-
Notifications
You must be signed in to change notification settings - Fork 15
/
mtlogin.py
executable file
·80 lines (73 loc) · 2.06 KB
/
mtlogin.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
#!/usr/bin/env python
'''
Created on Oct 22, 2011
@author: arefaey
'''
from httplib2 import Http
from md5 import md5
import re
from urllib import urlencode
URL = 'http://10.0.0.2/login'
output = '/tmp/login.html'
salt_pattern = '\\\\\d*'
h = Http()
def truncate_file(file):
f = open(file, 'w+')
for line in f.readlines():
line = line.replace(line, '')
f.writelines(line)
f.flush()
print 'file: "%s" truncated' % f.name
def extract_salt(file):
f = open(file, 'r')
li = ''
for line in f.readlines():
if line.find('hexMD5') != -1:
li = line
break
r = re.compile("\\\\\d*")
salt = r.findall(li)
if not salt:
print 'seems to be already logged in'
exit()
x = chr(int(salt[0][1:], 8))
rest = salt[1:]
y = ''.join(chr(int(d[1:], 8)) for d in rest)
return x, y
def login(username, password):
data = {'username':username, 'password':password, 'dst':'', 'popup':'true'}
payload = urlencode(data)
headers = {}
headers.update({'Content-Type':'application/x-www-form-urlencoded'})
response, _ = h.request(URL, method='POST', body=payload, headers=headers)
assert(response.status==200)
try:
response['set-cookie']
response['set-cookie']
except KeyError:
raise Exception('Login Failed')
def main():
import sys
argz = sys.argv[1:]
try:
username = argz[0]
password = argz[1]
except Exception:
print 'could not parse arguments\nusage: python main.py username password'
exit()
response, content = h.request(URL)
assert(response.status==200)
truncate_file(output)
f = open(output, 'w')
f.write(content)
f.flush()
x, y = extract_salt(output)
salted = x + password + y
print 'salted password: %s' % salted
hashed_password = md5(salted)
hex_hash_password = hashed_password.hexdigest()
print 'hashed password: %s' % hex_hash_password
login(username, hex_hash_password)
print 'Successfully logged in ;)'
if __name__ == '__main__':
main()