-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathmaul.py
37 lines (29 loc) · 947 Bytes
/
maul.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
from requests import codes, Session
LOGIN_FORM_URL = "http://localhost:8080/login"
SETCOINS_FORM_URL = "http://localhost:8080/setcoins"
def do_login_form(sess, username,password):
data_dict = {"username":username,\
"password":password,\
"login":"Login"
}
response = sess.post(LOGIN_FORM_URL,data_dict)
return response.status_code == codes.ok
def do_setcoins_form(sess,uname, coins):
data_dict = {"username":uname,\
"amount":str(coins),\
}
response = sess.post(SETCOINS_FORM_URL, data_dict)
return response.status_code == codes.ok
def do_attack():
sess = Session()
#you'll need to change this to a non-admin user, such as 'victim'.
uname =""
pw = ""
assert(do_login_form(sess, uname,pw))
#Maul the admin cookie in the 'sess' object here
target_uname = uname
amount = 5000
result = do_setcoins_form(sess, target_uname,amount)
print("Attack successful? " + str(result))
if __name__=='__main__':
do_attack()