-
Notifications
You must be signed in to change notification settings - Fork 21
/
bsidesdfw_wiki_example.py
executable file
·101 lines (80 loc) · 3.17 KB
/
bsidesdfw_wiki_example.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
#!/usr/bin/env python
#
# Copyright (c) 2017, SafeBreach
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#
# 1. Redistributions of source code must retain the above
# copyright notice, this list of conditions and the following
# disclaimer.
#
# 2. Redistributions in binary form must reproduce the
# above copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided with
# the distribution.
#
# 3. Neither the name of the copyright holder
# nor the names of its contributors may be used to endorse or promote
# products derived from this software without specific prior written
# permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS
# AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
# IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
# ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
# GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
# IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
import sys
import urllib2
####################
# Global Variables #
####################
__version__ = "1.0"
__author__ = "Itzik Kotler"
__copyright__ = "Copyright 2017, SafeBreach"
##########
# Consts #
##########
TRIGGER_URL = 'https://en.wikipedia.org/w/index.php?title=Wikipedia:Sandbox&action=edit'
DATA_SRC_URL = 'https://www.yahoo.com'
#############
# Functions #
#############
def dl_page(url):
print "[*] Downloading '" + url + "' ...",
data = urllib2.urlopen(url).read()
print "%d bytes" % (len(data))
return data
def eval_data(data):
decoded_data = ''.join(map(chr, data))
print "DECODED DATA (%d bytes): %s" % (len(decoded_data), decoded_data)
def main():
triggers = [
("alpha", [-12, -68, -40, -29, -44, 52, 23, -3, -36, -68, 3, 1, 41, 38, -25, -22, 10, 56, 67, 54, 98]),
("beta", [-11, -78, -43, -21, -31, -37, -12, 48, 3, -51, -1, 16, 8, -7, -6, -60, -27, 72, 66, 61, 59, -23, 95])
]
signal_page = dl_page(TRIGGER_URL)
data_page = dl_page(DATA_SRC_URL)
print "[*] Looking for %d trigger(s) in '%s' HTTP Response ..." % (len(triggers), TRIGGER_URL)
for trigger in triggers:
if signal_page.find(trigger[0]) != -1:
print "[*] Found trigger '%s' !" % (trigger[0])
local_data = map(ord, data_page)
print "[*] Decoding Trigger Payload from '%s' HTTP Response ..." % (DATA_SRC_URL)
for byte_id in xrange(0, len(trigger[1])):
local_data[byte_id] -= trigger[1][byte_id]
eval_data(local_data[:len(trigger[1])])
###############
# Entry Point #
###############
if __name__ == "__main__":
sys.exit(main())