def post(self):
role = self.get_secure_cookie("role")
userid = self.get_secure_cookie("userid")
print("ols pswd", self.get_argument("old_pswd"))
input_old_pswd = get_md5(self.get_argument("old_pswd"))
input_new_pswd = get_md5(self.get_argument("new_pswd"))
print(userid)
cursor = util.con.cursor()
if role == b"student":
user_type = 2
elif role == b"teacher":
user_type = 1
elif role == b"admin":
user_type = 0
cursor.execute(
"select passwd from passwd where userid = %s and user_type = %s", (userid, user_type)
)
print(cursor.statement)
select_old_pswd = list(cursor)[0][0]
print(select_old_pswd, input_old_pswd)
if input_old_pswd != select_old_pswd:
self.write(
json.dumps({"result": "fail", "reason": "输入的旧密码错误,请重新输入"}, ensure_ascii=False)
)
return
mysql = "update passwd set passwd= %s where userid = %s"
cursor.execute(mysql, (input_new_pswd, userid))
util.con.commit()
cursor.close()
self.write(json.dumps({"result": "success"}))
def get_final_hash_local_dir(
config_data: dict,
manifest_cos_path: str,
mod_num: int,
):
'''
获取经过hash取模转换后的csv文件路径
'''
manifest_md5 = get_md5(os.path.split(manifest_cos_path)[0])
args_md5 = get_manifest_args_md5(**config_data)
final_path_md5 = get_md5(manifest_md5 + args_md5)
final_path_dir = os.path.join(tmp_folder, f'{PARTITION}_{mod_num}',
final_path_md5)
return final_path_dir
def register():
username = request.form.get('username')
password = request.form.get('password')
phone = request.form.get('phone')
if util.validate([username, password, phone]):
res = db.execute_query("select * from user where username=?",
(username, ))
if len(res) == 0:
# uid其实就是username的hash
uid = util.get_md5(username)
res = db.execute("insert into user values (?, ?, ?, ?, ?, ?, ?)",
(username, password, uid, phone, '', '', 0))
# 每个用户自己的单词表
res1 = db.execute(
"create table [" + uid + "_table]" + " (" + "word integer," +
"level integer)", ())
# res1 = True
if res and res1:
return {'status': 200, 'msg': '注册成功', 'uid': uid}
else:
return {'status': 404, 'msg': '未知错误'}
else:
return {'status': 404, 'msg': '用户已存在'}
else:
return {'status': 404, 'msg': '字段格式错误'}
def parse_cert(self, cert_fname):
input_bio = M2Crypto.BIO.MemoryBuffer(self.zip.read( cert_fname ))
p7 = M2Crypto.SMIME.PKCS7(M2Crypto.m2.pkcs7_read_bio_der(input_bio._ptr()), 1)
sk3 = p7.get0_signers(M2Crypto.X509.X509_Stack())
cert = sk3.pop()
self.cert_text = cert.as_text()
self.cert_md5 = util.get_md5(cert.as_der())
def get_manifest_args_md5(**kw):
'''
计算请求脚本运行参数的md5
'''
# * 下划线的参数作为参数,来计算hash
data = str({k: v for k, v in kw.items() if '_' in k})
return get_md5(data)
def get_file_infos(dir):
files = util.list_all_files(dir)
infos = []
for file in files:
relfile = os.path.relpath(file, dir)
md5 = util.get_md5(file)
size = os.path.getsize(file)
infos.append((relfile, size, md5))
return infos
def _encrypted_id(song_dfs_id):
byte1 = bytearray(b'3go8&$8*3*3h0k(2)2')
byte2 = bytearray(song_dfs_id.encode('utf-8'))
byte1_len = len(byte1)
for i in range(len(byte2)):
byte2[i] = byte2[i] ^ byte1[i % byte1_len]
result = base64.b64encode(util.get_md5(byte2)).decode('ascii')
result = result.replace('/', '_')
result = result.replace('+', '-')
return result
def login(self, username, password):
headers = Session.__BASE_HEADERS.copy()
post_data = {
'username': username,
'password': util.byte_array_to_str(util.get_md5(password)),
'rememberLogin': '******'
}
resp = requests.post(Session.__API_LOGIN_URL, data=post_data, headers=headers)
self.__profile = resp.json()['profile']
self.__csrf = resp.cookies['__csrf']
def test_postgresql_example():
from util import get_md5
with OpenPostgreSQLsshTunnel() as pport:
