Пример #1
0
function attack_func($target_x, $target_y, $t1, $t3, $t6, $t7, $t8, $t11, $result, $target_player = "")
{
    global $server;
    $url = "http://{$server}/a2b.php";
    assert($t1 > 0 || $t1 == '');
    assert($t3 > 0 || $t3 == '');
    assert($t6 > 0 || $t6 == '');
    assert($t7 > 0 || $t7 == '');
    assert($t8 > 0 || $t8 == '');
    assert($t11 == 1 || $t11 == '');
    $hero_post_str = '';
    // onClick="document.snd.t11.value=1; return false;"
    if (preg_match('/on[cC]lick="document\\.snd\\.t11\\.value=1; return false;/', $result, $matches)) {
        // echo "Hero in home.\n";
        if ($t11 == '') {
            $hero_post_str = '&t11=';
        } else {
            $hero_post_str = '&t11=1';
        }
    }
    // <input type="hidden" name="timestamp" value="1252545240" />
    $ret = preg_match('/<input type="hidden" name="timestamp" value="([0-9]+)"/', $result, $matches);
    if (!$ret) {
        die("get timestamp failed.");
    }
    $timestamp = $matches[1];
    // <input type="hidden" name="timestamp_checksum" value="c831c6" />
    $ret = preg_match('/<input type="hidden" name="timestamp_checksum" value="([a-z0-9]+)"/', $result, $matches);
    if (!$ret) {
        die("get timestamp_checksum failed.");
    }
    $timestamp_checksum = $matches[1];
    // Post it
    // b=1&t1=1&t4=&t7=&t9=&t2=&t5=&t8=&t10=&t3=&t6=&c=3&dname=&x=-69&y=-2&s1.x=&s1.y=&s1=ok
    // b=1&t1=50&t4=&t7=&t9=&t2=&t5=&t8=&t10=&t3=&t6=&t11=1&c=3&dname=&x=-122&y=-45&s1.x=&s1.y=&s1=ok
    $postfields = 'timestamp=' . $timestamp . '&timestamp_checksum=' . $timestamp_checksum . '&b=1&t1=' . $t1 . '&t4=&t7=' . $t7 . '&t9=&t2=&t5=&t8=' . $t8 . '&t10=&t3=' . $t3 . '&t6=' . $t6 . $hero_post_str . '&c=3&dname=&x=' . $target_x . '&y=' . $target_y . '&s1.x=&s1.y=&s1=ok';
    echo $postfields . "\n";
    $ch = my_curl_init();
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
    curl_setopt($ch, CURLOPT_REFERER, $url);
    $result = curl_exec($ch);
    curl_close($ch);
    // Check if succeeded
    // "hidden" name="kid"
    $ret = preg_match('/"hidden" name="kid"/', $result, $matches);
    if ($ret) {
        // <input type="hidden" name="id" value="39">
        $ret = preg_match('/<input type="hidden" name="id" value="([0-9]+)"/', $result, $matches);
        if (!$ret) {
            die("get id failed.");
        }
        $id = $matches[1];
        // echo "id = " . $id . "\n";
        // <input type="hidden" name="a" value="46137">
        $ret = preg_match('/<input type="hidden" name="a" value="([0-9]+)"/', $result, $matches);
        if (!$ret) {
            die("get a failed.");
        }
        $a = $matches[1];
        // echo "a = " . $a . "\n";
        // <input type="hidden" name="c" value="3">
        $ret = preg_match('/<input type="hidden" name="c" value="([0-9]+)"/', $result, $matches);
        if (!$ret) {
            die("get c failed.");
        }
        $c = $matches[1];
        // echo "c = " . $c . "\n";
        // <input type="hidden" name="kid" value="356724">
        $ret = preg_match('/<input type="hidden" name="kid" value="([0-9]+)"/', $result, $matches);
        if (!$ret) {
            die("get kid failed.");
        }
        $kid = $matches[1];
        // echo "kid = " . $kid . "\n";
        // <input type="hidden" name="t1" value="10">
        $ret = preg_match('/<input type="hidden" name="t1" value="([0-9]+)"/', $result, $matches);
        if (!$ret) {
            die("get t1 failed.");
        }
        $t1 = $matches[1];
        // echo "t1 = " . $t1 . "\n";
        // <input type="hidden" name="t3" value="10">
        $ret = preg_match('/<input type="hidden" name="t3" value="([0-9]+)"/', $result, $matches);
        if (!$ret) {
            die("get t3 failed.");
        }
        $t3 = $matches[1];
        // echo "t3 = " . $t3 . "\n";
        // <input type="hidden" name="t6" value="10">
        $ret = preg_match('/<input type="hidden" name="t6" value="([0-9]+)"/', $result, $matches);
        if (!$ret) {
            die("get t6 failed.");
        }
        $t6 = $matches[1];
        // echo "t6 = " . $t6 . "\n";
