For a challenge, we have to code a script that can pull information from a web page and then use it to automate an action on that site. What I've chosen to try and do is code an IPB Forum Advertiser. The process is easy, but I can't seem to get it to work.

The Problem: so far I can't seem to get it to login and not sure what I'm doing wrong.

#!/usr/bin/perl
use LWP::UserAgent;
use HTTP::Cookies;
$host = @ARGV[0];
@badID = (1,2,3,4,5);
$arrSize = @badID;
$i = 2;

if (@ARGV < 1)
{
  print "\n\n [-] Specify a host";
  print "\n\n [!] Example: pm.pl http://www.sitename.com/path/\n\n";
  exit(0);
}
loginPrompt();
sub login($$)
{
  $browser = LWP::UserAgent->new(agent =>
        'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; T312461)' ,
  );
  $cookie_jar = HTTP::Cookies->new();
  $browser->cookie_jar($cookie_jar);

    $response = $browser->post( $host.'/index.php?act=Login&CODE=01',
       [ 'referer' => '',
         'UserName' =>$_[0],
         'PassWord'=>$_[1],
     'CookieDate' => '1',
     'Privacy' => '1',
         'submit'=>'Log me in' ]
       );
$content = $response->content;

if ($content =~ /<head>/gmi)
{print "\n[-] INCORRECT LOGIN\n"; loginPrompt()}
else{msgInfo()}
}
sub spam()
{
  for ($j = 0; $j <= $arrSize + 1; $j++)
  {
   if ($i > $uid){ print "\n\n

    * Spamming Completed\n"; exit(0) }

   if ($badID[$j] eq $i) { $i++; spam() }
  }

     sleep(15);

     $res = $browser->get("$host/index.php?act=Msg&CODE=4&MID=$i");
     $results = $res->content;
     if ($results =~ /name="post_key" value="([a-f0-9]{32})"(.*)/){$postkey = $1;}
     if ($results =~ /name="auth_key" value="([a-f0-9]{32})"(.*)/){$authkey = $2;}
     if ($results =~ /name="entered_name"(.*) value="(.*?)"(.*)/gmi){$name = $3;}

     $resp = $browser->post( "$host/index.php?act=msg",
        [ 'removeattachid'=> '0',
          'OID'=>'',
          'act'=>'Msg',
          'CODE'=>'04',
          'MODE'=>'01',
          'post_key'=> $postkey,
          'auth_key'=>$authkey,
      'entered_name'=>$name,
          'msg_title'=> $subj,
      'Post'=> $msg,
          'post'=>'Submit', Referer => $host ]
        );

    print "\n [!] Message Sent to: $name with SID $SID";

    if ($i > $uid){print "\n\n

    * Spamming Completed\n"; exit(0)}

    else{$i++;spam()}
}
sub loginPrompt()
{
  print "\nEnter your login name: ";
  chomp($id = <STDIN>);
  print "\nEnter your password: ";
  chomp($pass = <STDIN>);
  login($id, $pass);
}
sub msgInfo()
{
  print "\nEnter message subject: ";
  chomp($subj = <STDIN>);
  print "\nEnter your message: ";
  chomp($msg = <STDIN>);
  print "\nEnter highest uid: ";
  chomp($uid = <STDIN>);
  spam();
}

I nominate you for forum cross-poster of the month award. Thats three perl forums so far I have seen this same question posted on.

Y'know, that sorta looks less like a 'challenge' and more like an actual forum abuse script.

You're right. especially when "spamming complete" shows up at least twice in the code.

This article has been dead for over six months. Start a new discussion instead.