Python Challenge [13]

Alright, one that doesn’t deal with images!

So, getting into the swing of how this whole process is going, I:

  • took a look at the page souce
  • saw an address (hey, it’s php, wonder where this is going…)
  • dropped it into the browser
  • got an error
  • went to google

The all-knowing Google consensus seemed to be that this is an xmlrpc error, let’s try taking a look at a search for ‘python xmlrpc’ – gee, there’s a library for that (blatant iCrap commercial rip-off).

The main functionality of the library is the ‘ServerProxy’ object and we should just have to figure out what to ship as arguments. There’s a function ‘system.listMethods()’ which should give us all the functions we can perform on the server.


import xmlrpclib
remote = xmlrpclib.Server('http://www.pythonchallenge.com/pc/phonebook.php')
remote.system.listMethods()

So we get back a ‘phone’ method, in addition to a set of system methods. To figure out what I need to do with phone, I ran it against the system help function.


remote.system.methodHelp('phone')

and it looks like we need someone’s name.

Unfortunately, this is where things get annoying as all hell.

So it turns out that if we keep going on the previous set of ‘evilx.jpg’ files, we find that evil4.jpg returns ‘Bert is evil! go back!’ in the source, in place of the image encoding. Gah!

Fine, let’s see what pitching ‘Bert’ as the argument gives us


server.phone['Bert']

Notably, this looks really interesting; it would seem that we can use this library to make calls to a remote php server and actually get it to do stuff and get returns back. I’m going to have to play around with this more in the future.