postgresql_example(port=pport)
csv_md5 = {'booking.csv': '90fd6d84b6234ff73acc5208995cf85e',
'contact.csv': 'b1d0f7c24d7ac5dfd70668c17c5e559d',
'hobby.csv': '0b3fbf0ef6bcec8f2c5c68cc111931fd',
'hobby_shadow.csv': 'a9919bc60b43b4fb092924ed1ad4df5a',
'person.csv': 'fcb0b9c85213e0999eff0b197931f624',
'person_hobby.csv': 'cb4bbd262f356c91d48d88009872f3c2',}
for fn_, md5 in csv_md5.items():
md5_ = get_md5(fn_)
assert md5_ == md5
def prase_movie_list(base_url, html, movie_list, large):
'''
解析列表页 返回 影片信息
:param base_url:
:param html:
:param movie_list:
:param large:
:return:
'''
pattern = re.compile('共\s*(\d+)\s*頁')
soup = BeautifulSoup(html, 'lxml')
li_list = soup.select('ul[class="ml waterfall cl"] li')
for li in li_list:
a = li.select('div[class="c cl"] a')[0]
movie_url = urljoin('http://www.52av.tv', a['href'])
image_url = a.select('img')[0]['src']
title = a['title']
span = li.select('div[class="auth cl"] span')
try:
issue_time = span[0]['title']
except:
content = li.select('div[class="auth cl"]')[0]
res = pattern.findall(content.text)
if len(res) > 0:
issue_time = res[0]
else:
issue_time = datetime.datetime.now().strftime('%Y-%m-%d')
movie_object_id = get_md5(movie_url)
image_path = 'None'
issue_time = datetime.datetime.strptime(issue_time, '%Y-%m-%d')
movie_list.append([title, movie_url, image_url, image_path, issue_time, movie_object_id])
if large:
large_num_label = soup.select('div[class="pg"] label span')
try:
if large_num_label:
large_num = large_num_label[0]['title']
large_result = pattern.findall(large_num)
if large_result:
return large_result[0]
else:
print('not found')
except IndexError:
print('未找到最大目录')
else:
return None
def generate_github_link(project_link, commit_hash, file_path_and_name):
"""Generate GitHub anchor tag that links to file in a commit.
Args:
project_link (str): A link to a projet on GitHub, e.g.:
https://github.com/github/linguist
commit_hash (str): Hash of git commit
file_path_and_name (str): File path in project and filename. The MD5
hash can be used as an anchor to jump to this section of a
multi-file commit on GitHub.
"""
#TODO: detect when inserting forward slashes is necessary and add as needed
#rather than assuming.
url = ("%s/commit/%s#diff-%s" %
(project_link, commit_hash, get_md5(file_path_and_name)))
return '<a href="%s">GitHub Link</a>' % url
def post(self):
jdatas = json.loads(self.request.body)
#device_mac = self.get_argument('mac', '')
#device_location = self.get_argument('location', '')
device_mac = jdatas['mac']
device_location = jdatas['location']
print device_mac,'location:',device_location
dev = Device()
dev.mac=get_md5(device_mac)
dev.location=device_location
if None == dev.get_device_by_mac(device_mac):
device_id = dev.create()
else:
device_id = dev.update_info()
print device_id
if not device_id:
self.write('fail')
return
self.write('ok')
def parse_mf (self, mf_raw):
self.mf_md5 = util.get_md5(mf_raw)
CURRENT_IS_OTHER, CURRENT_IS_AXML, CURRENT_IS_DEX, CURRENT_IS_ARSC = range(4)
current_file = CURRENT_IS_OTHER
for line in mf_raw.splitlines():
kv = line.rstrip().split(":")
if len(kv) < 2:
continue
if current_file == CURRENT_IS_AXML:
self.axml_digest_method = kv[0].strip()
self.axml_digest = kv[1].strip()
current_file = CURRENT_IS_OTHER
continue
elif current_file == CURRENT_IS_DEX:
self.dex_digest_method = kv[0].strip()
self.dex_digest = kv[1].strip()
current_file = CURRENT_IS_OTHER
continue
elif current_file == CURRENT_IS_ARSC:
self.arsc_digest_method = kv[0].strip()
self.arsc_digest = kv[1].strip()
current_file = CURRENT_IS_OTHER
continue
else:
pass
if kv[0].lower().strip() == "name":
