SHARE
TWEET

Untitled

a guest Dec 13th, 2016 107 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/env python
  2. '''
  3. Created on Oct 22, 2011
  4.  
  5. @author: arefaey
  6. '''
  7. from httplib2 import Http
  8. import hashlib
  9. import re
  10. from urllib.parse import urlencode
  11.  
  12. URL = 'http://10.200.50.1/login'
  13. output = 'D:\login.html'
  14. salt_pattern = '\\\\\d*'
  15. h = Http()
  16.  
  17. def truncate_file(file):
  18.     f = open(file, 'w+')
  19.     for line in f.readlines():
  20.         line = line.replace(line, '')
  21.         f.writelines(line)
  22.         f.flush()
  23.     print ('file: "%s" truncated' % f.name)
  24.    
  25. def extract_salt(file):
  26.     f = open(file, 'r')
  27.     li = ''
  28.     for line in f.readlines():
  29.         if line.find('hexMD5') != -1:
  30.             li = line
  31.             break
  32.     r = re.compile("\\\\\d*")
  33.     salt = r.findall(li)
  34.     if not salt:
  35.         print ('seems to be already logged in')
  36.         exit()
  37.     x = chr(int(salt[0][1:], 8))
  38.     rest = salt[1:]
  39.     y = ''.join(chr(int(d[1:], 8)) for d in rest)
  40.     return x, y
  41.  
  42. def login(username, password):
  43.     data = {'username':username, 'password':password, 'dst':'', 'popup':'true'}
  44.     payload = urlencode(data)
  45.     headers = {}
  46.     headers.update({'Content-Type':'application/x-www-form-urlencoded'})
  47.     response, _ = h.request(URL, method='POST', body=payload, headers=headers)
  48.     assert(response.status==200)
  49.     try:
  50.         response['set-cookie']
  51.         response['set-cookie']
  52.     except KeyError:
  53.         raise Exception('Login Failed')
  54.  
  55. def main():
  56.     import sys
  57.     argz = sys.argv[1:]
  58.     try:
  59.         username = argz[0]
  60.         password = argz[1]
  61.     except Exception:
  62.         print ('could not parse arguments\nusage: python main.py username password')
  63.         exit()
  64.     response, content = h.request(URL)
  65.     assert(response.status==200)
  66.     truncate_file(output)
  67.     f = open(output, 'w')
  68.     f.write(content.decode('utf-8'))
  69.     f.flush()
  70.     x, y = extract_salt(output)
  71.     salted = x + password + y
  72.     print ('salted password: %s' % salted)
  73.     hashed_password = hashlib.md5(salted)
  74.     hex_hash_password = hashed_password.hexdigest()
  75.     print ('hashed password: %s' % hex_hash_password)
  76.     login(username, hex_hash_password)
  77.     print ('Successfully logged in ;')
  78.    
  79. if __name__ == '__main__':
  80.     main()
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top