        // <input type="hidden" name="t7" value="10">
        $ret = preg_match('/<input type="hidden" name="t7" value="([0-9]+)"/', $result, $matches);
        if (!$ret) {
            die("get t7 failed.");
        }
        $t7 = $matches[1];
        // echo "t7 = " . $t7 . "\n";
        // <input type="hidden" name="t8" value="10">
        $ret = preg_match('/<input type="hidden" name="t8" value="([0-9]+)"/', $result, $matches);
        if (!$ret) {
            die("get t8 failed.");
        }
        $t8 = $matches[1];
        // echo "t8 = " . $t8 . "\n";
        // <input type="hidden" name="t11" value="10">
        $ret = preg_match('/<input type="hidden" name="t11" value="([0-9]+)"/', $result, $matches);
        if (!$ret) {
            die("get t11 failed.");
        }
        $t11 = $matches[1];
        // echo "t11 = " . $t11 . "\n";
        // <input type="hidden" name="timestamp" value="1252545240" />
        $ret = preg_match('/<input type="hidden" name="timestamp" value="([0-9]+)"/', $result, $matches);
        if (!$ret) {
            die("get timestamp failed.");
        }
        $timestamp = $matches[1];
        // <input type="hidden" name="timestamp_checksum" value="c831c6" />
        $ret = preg_match('/<input type="hidden" name="timestamp_checksum" value="([a-z0-9]+)"/', $result, $matches);
        if (!$ret) {
            die("get timestamp_checksum failed.");
        }
        $timestamp_checksum = $matches[1];
        if ($target_player) {
            // <td class="s7"><a href="spieler.php?uid=11783">Vinsfeld</a></td></tr>
            $ret = preg_match('#<a href="spieler\\.php\\?uid=[0-9]+">([^<]+)</a></td>#', $result, $matches);
            if (!$ret) {
                die("get player failed.");
            }
            $player = $matches[1];
            if ($player != $target_player) {
                echo "Error: player changed.\n";
                $sql = "update `targets` set `invalid` = 1, `invalid_msg` = '名義変更' where x = " . $target_x . " and y = " . $target_y;
                if (!mysql_query($sql)) {
                    die(mysql_error());
                }
                return false;
            }
        }
        // id=39&a=5941&c=3&kid=322334&t1=1&t2=0&t3=0&t4=0&t5=0&t6=0&t7=0&t8=0&t9=0&t10=0&t11=0&s1.x=&s1.y=&s1=ok
        $postfields = 'timestamp=' . $timestamp . '&timestamp_checksum=' . $timestamp_checksum . '&id=' . $id . '&a=' . $a . '&c=' . $c . '&kid=' . $kid . '&t1=' . $t1 . '&t2=0&t3=' . $t3 . '&t4=0&t5=0&t6=' . $t6 . '&t7=' . $t7 . '&t8=' . $t8 . '&t9=0&t10=0' . '&t11=' . $t11 . '&s1.x=&s1.y=&s1=ok';
        echo $postfields . "\n";
        $ch = my_curl_init();
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
        curl_setopt($ch, CURLOPT_REFERER, $url);
        $result = curl_exec($ch);
        curl_close($ch);
        if (!$result) {
            die(curl_error($ch));
        }
        echo "Attacking (" . $target_x . " , " . $target_y . ")\n";
        return true;
    } else {
        echo "Error: no kid found.\n";
        handle_bad_target($result, $target_x, $target_y);
        return false;
    }
}
Пример #2
0
function attack_func($target_x, $target_y, $t1, $t3, $t6, $t7, $t8, $t11, $result)
{
    global $server;
    $url = "http://{$server}/a2b.php";
    assert($t1 > 0 || $t1 == '');
    assert($t3 > 0 || $t3 == '');
    assert($t6 > 0 || $t6 == '');
    assert($t7 > 0 || $t7 == '');
    assert($t8 > 0 || $t8 == '');
    assert($t11 == 1 || $t11 == '');
    $hero_post_str = '';
    // onClick="document.snd.t11.value=1; return false;"
    if (preg_match('/onClick="document\\.snd\\.t11\\.value=1; return false;/', $result, $matches)) {
        echo "Hero in home.\n";
        if ($t11 == '') {
            $hero_post_str = '&t11=';
        } else {
            $hero_post_str = '&t11=1';
        }
    }
    // Post it
    // b=1&t1=1&t4=&t7=&t9=&t2=&t5=&t8=&t10=&t3=&t6=&c=3&dname=&x=-69&y=-2&s1.x=&s1.y=&s1=ok
    // b=1&t1=50&t4=&t7=&t9=&t2=&t5=&t8=&t10=&t3=&t6=&t11=1&c=3&dname=&x=-122&y=-45&s1.x=&s1.y=&s1=ok
