Skip to content

Instantly share code, notes, and snippets.

@cinek810

cinek810/accountUnlocker.java

Last active October 9, 2017 18:31
Show Gist options
  • Save cinek810/5628377a5dc660d34fca1ea14d335744 to your computer and use it in GitHub Desktop.
Save cinek810/5628377a5dc660d34fca1ea14d335744 to your computer and use it in GitHub Desktop.
Download ZIP
accountUnlocker - 1st version/notes
Raw
accountUnlocker.java
package accountUnlocker;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import org.apache.hc.client5.http.entity.UrlEncodedFormEntity;
import org.apache.hc.client5.http.impl.sync.BasicResponseHandler;
import org.apache.hc.client5.http.impl.sync.CloseableHttpClient;
import org.apache.hc.client5.http.impl.sync.CloseableHttpResponse;
import org.apache.hc.client5.http.impl.sync.HttpClients;
import org.apache.hc.client5.http.sync.methods.HttpGet;
import org.apache.hc.client5.http.sync.methods.HttpPost;
import org.apache.hc.core5.http.Header;
import org.apache.hc.core5.http.HttpException;
import org.apache.hc.core5.http.NameValuePair;
import org.apache.hc.core5.http.io.ResponseHandler;
import org.apache.hc.core5.http.message.BasicNameValuePair;
import org.jsoup.Jsoup;
import org.jsoup.nodes.Document;
import org.jsoup.nodes.Element;
public class accountUnlocker {
static Element viewState;
static Element eventValidation;
static CloseableHttpClient client;
static ResponseHandler<String> handler=new BasicResponseHandler();
static final String pageURL="https://company-webpage/reset/Reset.aspx";
public static void showViewState() {
System.out.println(viewState.val());
}
public static void getFirstPage() throws IOException, HttpException
{
HttpGet getPage = new HttpGet(pageURL);
getPage.setHeader("User-Agent","Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:55.0) Gecko/20100101 Firefox/55.0");
getPage.addHeader("Host","pwreset.delphi.com");
getPage.addHeader("Accept-Encoding","gzip, deflate, br");
getPage.addHeader("Accept","text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8");
CloseableHttpResponse response=client.execute(getPage);
System.out.println(response);
String body=handler.handleResponse(response);
Document doc=Jsoup.parse(body);
viewState=doc.getElementById("__VIEWSTATE");
eventValidation=doc.getElementById("__EVENTVALIDATION");
}
public static String sendReply(String myKey, String value,String button) throws HttpException, IOException
{
HttpPost answerQuestion=new HttpPost(pageURL);
answerQuestion.addHeader("Accept-Encoding","gzip, deflate");
List <NameValuePair> nvps3 = new ArrayList <NameValuePair>();
nvps3.add(new BasicNameValuePair("__VIEWSTATE", viewState.val()));
nvps3.add(new BasicNameValuePair("__EVENTVALIDATION", eventValidation.val()));
nvps3.add(new BasicNameValuePair("ctl00$ScriptManager1","ctl00$UpdatePanel1|ctl00$ContentPlaceHolder1$ResetWizard$StepNavigationTemplateContainerID$StepNextButton"));
nvps3.add(new BasicNameValuePair(myKey,value));
nvps3.add(new BasicNameValuePair("ctl00$ContentPlaceHolder1$ResetWizard$StepNavigationTemplateContainerID$StepNextButton",button));
answerQuestion.setEntity(new UrlEncodedFormEntity(nvps3));
CloseableHttpResponse response = null;
try {
response = client.execute(answerQuestion);
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
String body=handler.handleResponse(response);
Document doc=Jsoup.parse(body);
viewState=doc.getElementById("__VIEWSTATE");
eventValidation=doc.getElementById("__EVENTVALIDATION");
return body;
}
public static String answerQuestion(String ans) throws HttpException, IOException
{
HttpPost answerQuestion=new HttpPost(pageURL);
answerQuestion.addHeader("Accept-Encoding","gzip, deflate");
List <NameValuePair> nvps3 = new ArrayList <NameValuePair>();
nvps3.add(new BasicNameValuePair("__VIEWSTATE", viewState.val()));
nvps3.add(new BasicNameValuePair("__EVENTVALIDATION", eventValidation.val()));
nvps3.add(new BasicNameValuePair("ctl00$ScriptManager1","ctl00$UpdatePanel1|ctl00$ContentPlaceHolder1$ResetWizard$StepNavigationTemplateContainerID$StepNextButton"));
nvps3.add(new BasicNameValuePair("ctl00$ContentPlaceHolder1$ResetWizard$QuestionAnswerTextBox",ans));
nvps3.add(new BasicNameValuePair("ctl00$ContentPlaceHolder1$ResetWizard$StepNavigationTemplateContainerID$StepNextButton","Dalej"));
answerQuestion.setEntity(new UrlEncodedFormEntity(nvps3));
CloseableHttpResponse response = null;
try {
response = client.execute(answerQuestion);
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
String body=handler.handleResponse(response);
Document doc=Jsoup.parse(body);
viewState=doc.getElementById("__VIEWSTATE");
eventValidation=doc.getElementById("__EVENTVALIDATION");
return body;
}
public static void main(String[] args)
{
client = HttpClients.createDefault();
// HttpGet httpGet =new HttpGet("https://pwreset.delphi.com/specopspassword/reset/Reset.aspx");
// httpGet.setHeader("User-Agent","Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:55.0) Gecko/20100101 Firefox/55.0");
// httpGet.addHeader("Host","pwreset.delphi.com");
// httpGet.addHeader("Accept-Encoding","gzip, deflate, br");
// httpGet.addHeader("Accept","text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8");
CloseableHttpResponse response1;
try {
//response1 = client.execute(httpGet);
// Header[] requestHeaders=httpGet.getAllHeaders();
// for (Header one: requestHeaders) {
// System.out.println(one.toString());
// }
// System.out.println(httpGet.toString());
//
// System.out.println(response1.toString());
// handler = new BasicResponseHandler();
// String body = handler.handleResponse(response1);
//Header[] cookie = response1.getHeaders("Set-Cookie");
// System.out.println(response1.getCode());
// Document doc=Jsoup.parse(body);
// viewState=doc.getElementById("__VIEWSTATE");
// eventValidation=doc.getElementById("__EVENTVALIDATION");
// Element ctl00$ScriptManager1=doc.getElementById("ctl00$ScriptManager1");
getFirstPage();
System.out.println(viewState.val());
System.out.println(eventValidation.val());
HttpPost zeroQuestion = new HttpPost("https://pwreset.delphi.com/specopspassword/reset/Reset.aspx");
//suprisingly cookie is not required..
//zeroQuestion.setHeader(cookie[0]);
//zeroQuestion.addHeader("User-Agent","Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:55.0) Gecko/20100101 Firefox/55.0");
//Host is not needed in my case
//zeroQuestion.addHeader("Host","pwreset.delphi.com");
zeroQuestion.addHeader("Accept-Encoding","gzip, deflate, br");
//zeroQuestion.addHeader("Accept","*/*");
//not needed in my case
//zeroQuestion.addHeader("Referer","https://pwreset.delphi.com/specopspassword/reset/Reset.aspx?");
//zeroQuestion.addHeader("Content-Type","application/x-www-form-urlencoded; charset=utf-8");
//This is probably not needed in my case
// zeroQuestion.addHeader("X-Requested-With", "XMLHttpRequest");
//If we send either this header or __ASYNCPOST variable in payload we get delta instead of full HTML
// zeroQuestion.addHeader("X-MicrosoftAjax","Delta=true");
List <NameValuePair> nvps = new ArrayList <NameValuePair>();
nvps.add(new BasicNameValuePair("ctl00$ContentPlaceHolder1$ResetWizard$UserNameTextBox", "NETID"));
nvps.add(new BasicNameValuePair("ctl00$ContentPlaceHolder1$ResetWizard$LogonDomainDropList","DOMAIN"));
nvps.add(new BasicNameValuePair("__VIEWSTATE", viewState.val()));
nvps.add(new BasicNameValuePair("__EVENTVALIDATION",eventValidation.val()));
//Not important...?
//nvps.add(new BasicNameValuePair("ctl00$ScriptManager1","ctl00$UpdatePanel1|ctl00$ContentPlaceHolder1$ResetWizard$StartNavigationTemplateContainerID$StartNextButton"));
//Works without this variable
//nvps.add(new BasicNameValuePair("ctl00$ContentPlaceHolder1$ResetWizard$LanguageDropDown","pl"));
//Without __ASYNCPOST server reply with full HTML instead of delta
// nvps.add(new BasicNameValuePair("__ASYNCPOST","true"));
nvps.add(new BasicNameValuePair("ctl00$ContentPlaceHolder1$ResetWizard$StartNavigationTemplateContainerID$StartNextButton","Dalej"));
zeroQuestion.setEntity(new UrlEncodedFormEntity(nvps));
response1 = client.execute(zeroQuestion);
String body = handler.handleResponse(response1);
//System.out.println(body);
Document doc=Jsoup.parse(body);
viewState=doc.getElementById("__VIEWSTATE");
eventValidation=doc.getElementById("__EVENTVALIDATION");
/*
HttpPost secondQuestion=new HttpPost("https://pwreset.delphi.com/specopspassword/reset/Reset.aspx");
secondQuestion.addHeader("Accept-Encoding","gzip, deflate, br");
//secondQuestion.setHeader(cookie[0]);
List <NameValuePair> nvps2 = new ArrayList <NameValuePair>();
nvps2.add(new BasicNameValuePair("__VIEWSTATE", viewState.val()));
nvps2.add(new BasicNameValuePair("__EVENTVALIDATION", eventValidation.val()));
nvps2.add(new BasicNameValuePair("ctl00$ScriptManager1","ctl00$UpdatePanel1|ctl00$ContentPlaceHolder1$ResetWizard$StepNavigationTemplateContainerID$StepNextButton"));
nvps2.add(new BasicNameValuePair("ctl00$ContentPlaceHolder1$ResetWizard$QuestionAnswerTextBox","kamiennagora"));
nvps2.add(new BasicNameValuePair("ctl00$ContentPlaceHolder1$ResetWizard$StepNavigationTemplateContainerID$StepNextButton","Dalej"));
//nvps2.add(new BasicNameValuePair("__ASYNCPOST","true"));
secondQuestion.setEntity(new UrlEncodedFormEntity(nvps2));
response1 = client.execute(secondQuestion);
body=handler.handleResponse(response1);
*/
/*
doc=Jsoup.parse(body);
viewState=doc.getElementById("__VIEWSTATE");
eventValidation=doc.getElementById("__EVENTVALIDATION");
HttpPost thirdQuestion=new HttpPost("https://pwreset.delphi.com/specopspassword/reset/Reset.aspx");
thirdQuestion.addHeader("Accept-Encoding","gzip, deflate");
List <NameValuePair> nvps3 = new ArrayList <NameValuePair>();
nvps3.add(new BasicNameValuePair("__VIEWSTATE", viewState.val()));
nvps3.add(new BasicNameValuePair("__EVENTVALIDATION", eventValidation.val()));
nvps3.add(new BasicNameValuePair("ctl00$ScriptManager1","ctl00$UpdatePanel1|ctl00$ContentPlaceHolder1$ResetWizard$StepNavigationTemplateContainerID$StepNextButton"));
nvps3.add(new BasicNameValuePair("ctl00$ContentPlaceHolder1$ResetWizard$QuestionAnswerTextBox","pilica"));
nvps3.add(new BasicNameValuePair("ctl00$ContentPlaceHolder1$ResetWizard$StepNavigationTemplateContainerID$StepNextButton","Dalej"));
thirdQuestion.setEntity(new UrlEncodedFormEntity(nvps3));
response1=client.execute(thirdQuestion);
body=handler.handleResponse(response1);
*/
answerQuestion("XXX");
answerQuestion("XXX");
String unlockPage=answerQuestion("XXX");
showViewState();
//System.out.println(unlockPage);
Document htmlUnlockPage=Jsoup.parse(unlockPage);
Element unlockRadio=htmlUnlockPage.getElementById("ContentPlaceHolder1_ResetWizard_UnlockMethodList_1");
try {
System.out.println(unlockRadio.tag());
if(unlockRadio.val() == "2")
{
System.out.println("unlock");
sendReply("ctl00$ScriptManager1","ctl00$UpdatePanel1|ctl00$ContentPlaceHolder1$ResetWizard$StepNavigationTemplateContainerID$StepNextButton&ctl00$ContentPlaceHolder1$ResetWizard$UnlockMethodList=2","Dalej");
sendReply("ctl00$ScriptManager1","ctl00$UpdatePanel1|ctl00$ContentPlaceHolder1$ResetWizard$FinishNavigationTemplateContainerID$FinishButton","Zakończ");
}
}
catch(NullPointerException e) {
System.out.println("Account is not locked");
}
// System.out.println(body);
//System.out.println(entity.getContent().);
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (HttpException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
@cinek810
Copy link
Author

cinek810 commented Oct 7, 2017

Revision two contains sending "please unlock my account" :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment