https://github.com/d3vil0p3r/timeverter
Bruteforce time-based tokens and convert several time domains.
https://github.com/d3vil0p3r/timeverter
bruteforce converter ctf-tools hacking python security-tools time token
Last synced: 10 months ago
JSON representation
Bruteforce time-based tokens and convert several time domains.
- Host: GitHub
- URL: https://github.com/d3vil0p3r/timeverter
- Owner: D3vil0p3r
- License: gpl-3.0
- Created: 2022-03-16T04:40:03.000Z (over 4 years ago)
- Default Branch: main
- Last Pushed: 2022-10-14T21:11:18.000Z (over 3 years ago)
- Last Synced: 2025-04-18T17:43:25.644Z (about 1 year ago)
- Topics: bruteforce, converter, ctf-tools, hacking, python, security-tools, time, token
- Language: Python
- Homepage:
- Size: 93.8 KB
- Stars: 6
- Watchers: 1
- Forks: 5
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# TimeVerter - Time Converter Token Bruteforcer
**TimeVerter** helps you to bruteforce several kinds of time-based tokens and to convert several time domains.
date format: [%YYYY-%mm-%ddT%HH:%MM:%SS]\
epoch format: [seconds]
List of arguments:
| Argument | Long Argument | Input Example | Description |
| -------- | ------------- | ---------- | ----------- |
| `-c` | `--colored` | | Let's give some random colored output |
| `-d` | `--data` | param1=value¶m2=VERTER | Insert data for POST request (i.e. userid=user&token=VERTER) |
| `-D` | `--date` | 2022-03-26T01:13:37 | Convert a date to epoch time format |
| `-div` | `--divide` | 1000 | Divide the timestamp by the specified value (used for change the order of magnitude) |
| `-e` | `--encode` | base64,hex | Encode the input to a chain of the specified formats. It will be applied before the `--algorithm` option |
| `-E` | `--epoch` | 1647135274.789 | Convert epoch time to date format |
| `-f` | `--float` | 0.001 | Deal timestamp as floating point number and specify the floating step value when range option is set |
| `-fr` | `--filterregex` | Wrong token | Filter the response for the submitted regex |
| `-g` | `--algorithm` | sha256 | Specify the algorithm to be used for token computation (look for hashlib or OpenSSL algorithms) |
| `-h` | `--help` | | Show this help message and exit |
| `-H` | `--header` | Content-Type: text/html; charset=UTF-8 | Specify the headers of the request |
| `-mr` | `--matchregex` | .\*Great.\* | Match the response for the submitted regex |
| `-mul` | `--multiply` | 1000 | Multiply the timestamp by the specified value (used for change the order of magnitude) |
| `-n` | `--now` | | Show current local time as epoch and date format |
| `-p` | `--prefix` | admin | Specify a prefix string before the timestamp |
| `-r` | `--range` | 3000 | Specify a +- offset value of the timestamp in seconds (or other magnitudes according `-div` and `-mul` options) |
| `-s` | `--suffix` | root | Specify a suffix string after the timestamp |
| `-u` | `--url` | http://x.x.x.x:XXXX | Specify the URL |
| `-U` | `--utc` | +1:00 | Show current UTC+N time as epoch and date format |
| `-v` | `--verbose` | | Show verbose output |
| `-V` | `--version` | | Show version information |
| `-X` | `--request` | POST | Specify request method to use |
| `-z` | `--compare` | a4e11f213f0bc314a043207dba6ca8ca | Compare a value to the output tokens |
Use `VERTER` string on the parameter to bruteforce. Choose `-n`, `-U` or `-E` option for specifying the Time Base of your attack.
Usage Examples:
```
timeverter -D 2022-03-26T01:13:37
timeverter --utc=-3:30
timeverter -n -g md5 -r 3000 -z a4e11f213f0bc314a043207dba6ca8ca
timeverter -U +0:00 -r 3000 -g md5 -X POST -u http://SERVER_IP:PORT/somefolder/ -d 'submit=check&token=VERTER' -fr "Wrong token" -mul 1000 -p admin
timeverter -u 'http://SERVER_IP:PORT/somefolder/' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' -H 'Accept-Language: en-US,en;q=0.5' -H 'Connection: keep-alive' -H 'Cookie: SESSIONID=VERTER' -H 'Upgrade-Insecure-Requests: 1' -H 'Cache-Control: max-age=0' -n -e b64,hex -v -X GET -r 1000
```
# Testing
For testing it, you can set up a PHP server on your testing machine (i.e. `php -S 127.0.0.1:8000`), by using the following example PHP scripts (credits [HackTheBox](https://www.hackthebox.com/)):
**Testing by GET request**
Click here to show the PHP file!
```php
Broken Authentication Login - Reset token time()
.login-form {
width: 500px;
margin: 50px auto;
}
.login-form form {
margin-bottom: 15px;
background: #f7f7f7;
box-shadow: 0px 2px 2px rgba(0, 0, 0, 0.3);
padding: 30px;
}
.login-form h2 {
margin: 0 0 15px;
}
.form-control, .btn {
min-height: 38px;
border-radius: 2px;
}
.btn {
font-size: 15px;
font-weight: bold;
}
Great work!
';
exit;
} else {
echo ' Wrong token.
';
}
}
}
?>
Input a valid token
Check
```
**Testing by POST request**
Click here to show the PHP file!
```php
Broken Authentication Login - Reset token time()
.login-form {
width: 500px;
margin: 50px auto;
}
.login-form form {
margin-bottom: 15px;
background: #f7f7f7;
box-shadow: 0px 2px 2px rgba(0, 0, 0, 0.3);
padding: 30px;
}
.login-form h2 {
margin: 0 0 15px;
}
.form-control, .btn {
min-height: 38px;
border-radius: 2px;
}
.btn {
font-size: 15px;
font-weight: bold;
}
Great work!
';
exit;
} else {
echo ' Wrong token.
';
}
}
}
?>
Input a valid token
Check
```
Use **TimeVerter** for getting the right token!\
\
\
Do you like spoilers for these tests?
Click here to spoil!
## GET request
`python timeverter.py -d 'submit=check&token=VERTER' -u http://127.0.0.1:8000/token_get.php -X GET -g md5 -n -fr ".*Wrong.*" -r 3000`
## POST request
`python timeverter.py -d 'submit=check&token=VERTER' -u http://127.0.0.1:8000/token_post.php -X POST -g md5 -n -mr "G[r]ea.*" -r 3000`
Note: in case of issues with the tests, try to remove the `/dev/shm/token.txt` generated by the PHP scripts.