iusb-spoof/make-token.py

#!/usr/bin/env python3

import re
import requests
import sys


hostname = sys.argv[1]


s = requests.Session()
r = s.post('http://'+hostname+':80/rpc/WEBSES/create.asp',data="WEBVAR_USERNAME=root&WEBVAR_PASSWORD=root")
session_cookie_regex = re.compile(r"'?(\w*(?:session)|(?:SESSION)\w*)'?\s*[:=]\s*'(\w+)'")
for line in r.text.split("\n"):
    match_obj = session_cookie_regex.search(line)
    if match_obj is not None:
        session_cookie_value = match_obj.group(2)
        s.cookies.set("SessionCookie", session_cookie_value)
        break
if r.status_code != 200 or not s.cookies:
    raise "Login was not successful."

r = s.get('http://'+hostname+':80/Java/jviewer.jnlp')
token_regex = re.compile("<argument>(\\w{16})</argument>")
token = None
for line in r.text.split("\n"):
    match_obj = token_regex.search(line)
    if match_obj is not None:
        token = match_obj.group(1)
        break
if r.status_code != 200 or token is None:
    raise "Obtaining token was not successful."

print(token)