline(std::cin, username); std::cout << "Password: "; std::getline(std::cin, password); SimpleHTTP http; // ========== 第一步：登录 ========== std::cout << "\n[*] Getting login page..." << std::endl; std::string body, headers; if (!http.request(L"http://103.82.54.47/site/login", L"GET", "", "", body, headers, false)) { std::cerr << "GET request failed" << std::endl; return 1; } std::string phpsessid = extractCookie(headers, "PHPSESSID"); std::string csrf = extractCsrfTokenFromHtml(body); if (phpsessid.empty()) { std::cerr << "Error: Failed to get PHPSESSID" << std::endl; return 1; } std::cout << "[+] PHPSESSID: " << phpsessid << std::endl; if (csrf.empty()) { std::cerr << "Error: Failed to get CSRF token from HTML" << std::endl; return 1; } std::cout << "[+] CSRF Token: " << csrf << std::endl; std::string postData = "_csrf=" + urlEncode(csrf) + "&LoginForm%5Busername%5D=" + urlEncode(username) + "&LoginForm%5Bpassword%5D=" + urlEncode(password) + "&LoginForm%5BrememberMe%5D=0" + "&LoginForm%5BrememberMe%5D=1" + "&login-button="; std::string csrfCookie = extractCookie(headers, "_csrf"); std::string cookies = "PHPSESSID=" + phpsessid + "; _csrf=" + csrfCookie; std::cout << "\n[*] Logging in..." << std::endl; std::string postBody, postHeaders; if (!http.request(L"http://103.82.54.47/site/login", L"POST", postData, cookies, postBody, postHeaders, false)) { std::cerr << "POST request failed" << std::endl; return 1; } std::string location = extractLocation(postHeaders); std::string identity = extractCookie(postHeaders, "_identity"); if (identity.empty() && location.find("103.82.54.47/") == std::string::npos) { std::cout << "\n[-] Login failed" << std::endl; std::cout << "[*] Response headers:\n" << postHeaders << std::endl; system("pause"); return 1; } std::cout << "\n[+] Login successful!" << std::endl; std::cout << "[+] _identity: " << identity << std::endl; // 更新 Cookie（登录后可能获得新的 PHPSESSID） std::string newPhpsessid = extractCookie(postHeaders, "PHPSESSID"); if (!newPhpsessid.empty()) { phpsessid = newPhpsessid; std::cout << "[+] Updated PHPSESSID: " << phpsessid << std::endl; } // ========== 第二步：访问题目页面获取新 CSRF ========== std::cout << "\n[*] Getting problem page..." << std::endl; std::string problemBody, problemHeaders; std::string loginCookies = "PHPSESSID=" + phpsessid + "; _identity=" + identity + "; _csrf=" + csrfCookie; if (!http.request(L"http://103.82.54.47/p/1?view=classic", L"GET", "", loginCookies, problemBody, problemHeaders, false)) { std::cerr << "Failed to get problem page" << std::endl; system("pause"); return 1; } // 提取新的 CSRF token std::string newCsrf = extractCsrfTokenFromHtml(problemBody); if (newCsrf.empty()) { std::cerr << "Error: Failed to get new CSRF token from problem page" << std::endl; system("pause"); return 1; } std::cout << "[+] New CSRF Token: " << newCsrf << std::endl; // 更新 Cookie（可能获得新的 _csrf） std::string newCsrfCookie = extractCookie(problemHeaders, "_csrf"); if (!newCsrfCookie.empty()) { csrfCookie = newCsrfCookie; } // ========== 第三步：提交代码 ========== while(1){ std::cout << "\n[*] Submitting solution..." << std::endl; // 构建提交代码的 POST 数据 std::string code = "#include<bits/stdc++.h>\r\nusing namespace std;\r\nint main(){\r\n\tint a,b;\r\n\tcin>>a>>b;\r\n\tcout<<a+b;\r\n\treturn 0;\r\n}"; std::string submitData = "_csrf=" + urlEncode(newCsrf) + "&Solution%5Blanguage%5D=1" + "&Solution%5Bsource%5D=" + urlEncode(code); std::string submitCookies = "PHPSESSID=" + phpsessid + "; _identity=" + identity + "; _csrf=" + csrfCookie; std::string submitBody, submitHeaders; if (!http.request(L"http://103.82.54.47/p/1?view=classic", L"POST", submitData, submitCookies, submitBody, submitHeaders, false)) { std::cerr << "Submit request failed" << std::endl; system("pause"); return 1; } int statusCode = extractStatusCode(submitHeaders); std::string submitLocation = extractLocation(submitHeaders); std::cout << "\n[+] Submit response status: " << statusCode << std::endl; if (statusCode == 302) { std::cout << "[+] Solution submitted successfully!" << std::endl; std::cout << "[+] Redirect to: " << submitLocation << std::endl; } else { std::cout << "[-] Submit failed" << std::endl; std::cout << "[*] Response headers:\n" << submitHeaders << std::endl; std::cout << "[*] Response body:\n" << submitBody.substr(0, 500) << std::endl; } } system("pause"); return 0; }