fname = kv[1].lower().strip()
if fname == "classes.dex":
current_file = CURRENT_IS_DEX
elif fname == "resources.arsc":
current_file = CURRENT_IS_ARSC
elif fname == "androidmanifest.xml":
current_file = CURRENT_IS_AXML
else:
current_file = CURRENT_IS_OTHER
def prase_all_item(html, debug=False):
temp_session = requests.Session()
temp_session.headers = header
pattern = re.compile('(\d{4}-\d{1,2}-\d{1,2})')
soup = BeautifulSoup(html, 'lxml')
li_list = soup.select('ul[class="ml waterfall cl"] li')
for li in li_list:
a = li.select('div[class="c cl"] a')[0]
movie_url = urljoin('http://www.52av.tv', a['href'])
image_url = a.select('img')[0]['src']
title = a['title']
span = li.select('div[class="auth cl"] span')
try:
issue_time = span[0]['title']
except:
content = li.select('div[class="auth cl"]')[0]
res = pattern.findall(content.text)
if len(res) > 0:
issue_time = res[0]
else:
issue_time = datetime.datetime.now().strftime('%Y-%m-%d')
movie_object_id = get_md5(movie_url)
if query_from_sql(movie_object_id):
continue
image_path = download_image(image_url, movie_object_id)
if not image_path:
image_path = 'None'
try:
video_url = get_m3u8_url(temp_session, movie_url)
except:
video_url = None
if not video_url:
continue
if debug:
print('[*]', video_url)
issue_time = datetime.datetime.strptime(issue_time, '%Y-%m-%d')
parmars = (title, movie_url, image_url, image_path, issue_time,
movie_object_id, video_url)
insert_to_mysql(parmars)
def post(self, action):
role = self.get_secure_cookie("role")
if role != b"admin":
dump_err(self, "无权访问此接口")
if action == "list":
cursor = con.cursor()
cursor.execute("select * from {}".format(self.table_name))
print("list:", cursor.statement)
records = []
for data in cursor:
data_dict = {}
for ind in range(len(self.col_names)):
data_dict[self.col_names[ind]] = str(data[ind])
records.append(data_dict)
cursor.close()
print("list records", records)
result = {}
result["Result"] = "OK"
result["Records"] = records
print(json.dumps(result))
self.write(json.dumps(result))
return
if action == "create":
data = [self.get_argument(col_name) for col_name in self.col_names[1:]]
print("create paramaters", data)
cursor = con.cursor()
names = ""
for name in self.col_names[1:-1]:
names += name + ","
names += self.col_names[-1]
query = (
"insert into {} ("
+ names
+ ") values ("
+ "%s," * (len(self.col_names) - 2)
+ "%s"
+ ")"
).format(self.table_name)
cursor.execute(query, data)
print(cursor.statement)
new_id = cursor.lastrowid
""" 添加一个默认密码 """
sql = "insert into passwd values (%s, %s, %s, %s)"
if self.table_name == "teacher":
username = util.get_pinyin(data[0]) + data[9].split("-")[0][-2:]
else:
username = util.get_pinyin(data[0]) + data[6].split("-")[0][-2:]
cursor.execute(
sql, (username, util.get_md5(util.default_password), self.user_type, new_id),
)
print("insert passwd:", cursor.statement)
con.commit()
""" 如果学生,添加财务记录 """
if self.user_type == 2:
sql = "insert into finance values (%s, %s, %s)"
cursor.execute(sql, (new_id, 10000, 0))
con.commit()
print(list(cursor))
cursor.close()
result = {}
result["Result"] = "OK"
data.insert(0, new_id)
temp = {}
for ind in range(len(self.col_names)):
temp[self.col_names[ind]] = data[ind]
result["Record"] = temp
print(json.dumps(result))
self.write(json.dumps(result))
if action == "update":
data = [self.get_argument(col_name) for col_name in self.col_names]
print("update paramaters", data)
cursor = con.cursor()
query = "update {} set ".format(self.table_name)
for ind, col in enumerate(self.col_names[1:-1]):
query += col + "= %s,"
query += self.col_names[-1] + "= %s"
query += " where " + self.col_names[0] + "= '{}'".format(data[0])
cursor.execute(query, data[1:])
print("update: ", cursor.statement)
con.commit()
cursor.close()
result = {}
result["Result"] = "OK"
self.write(json.dumps(result))
if action == "delete":
key_value = self.get_argument(self.col_names[0])
print("delete param", key_value)
cursor = con.cursor()
# 从密码表中删除记录
sql = "delete from passwd where userid = %s and user_type = %s"
cursor.execute(sql, (key_value, self.user_type))
print(cursor.statement)
# 从财务表中删除记录
if self.user_type == 2:
sql = "delete from finance where studentid = %s"
cursor.execute(sql, (key_value,))
print(cursor.statement)
# 删除学生记录
query = ("delete from {} where " + self.col_names[0] + " = %s").format(self.table_name)
cursor.execute(query, [key_value])
print(cursor.statement)
con.commit()
cursor.close()
result = {}
result["Result"] = "OK"
self.write(json.dumps(result))
def test_analyze_gmail():
from util import get_md5
analyze_gmail('temp.mbox')
assert get_md5('email_addresses.txt') == '72f7ca8571da827f68a2114ad4d2fe9d'
def execute(self):
# Copiar datos de carpeta incoming a carpeta destino con integridad de datos
# Para verificar la integridad se cogera cada fichero y se le calculara el md5. Cuando se copie al destino se calculara
# tambien el md5 para verificar que la copia se ha realizado correctamente
Comandos.log.info('Copy files')
# Filtrar todos los ficheros que hay en incoming para quedarse solo con los que se necesitan copiar (estan en files)
incomingFiles = os.listdir(self.incomingFolder)
if self.files != None:
incomingFilesFiltered = list(
filter(lambda f: f in self.files, incomingFiles))
else:
incomingFilesFiltered = incomingFiles
# Si no hay ficheros que copiar el proceso ha finalizado
if len(incomingFilesFiltered) == 0:
Comandos.log.info('No files to process')
return
# Crear carpeta destino si no existe
util.create_folder_if_not_exist(self.destinationFolder)
# Copiar solo los ficheros filtrados
incomingFilesFullPath = list()
for file in incomingFilesFiltered:
incomingFile = self.incomingFolder + os.sep + file
shutil.copy2(incomingFile, self.destinationFolder)
Comandos.log.info('Copy file ' + incomingFile + ' to ' +
self.destinationFolder)
incomingFilesFullPath.append(incomingFile)
# Calcular el hash de cada fichero origen, de cada fichero destino y verificar que son el mismo para verificar integridad
# Recuperar los nombres de fichero originales
Comandos.log.info('Files: ' + str(incomingFilesFiltered))
# Lista donde se guardaran todos los ficheros pertenecientes al caso, todos con los mismos atributos CASE, ID y ALIAS
forensicCase = list()
for incomingFile in incomingFilesFullPath:
destinationFile = self.destinationFolder + os.sep + util.get_basename(
incomingFile)
md5IncomingFile = util.get_md5(incomingFile)
md5DestinationFile = util.get_md5(destinationFile)
if md5IncomingFile != md5DestinationFile:
Comandos.log.error('Error: integrity error file ' +
incomingFile)
print('Error: integrity error file ' + incomingFile)
return
# Recuperar datos del fichero copiado
dataFile = os.stat(destinationFile)
fileCase = model.FileCase(
caseName=self.caseName,
idCase=self.idCase,
alias=self.alias,
size=util.get_bytes_in_megabytes(dataFile.st_size),
fileName=util.get_basename(destinationFile),
hashMd5=md5DestinationFile,
# Fecha de creacion del fichero original
creationTime=util.format_date_time(
time.ctime(os.stat(incomingFile).st_ctime)),
# Fecha de creacion del fichero copiado
copyTime=util.format_date_time(time.ctime(dataFile.st_ctime)),
fileType=util.get_extension(destinationFile))
forensicCase.append(fileCase)
Comandos.log.debug('Copy files to destination finished')
