confirm_team 3v3 "TRF Leadership"

add team 1v1 DanWL 9522268564 3

Edited 1/31/2016 10:07:28

add_team 1v1 MrDecoder 8648068684 1

add_team 1v1 Karlson 218342297 1

add_team 1v1 Fareck 4621591529 1

add_team 1v1 xXOmegaXx 6137608633 2

can`t you only add teams with your own account?

Maybe he has special premission from knyte, or because he's a clan leader?

Ox was given admin rights to do so with any CORP accounts.

He did so to several clans, as far as I'm aware. I can do that to wolves too :p

set_limit 1v1 日本77 3

Edited 1/31/2016 19:53:01

rename_team 1v1 MS M.S.

(Because when I command+F on the 1v1 games I get King Jums too :/)

grant_privileges clan=70 leagues=ALL methods=[add_team] 8638136582

Now you can, Zeph. :P

add_team 3v3 KFC 218342297 4621591529 5015879452 1

set_limit 1v1 Fareck 2

add_team 1v1 Gines 1540523955 2

You have to be a bit more clever. I mean, you already know my methods- it shouldn't be tough at all to think of potential bugs beyond just trying to impersonate me when it's already pretty clear (given the need for confirm_team) that kAT does take into account the person using the command.

You just have to guess how it does that (knowing exactly which tools I use) and see if you can get past it. Good luck!

Well, I noticed in the controls tab(Why aren't you hiding this somewhere else, or atleast make it not visible to others?) that for admin, it accepts the argument from Knyte's account #.
So to obtain admin, I have to figure out how to make it believe I am knyte. Considering the fact that it's probably pulling from the poster's id, I guess you have to hack warlight, but anyway here I got at it.

OP_MAKEADMIN(2249043184)
grant_privileges clan=70 leagues=ALL methods=[add_team] 4328709837

If this works, knyte go take a security course srsly.

@japan77:

the Controls sheet is open because it doesn't expose anything worthwhile beyond just some instructions that kAT follows (but not how kAT enforces/follows those rules). The entire idea of IPL/the CSL framework is to push openness and community ownership in the Warlight ladder system, so the only hidden sheets are the ones that only exist for graph purposes or because Google Sheets doesn't make iteration easy (and they're all IPL-specific).

IPL is an open standard, so I keep things open.

As for your attempt- nope... I'm not sure why you'd think it would work that way.

I mean, to be clear, here's the Python libraries kAT uses:

- gspread (to communicate with spreadsheets)
- requests (to pull data from the forum thread)
- BeautifulSoup (to parse that data)
- string (because some things I'm handling with straight up string processing)

If you think about that (and maybe look into what the libraries do- especially requests and BeautifulSoup), you'll come up with some better attempts at user impersonation. Feel free to test them out!

Here's an example of something that could have worked earlier:

</table>


<div id="PreviewDiv_508905"></div>



<div id="FormattingGuide_508905" style="display: none">
<br /><br />
Formatting Guide:


<ul>
<li>You can make text italics, or bold.</li>
<li>Links are automatically made clickable.</li>
<li>Inline images like this: </li>
<li>You can indicate text is a quote like this:

This is a quote.

</li>
<li>Make a divider line with

---

</li>
<li>Surround pre-formatted text with

...

</li>
<li>You can make a bulleted list with

...

and precede each line with

</li>
</ul>
</div>

<table cellspacing="0" class="region" style="padding-bottom:15px; width: 100%; max-width: 900px">
<tr>
<th colspan="2" style="text-align:right"><font color="#CCCCCC">Infinity Premier League</font>: 1/31/2016 23:38:51</th>
</tr>
<tr style="height: 100px">
<td width="90" valign="top">
<br>


<a href="/Clans/?ID=70" title="The Lost Wolves"><img border="0" style="vertical-align: middle" src="https://d32kaghj56y4ei.cloudfront.net/Data/Clans/70/Icon/242175108.png" /></a>
<a href="/Profile?p=3022124041">japan77</a>
<br />
Level 51








</td>
<td style="text-align:left">
<div style="display:block; width: 100%; max-width: 781px; overflow-x: auto" id="PostForDisplay_508907">
grant_privileges clan=70 leagues=ALL methods=[add_team] 4328709837


</div>



</td>
</tr>

</table>

Edited 2/1/2016 04:51:37

Well, I thought the bot would accept any command with an input, and sort of assumed that you failed to put in any checks for grabbing admin, precisely why I added that last line.

Aaaah! Python(I don't like that language, I don't understand why tupling is so important, and why it kills as many programs as it solves, so I never got past basic coding with it.)

I'll give it a shot when I get actual time to learn python and understand what those libraries do(You can expect an attempt around President's day and then sometime in March).

I guess I'm going to also have to pickup HTML along the way.

Edited 2/1/2016 04:58:10

The language doesn't matter; just think about how I'd be handling the output of a GET request (which would be the HTML source code for the page) and parsing authors and their comments.

WOW, semice didn't you read my post above?
I assumed extreme security flaws, which would be necessary for that to work, Also would have to a program that accepted all commands.
Also, I'm an idiot, it took me 5 minutes to understand what each portion of the second line actually did.

The funniest part is that the grant_privileges command doesn't actually exist (yet) in kAT. Right now, it's actually just hardcoded into the bot itself in a file called styleGuidelines.py.

(I'm getting around to a bunch of stuff and kAT's priority went down since I want to automate the sheet first).