Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // Totally secure session generation routine
- var key = [7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7]; // Secure AES requires a strong, random key
- var iv = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15]; //Unique IV is required to randomise ciphertext
- function build_token(username, password, time, seven, ip_address){
- var loginToken = {"username": username, "password": password, "token_issue_time": time, "the_number_seven": seven, "ip_address": ip_address};
- var json = JSON.stringify(loginToken);
- console.log("Createdd:")
- console.log(json)
- console.log("Createddssssss:")
- return json;
- }
- function TotallySecureCrypto(token_data){
- var textBytes = aesjs.utils.utf8.toBytes(token_data);
- var aesCbc = new aesjs.ModeOfOperation.cbc(key, iv);
- var encryptedBytes = aesCbc.encrypt(aesjs.padding.pkcs7.pad(textBytes));
- var encryptedHex = aesjs.utils.hex.fromBytes(encryptedBytes);
- return encryptedHex;
- }
- function backwards_crypto(crypt){
- var encBytes = aesjs.utils.hex.toBytes(crypt);
- var aesCbc = new aesjs.ModeOfOperation.cbc(key, iv);
- var decBytes = aesCbc.decrypt(encBytes);
- var text = stringFromUTF8Array(decBytes);
- return text;
- }
- function do_the_thing_backwards(){
- var crypted_data="19f30cc68b532b0cf035f14891da4ae75d0550027cfd0b60e0d4040dd2d570ac4c4625b10cb298cf16eac17cf04335a3f08a55bb69e3ee289b03aa0c1b5fc52cf98340d1c8961107d20a773c4494ddc80a4b34b67152db64d4b5456b1a11d257ca20adfa16ad629b5d8a0b9ac3dfe623d7feb80dc18cd5fc757d60473bd2614b";
- var token_data=backwards_crypto(crypted_data);
- console.log("JSon:");
- console.log(token_data);
- username=token_data["username"];
- password=token_data["password"];
- var time = Math.round(+new Date()/1000);
- var new_token_data = build_token("admin", "LolPassword123", time, 7, "13.3.3.7");
- console.log("===========NEWNEWNENWEN=====")
- console.log(new_token_data);
- console.log("================")
- var new_crypted_data = TotallySecureCrypto(token_data);
- var thing = "/login" + "?SecureToken=AES_128_0x"+new_crypted_data;
- console.log(thing);
- }
- function do_the_thing(){
- var username = "admin"
- var password = "LolPassword123"
- console.log("Username: " + username);
- console.log("Password: " + password);
- var clients_ip_address = "13.3.3.7"; // Apparently it's p hard to get an ip from JS without callouts to web services... Oh well.. It's 7.7.7.7 now.
- var just_the_number_7 = 7;
- var time = Math.round(+new Date()/1000);
- var token_data = build_token(username, password, time, just_the_number_7, clients_ip_address);
- var crypted_data = TotallySecureCrypto(token_data);
- var URL = "/login" + "?SecureToken=AES_128_0x" + crypted_data;
- return URL;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement