Electron
- Category: Bot
- 50 points
- Solved by JCTF Team
Description
Solution
Let's visit the website:
It looks like we need to buy something. Let's try to buy the fancy shirt. When clicking the button, we get the following screen:
There is a counter which goes from one minute down to zero. If we wait it get to 00:00, we have an option to purchase the item:
When clicking it, we get the following screen:
Let's fill the boxes with 'yes' and click the send purchase request button.
It looks like we weren't fast enough. Let's automate it and see how it goes. We used selenium for it (https://www.selenium.dev/):
from selenium import webdriver
from selenium.webdriver.common.by import By
from selenium.webdriver.support import expected_conditions as EC
import time
from selenium.webdriver.support.wait import WebDriverWait
PATH = "C:\\Users\\DanielGrunberger\\Documents\\chromedriver.exe"
options = webdriver.ChromeOptions()
options.add_argument('ignore-certificate-errors')
while 1:
driver = webdriver.Chrome(PATH, chrome_options=options)
driver.get('https://electron.chal.intentsummit.org/start?id=1')
try:
element = WebDriverWait(driver, 2).until(
EC.presence_of_element_located((By.LINK_TEXT, "Buy limited edition product now !"))
)
element.click()
time.sleep(62)
element = WebDriverWait(driver, 2).until(
EC.presence_of_element_located((By.LINK_TEXT, "Purchase item"))
)
element.click()
driver.find_element(By.ID, "Do you like spicy potatoes ?").send_keys("y")
element = WebDriverWait(driver, 2).until(
EC.presence_of_element_located((By.ID, "loadmore1"))
)
element.click()
driver.find_element(By.ID, "Do you like sausages ?").send_keys("y")
print('found')
element = WebDriverWait(driver, 2).until(
EC.presence_of_element_located((By.ID, "loadmore2"))
)
element.click()
driver.find_element(By.ID, "Are you sure ?").send_keys("y")
element = WebDriverWait(driver, 10).until(
EC.presence_of_element_located((By.ID, "finalPush"))
)
element.click()
except Exception as e:
print(str(e))When running it we get the following:
So it looks like there is some kind of verification going on. Going back to the form we have to fill before sending a request to purchase the item, we see the following when inspecting the html:
We pasted this code in an online deobfuscation tool (https://lelinhtinh.github.io/de4js/). By going over the code, we can see the following function:
function _0x38e9() {
var _0x55c589 = ['366275BkYoYe', '_phantom', 'toString', '8397GweuEM', '__driver_evaluate', '14237487qDPfUq', 'value', 'length', 'callPhantom', 'getElementById', 'secret', '188xVLesg', 'innerWidth', '5216748uspaAr', '8593710WlSqic', '1439974rBFoXo', '__selenium_unwrapped', '6176850dZafPY', 'min', '$cdc', '16HVSowp', 'innerHeight', 'webdriver'];
_0x38e9 = function () {
return _0x55c589;
};
return _0x38e9();
}We see some words such as selenium, webdriver etc. After researching how websites can detect selenium, we found out that selenium uses predefined javascript variables, thus it is possible to detect it by looking for them. Most of these variables are on this list, so looks like this is the purpose of this function.
After trying different options that we saw, such as patching the chromedriver.exe so it will not include certain keywords and not getting any results, we came accross the following project: https://github.com/ultrafunkamsterdam/undetected-chromedriver
This project is all about selenium not getting detected by anti-bot services.
Let's install it with pip and change our script to use it:
from selenium import webdriver
from selenium.webdriver.common.by import By
from selenium.webdriver.support import expected_conditions as EC
import time
import random
from selenium.webdriver.support.wait import WebDriverWait
PATH = "/Users/aviv/Downloads/chromedriver"
import undetected_chromedriver.v2 as uc
while(1):
options = uc.ChromeOptions()
options.add_argument('ignore-certificate-errors')
driver = uc.Chrome(PATH, options=options)
driver.get('https://electron.chal.intentsummit.org/start?id=1')
try:
element = WebDriverWait(driver, 10).until(
EC.presence_of_element_located((By.LINK_TEXT, "Buy limited edition product now !"))
)
element.click()
element = driver.find_element(By.ID, "start_purchase")
WebDriverWait(driver, 80).until(
EC.text_to_be_present_in_element((By.ID, "time"), "00:00")
)
time.sleep(3)
element.click()
element = WebDriverWait(driver, 2).until(
EC.presence_of_element_located((By.ID, "Do you like spicy potatoes ?"))
)
element.clear()
element.send_keys("Yes")
element = WebDriverWait(driver, 2).until(
EC.presence_of_element_located((By.ID, "loadmore1"))
)
element.click()
element = WebDriverWait(driver, 2).until(
EC.presence_of_element_located((By.ID, "Do you like sausages ?"))
)
element.clear()
element.send_keys("Yes")
element = WebDriverWait(driver, 2).until(
EC.presence_of_element_located((By.ID, "loadmore2"))
)
element.click()
element = WebDriverWait(driver, 2).until(
EC.presence_of_element_located((By.ID, "Are you sure ?"))
)
element.clear()
element.send_keys("Yes")
element = WebDriverWait(driver, 10).until(
EC.presence_of_element_located((By.ID, "finalPush"))
)
element.click()
print('pass')
print(driver.page_source)
if "Sorry, bot are not allowed on our website" not in driver.page_source:
break
except:
print('fail')
driver.close()
raiseAnd we got the flag:
Flag: INTENT{F4SteR_Th4N_TH3_1IgHt}