■ ■ ■ ■ ■ ■
checker/util/exploit_checker.py
| 1 | + | import json |
| 2 | + | import httpx |
| 3 | + | |
| 4 | + | from bs4 import BeautifulSoup |
| 5 | + | from requests_html import HTMLSession |
| 6 | + | |
| 7 | + | def check_exploit(email: str) -> bool: |
| 8 | + | session = HTMLSession() |
| 9 | + | |
| 10 | + | response = session.get('https://login.live.com/login.srf') |
| 11 | + | response.html.render() |
| 12 | + | |
| 13 | + | html = response.html.html |
| 14 | + | soup = BeautifulSoup(html, 'html.parser') |
| 15 | + | |
| 16 | + | credential_type_url = None |
| 17 | + | ua_id = None |
| 18 | + | |
| 19 | + | for script in soup.find_all('script'): |
| 20 | + | if 'GetCredentialType' in script.text: |
| 21 | + | script_text = script.text |
| 22 | + | |
| 23 | + | credential_type_url = script_text.split('b6:\'')[1].split('\'')[0] |
| 24 | + | ua_id = script_text.split('b0:\'https://account.live.com/query.aspx?uaid=')[1].split('&')[0] |
| 25 | + | |
| 26 | + | if credential_type_url is None or ua_id is None: |
| 27 | + | raise RuntimeError('Credential type URL or UA id not found!') |
| 28 | + | |
| 29 | + | flow_token = soup.find('input', {'id': 'i0327'}).get('value') |
| 30 | + | |
| 31 | + | client = httpx.Client() |
| 32 | + | |
| 33 | + | for cookie in session.cookies: |
| 34 | + | client.cookies.set(cookie.name, cookie.value) |
| 35 | + | |
| 36 | + | response = client.post(credential_type_url, headers={ |
| 37 | + | 'Client-Request-Id': ua_id, |
| 38 | + | 'Content-Type': 'application/json; charset=UTF-8', |
| 39 | + | 'Origin': 'https://login.live.com', |
| 40 | + | 'Referer': 'https://login.live.com/login.srf?', |
| 41 | + | 'Host': 'login.live.com' |
| 42 | + | }, data={ |
| 43 | + | 'checkPhones': False, |
| 44 | + | 'federationFlags': 3, |
| 45 | + | 'flowToken': flow_token, |
| 46 | + | 'forceotclogin': False, |
| 47 | + | 'isCookieBannerShown': False, |
| 48 | + | 'isExternalFederationDisallowed': False, |
| 49 | + | 'isFidoSupported': True, |
| 50 | + | 'isOtherIdpSupported': True, |
| 51 | + | 'isRemoteConnectSupported': False, |
| 52 | + | 'isRemoteNGCSupported': True, |
| 53 | + | 'isSignup': False, |
| 54 | + | 'otclogindisallowed': False, |
| 55 | + | 'uaid': ua_id, |
| 56 | + | 'username': email |
| 57 | + | }) |
| 58 | + | |
| 59 | + | print(response.json()) |
| 60 | + | |
| 61 | + | # print(credential_type_url) |
| 62 | + | |
| 63 | + | return False |
| 64 | + | |
| 65 | + | check_exploit('[email protected]') |
| 66 | + | # asyncio.run(check_exploit('[email protected]')) |