# TODO se podran eliminar los antiguos una vez copiados?
Comandos.log.debug("Registers: " + pprint.pformat(forensicCase))
# Conectar a bbdd, creando la tabla "filecase" si no existe, y guardar todos los casos
Comandos.log.info('Inserting metadata in database: %s', forensicCase)
try:
model.db.connect()
model.db.create_table(model.FileCase, safe=True)
with model.db.transaction():
[fileCase.save(force_insert=True) for fileCase in forensicCase]
except:
Comandos.log.error('Database error, aborting operation')
return
finally:
model.db.close()
Comandos.log.info('Metadata inserted in database')
# Guardar los ficheros en un fichero de texto con campos separados por |
Comandos.log.info('Creating CSV file')
csv = [fileCase.get_text_format() for fileCase in forensicCase]
# Poner cada fichero del caso en una linea distinta y guardar en fichero
# El nombre de fichero sera la composicion de caso, id y alias y con extension csv
csvContent = util.join_list('\n', csv)
csvName = self.caseName + '_' + str(
self.idCase) + '_' + self.alias + '.csv'
csvFile = open(csvName, 'w')
csvFile.write(csvContent)
csvFile.close()
Comandos.log.info('CSV file created')
Comandos.log.info('Copy finished')
def __init__(self, filename, raw=False, domd5=True) :
"""
@param filename : specify the path of the file, or raw data
@param raw : specify (boolean) if the filename is a path or raw data
"""
self.filename = os.path.basename(filename)
self.file_md5 = ""
self.file_size = 0
self.xml = {}
self.package = ""
self.androidversion = {}
self.permissions = []
self.validAPK = False
if raw == True :
self.__raw = filename
else :
fd = open( filename, "rb" )
self.__raw = fd.read()
fd.close()
if domd5:
self.file_md5 = util.get_md5(self.__raw)
self.file_size = len(self.__raw)
if ZIPMODULE == 0 :
self.zip = ChilkatZip( self.__raw )
else :
self.zip = zipfile.ZipFile( StringIO.StringIO( self.__raw ) )
# CHECK if there is only one embedded file
#self._reload_apk()
reCert = re.compile(r"meta-inf(/|\\).*\.(rsa|dsa)")
reSF = re.compile(r"meta-inf(/|\\).*\.sf")
for i in self.zip.namelist() :
if i == "AndroidManifest.xml" :
decoded = AXMLPrinter( self.zip.read( i ) ).getBuff()
self.xml[i] = minidom.parseString(decoded )
self.package = self.xml[i].documentElement.getAttribute( "package" )
self.androidversion["Code"] = self.xml[i].documentElement.getAttribute( "android:versionCode" )
self.androidversion["Name"] = self.xml[i].documentElement.getAttribute( "android:versionName")
for item in self.xml[i].getElementsByTagName('uses-permission') :
try:
self.permissions.append( str( item.getAttribute("android:name") ) )
except UnicodeError:
pass
self.validAPK = True
if reCert.match(i.lower()):
self.parse_cert (i)
if reSF.match(i.lower()):
self.sf_md5 = util.get_md5( self.zip.read(i) )
if fnmatch.fnmatch(i.lower(), "meta-inf/manifest.mf"):
self.parse_mf ( self.zip.read(i) )
def post(self, action=None):
if action == "get_captcha":
image = ImageCaptcha()
data = image.generate("1234")
captcha = random.randint(1000, 9999)
ts = time.time()
image.write(
str(captcha),
os.path.join(os.path.dirname(__file__), "static/captcha/{}.png".format(ts)),
)
self.write(
json.dumps(
{
"status": "success",
"src": util.base_url + "/static/captcha/{}.png".format(ts),
"value": captcha,
}
)
)
return
username = self.get_argument("username")
passwd = self.get_argument("passwd")
next = self.get_argument("next")
print(next)
cursor = util.con.cursor()
query = "select passwd, user_type, userid from passwd where username = %s"
cursor.execute(query, (username,))
info = list(cursor)
print(cursor.lastrowid, cursor.statement)
cursor.close()
if len(info) != 1:
print("user dont exist")
self.write(
json.dumps({"status": "fail", "message": "用户名不正确,请重新尝试"}, ensure_ascii=False)
)
return
info = info[0]
print(info)
passwd = get_md5(passwd)
print(info[0], passwd)
if info[0] != passwd:
print("passwd not match, relogin")
self.write(
json.dumps({"status": "fail", "message": "用户名或密码错误,请重新尝试"}, ensure_ascii=False)
)
return
print("matched")
if info[1] == 0:
role = "admin"
elif info[1] == 1:
role = "teacher"
elif info[1] == 2:
role = "student"
else:
self.write_error(666, "role {} is not a valid role".format(info[1]))
print("login info ", info)
self.set_secure_cookie("userid", str(info[2]))
self.set_secure_cookie("role", role)
if next == "/login":
next = "/"
self.write(json.dumps({"status": "success", "next": next}, ensure_ascii=False))
def test_get_md5():
assert_equal('c4ca4238a0b923820dcc509a6f75849b', get_md5('1'))
def test_exversion():
exversion()
assert get_md5('temp.csv') == '3ace7624530bc31421e4090044a63cc5'
def check_diff(self, local, size, md5):
if not os.path.exists(local):
return True
if os.path.getsize(local) != size:
return True
return util.get_md5(local) != md5