    $postfields = 'b=1&t1=' . $t1 . '&t4=&t7=' . $t7 . '&t9=&t2=&t5=&t8=' . $t8 . '&t10=&t3=' . $t3 . '&t6=' . $t6 . $hero_post_str . '&c=3&dname=&x=' . $target_x . '&y=' . $target_y . '&s1.x=&s1.y=&s1=ok';
    echo $postfields . "\n";
    $ch = my_curl_init();
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
    curl_setopt($ch, CURLOPT_REFERER, $url);
    $result = curl_exec($ch);
    curl_close($ch);
    // Check if succeeded
    // "hidden" name="kid"
    $ret = preg_match('/"hidden" name="kid"/', $result, $matches);
    if ($ret) {
        // <input type="hidden" name="id" value="39">
        $ret = preg_match('/<input type="hidden" name="id" value="([0-9]+)">/', $result, $matches);
        if (!$ret) {
            die("get id failed.");
        }
        $id = $matches[1];
        echo "id = " . $id . "\n";
        // <input type="hidden" name="a" value="46137">
        $ret = preg_match('/<input type="hidden" name="a" value="([0-9]+)">/', $result, $matches);
        if (!$ret) {
            die("get a failed.");
        }
        $a = $matches[1];
        echo "a = " . $a . "\n";
        // <input type="hidden" name="c" value="3">
        $ret = preg_match('/<input type="hidden" name="c" value="([0-9]+)">/', $result, $matches);
        if (!$ret) {
            die("get c failed.");
        }
        $c = $matches[1];
        echo "c = " . $c . "\n";
        // <input type="hidden" name="kid" value="356724">
        $ret = preg_match('/<input type="hidden" name="kid" value="([0-9]+)">/', $result, $matches);
        if (!$ret) {
            die("get kid failed.");
        }
        $kid = $matches[1];
        echo "kid = " . $kid . "\n";
        // <input type="hidden" name="t1" value="10">
        $ret = preg_match('/<input type="hidden" name="t1" value="([0-9]+)">/', $result, $matches);
        if (!$ret) {
            die("get t1 failed.");
        }
        $t1 = $matches[1];
        echo "t1 = " . $t1 . "\n";
        // <input type="hidden" name="t3" value="10">
        $ret = preg_match('/<input type="hidden" name="t3" value="([0-9]+)">/', $result, $matches);
        if (!$ret) {
            die("get t3 failed.");
        }
        $t3 = $matches[1];
        echo "t3 = " . $t3 . "\n";
        // <input type="hidden" name="t6" value="10">
        $ret = preg_match('/<input type="hidden" name="t6" value="([0-9]+)">/', $result, $matches);
        if (!$ret) {
            die("get t6 failed.");
        }
        $t6 = $matches[1];
        echo "t6 = " . $t6 . "\n";
        // <input type="hidden" name="t7" value="10">
        $ret = preg_match('/<input type="hidden" name="t7" value="([0-9]+)">/', $result, $matches);
        if (!$ret) {
            die("get t7 failed.");
        }
        $t7 = $matches[1];
        echo "t7 = " . $t7 . "\n";
        // <input type="hidden" name="t8" value="10">
        $ret = preg_match('/<input type="hidden" name="t8" value="([0-9]+)">/', $result, $matches);
        if (!$ret) {
            die("get t8 failed.");
        }
        $t8 = $matches[1];
        echo "t8 = " . $t8 . "\n";
        // <input type="hidden" name="t11" value="10">
        $ret = preg_match('/<input type="hidden" name="t11" value="([0-9]+)">/', $result, $matches);
        if (!$ret) {
            die("get t11 failed.");
        }
        $t11 = $matches[1];
        echo "t11 = " . $t11 . "\n";
        // id=39&a=5941&c=3&kid=322334&t1=1&t2=0&t3=0&t4=0&t5=0&t6=0&t7=0&t8=0&t9=0&t10=0&t11=0&s1.x=&s1.y=&s1=ok
        $postfields = 'id=' . $id . '&a=' . $a . '&c=' . $c . '&kid=' . $kid . '&t1=' . $t1 . '&t2=0&t3=' . $t3 . '&t4=0&t5=0&t6=' . $t6 . '&t7=' . $t7 . '&t8=' . $t8 . '&t9=0&t10=0' . '&t11=' . $t11 . '&s1.x=&s1.y=&s1=ok';
        echo $postfields . "\n";
        $ch = my_curl_init();
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
        curl_setopt($ch, CURLOPT_REFERER, $url);
        $result = curl_exec($ch);
        curl_close($ch);
        if (!$result) {
            die(curl_error($ch));
        }
        echo "attacking (" . $target_x . " , " . $target_y . ")\n";
        return true;
    } else {
        echo "Error: no kid found.\n";
        handle_bad_target($result, $target_x, $target_y);
        return false;
    }
}