Created
September 10, 2023 04:08
-
-
Save btschwartz12/b2340248617571d93ab69d91566b8bc7 to your computer and use it in GitHub Desktop.
pygist ~ exploit govt website
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Here's what you do when your gf | |
# is really nervous about if she | |
# passed her nursing exam and the | |
# results update on a govt API | |
# with *amazing* CSRF and JWT security | |
import datetime | |
import json | |
import re | |
import subprocess | |
import smtplib | |
from email.mime.multipart import MIMEMultipart | |
from email.mime.text import MIMEText | |
import subprocess | |
import time | |
from apscheduler.schedulers.background import BackgroundScheduler | |
import openai | |
openai.organization = 'org-hahaahahahaaha | |
openai.api_key = 'sk-aahahhaahahaahahaha' | |
'''''' | |
def get_gpt_response(prompt): | |
question = str(prompt) | |
completion = openai.ChatCompletion.create( | |
model="gpt-4", | |
messages=[ | |
{"role": "user", "content": question}, | |
] | |
) | |
response = completion.choices[0].message | |
return str(response['content']) | |
def send_email(subject, body, to, gmail_user, gmail_pwd): | |
msg = MIMEMultipart() | |
msg['From'] = gmail_user | |
msg['To'] = to | |
msg['Subject'] = subject | |
msg.attach(MIMEText(body, 'plain')) | |
try: | |
server = smtplib.SMTP('smtp.gmail.com', 587) | |
server.ehlo() | |
server.starttls() | |
server.login(gmail_user, gmail_pwd) | |
text = msg.as_string() | |
server.sendmail(gmail_user, to, text) | |
server.close() | |
print('Email sent!') | |
except Exception as e: | |
print('Something went wrong...', e) | |
FROM_EMAIL = 'bob@gmail.com' | |
TO_EMAIL = 'bob@gmail.com' | |
PSWD = 'bruh' | |
def get_page(): | |
command = """ | |
curl 'https://elicense.ohio.gov/oh_verifylicense' \ | |
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' \ | |
-H 'Accept-Language: en-US,en;q=0.9' \ | |
-H 'Cache-Control: max-age=0' \ | |
-H 'Connection: keep-alive' \ | |
-H 'Cookie: CookieConsentPolicy=0:1; LSKey-c$CookieConsentPolicy=0:1; _ga=GA1.2.814848421.1687610286; _gid=GA1.2.1997968737.1687610286; pctrk=82c50902-6182-4b50-9930-b00a364b4cf5; _ga_EFQW5Q4E60=GS1.2.1687610286.1.1.1687612633.0.0.0' \ | |
-H 'Sec-Fetch-Dest: document' \ | |
-H 'Sec-Fetch-Mode: navigate' \ | |
-H 'Sec-Fetch-Site: none' \ | |
-H 'Sec-Fetch-User: ?1' \ | |
-H 'Upgrade-Insecure-Requests: 1' \ | |
-H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36' \ | |
-H 'sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"' \ | |
-H 'sec-ch-ua-mobile: ?0' \ | |
-H 'sec-ch-ua-platform: "macOS"' \ | |
--compressed | |
""" | |
process = subprocess.Popen(command, stdout=subprocess.PIPE, shell=True) | |
output, error = process.communicate() | |
output = output.decode("utf-8") | |
auth_regex = r'"authorization":"(.*?)"' | |
csrf_regex = r'"csrf":"(.*?)"' | |
auth_tokens = re.findall(auth_regex, output) | |
csrf_tokens = re.findall(csrf_regex, output) | |
# print("Authorization tokens:", auth_tokens) | |
# print("CSRF tokens:", csrf_tokens) | |
return auth_tokens, csrf_tokens | |
def job(): | |
auth_tokens, csrf_tokens = get_page() | |
command = ''' | |
curl 'https://elicense.ohio.gov/apexremote' \ | |
-H 'Accept: */*' \ | |
-H 'Accept-Language: en-US,en;q=0.9' \ | |
-H 'Connection: keep-alive' \ | |
-H 'Content-Type: application/json' \ | |
-H 'Cookie: CookieConsentPolicy=0:1; LSKey-c$CookieConsentPolicy=0:1; _ga=GA1.2.814848421.1687610286; _gid=GA1.2.1997968737.1687610286; pctrk=82c50902-6182-4b50-9930-b00a364b4cf5; _ga_EFQW5Q4E60=GS1.2.1687610286.1.1.1687614856.0.0.0' \ | |
-H 'Origin: https://elicense.ohio.gov' \ | |
-H 'Referer: https://elicense.ohio.gov/oh_verifylicense' \ | |
-H 'Sec-Fetch-Dest: empty' \ | |
-H 'Sec-Fetch-Mode: cors' \ | |
-H 'Sec-Fetch-Site: same-origin' \ | |
-H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36' \ | |
-H 'X-Requested-With: XMLHttpRequest' \ | |
-H 'X-User-Agent: Visualforce-Remoting' \ | |
-H 'sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"' \ | |
-H 'sec-ch-ua-mobile: ?0' \ | |
-H 'sec-ch-ua-platform: "macOS"' \ | |
--data-raw '[{"action":"OH_VerifyLicenseCtlr","method":"fetchmetadata","data":["Nursing Board",""],"type":"rpc","tid":6,"ctx":{"csrf":"''' + csrf_tokens[0] + '''","vid":"066t0000000L0A9","ns":"","ver":41,"authorization":"''' + auth_tokens[0] + '''"}},{"action":"OH_VerifyLicenseCtlr","method":"findLicensesForOwner","data":[{"firstName":"","lastName":"srp","middleName":"","contactAlias":"","board":"Nursing Board","licenseType":"","licenseNumber":"","city":"","state":"none","county":"","businessBoard":"","businessLicenseType":"_\u0001_","businessLicenseNumber":"","businessCity":"","businessState":"none","businessCounty":"","businessName":"","dbafileld":"","searchType":"individual"}],"type":"rpc","tid":7,"ctx":{"csrf":"''' + csrf_tokens[2] + '''","vid":"066t0000000L0A9","ns":"","ver":41,"authorization":"''' + auth_tokens[2] + '''"}}]' \ | |
--compressed | |
''' | |
process = subprocess.Popen(command, stdout=subprocess.PIPE, shell=True) | |
output, error = process.communicate() | |
if error: | |
print(error) | |
send_email("License Status: whoops", "It broke", FROM_EMAIL, TO_EMAIL, PSWD) | |
try: | |
data = output.decode() | |
data = json.loads(data) | |
data = data[1]['result']['v'] | |
delanie = {} | |
for nurse in data: | |
if nurse['Applicant'] == "Srp , Delanie Nicole": | |
delanie = nurse | |
break | |
licence_ = delanie['license']['v'] | |
now = datetime.datetime.now() | |
# store the current date and time of day EST in a string | |
now_str = now.strftime("%m/%d/%Y, %H:%M:%S") | |
data = { | |
'time': now_str, | |
'status': licence_['MUSW__Status__c'], | |
'sub_status': licence_['Sub_Status__c'], | |
} | |
prompt = f"""The current time is: {data['time']}. | |
Your job is to be the messenger of the current status of Delanie's exam status. | |
First, say what the current time is. | |
The current status is: {data['status']}. In review means that it has not been posted. | |
If it has not been posted, tell her that her exam score is not ready, and she will have to wait | |
to find out if she can be a nurse or not. To compensate for the lack of good news, tell her a short | |
story about a dog named Rowdy and a dog named Finn being best buds. | |
If the status is Active, tell her that she is a nurse and that she can now go to work. Be extremely nice and talk about | |
how she is the smartest person ever and will be the best nurse ever. Be very excited and tell her that you are proud of her. | |
Remember, Delanie is going to see your response directly so do not make it seem like you are following a script, | |
be genuine and be yourself. | |
Go ahead with your response, it should be at least 150 words long. Make sure to mention the current time | |
""" | |
body = get_gpt_response(prompt) | |
print(body) | |
send_email("Licence Status: Dee Sorp", body, FROM_EMAIL, TO_EMAIL, PSWD) | |
except Exception as e: | |
print(e) | |
send_email("License Status: whoops", "It broke 2", FROM_EMAIL, TO_EMAIL, PSWD) | |
scheduler = BackgroundScheduler() | |
scheduler.add_job(job, 'interval', minutes=60) | |
scheduler.start() | |
# This is here to simulate application activity (which keeps the main thread alive). | |
try: | |
while True: | |
time.sleep(2) | |
except (KeyboardInterrupt, SystemExit): | |
scheduler.shutdown() | |
# job() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment