API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Dec 2nd, 2017
77
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.69 KB | None | 0 0
raw download clone embed print report
  1.  
  2.  
  3. // Totally secure session generation routine
  4. var key = [7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7]; // Secure AES requires a strong, random key
  5. var iv = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15]; //Unique IV is required to randomise ciphertext
  6.  
  7. function build_token(username, password, time, seven, ip_address){
  8. var loginToken = {"username": username, "password": password, "token_issue_time": time, "the_number_seven": seven, "ip_address": ip_address};
  9. var json = JSON.stringify(loginToken);
  10. console.log("Createdd:")
  11. console.log(json)
  12. console.log("Createddssssss:")
  13. return json;
  14. }
  15.  
  16. function TotallySecureCrypto(token_data){
  17. var textBytes = aesjs.utils.utf8.toBytes(token_data);
  18. var aesCbc = new aesjs.ModeOfOperation.cbc(key, iv);
  19. var encryptedBytes = aesCbc.encrypt(aesjs.padding.pkcs7.pad(textBytes));
  20. var encryptedHex = aesjs.utils.hex.fromBytes(encryptedBytes);
  21. return encryptedHex;
  22. }
  23.  
  24. function backwards_crypto(crypt){
  25. var encBytes = aesjs.utils.hex.toBytes(crypt);
  26. var aesCbc = new aesjs.ModeOfOperation.cbc(key, iv);
  27. var decBytes = aesCbc.decrypt(encBytes);
  28. var text = stringFromUTF8Array(decBytes);
  29. return text;
  30. }
  31.  
  32.  
  33. function do_the_thing_backwards(){
  34. var crypted_data="19f30cc68b532b0cf035f14891da4ae75d0550027cfd0b60e0d4040dd2d570ac4c4625b10cb298cf16eac17cf04335a3f08a55bb69e3ee289b03aa0c1b5fc52cf98340d1c8961107d20a773c4494ddc80a4b34b67152db64d4b5456b1a11d257ca20adfa16ad629b5d8a0b9ac3dfe623d7feb80dc18cd5fc757d60473bd2614b";
  35. var token_data=backwards_crypto(crypted_data);
  36.  
  37. console.log("JSon:");
  38. console.log(token_data);
  39.  
  40. username=token_data["username"];
  41. password=token_data["password"];
  42.  
  43. var time = Math.round(+new Date()/1000);
  44.  
  45. var new_token_data = build_token("admin", "LolPassword123", time, 7, "13.3.3.7");
  46. console.log("===========NEWNEWNENWEN=====")
  47. console.log(new_token_data);
  48. console.log("================")
  49. var new_crypted_data = TotallySecureCrypto(token_data);
  50. var thing = "/login" + "?SecureToken=AES_128_0x"+new_crypted_data;
  51. console.log(thing);
  52. }
  53.  
  54. function do_the_thing(){
  55. var username = "admin"
  56. var password = "LolPassword123"
  57. console.log("Username: " + username);
  58. console.log("Password: " + password);
  59. var clients_ip_address = "13.3.3.7"; // Apparently it's p hard to get an ip from JS without callouts to web services... Oh well.. It's 7.7.7.7 now.
  60. var just_the_number_7 = 7;
  61. var time = Math.round(+new Date()/1000);
  62. var token_data = build_token(username, password, time, just_the_number_7, clients_ip_address);
  63. var crypted_data = TotallySecureCrypto(token_data);
  64. var URL = "/login" + "?SecureToken=AES_128_0x" + crypted_data;
  65. return URL;
  66. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!