Browse Source

working with passwords

pull/4/head
R4SAS 8 years ago
parent
commit
9e278275ca
  1. 3
      pbincli.py
  2. 43
      pbincli/actions.py

3
pbincli.py

@ -20,7 +20,7 @@ def main():
send_parser.add_argument("-D", "--discus", default=False, action="store_true", help="open discussion of sent paste") send_parser.add_argument("-D", "--discus", default=False, action="store_true", help="open discussion of sent paste")
send_parser.add_argument("-E", "--expire", default="1day", action="store", help="expiration of paste (default: 1day)") send_parser.add_argument("-E", "--expire", default="1day", action="store", help="expiration of paste (default: 1day)")
send_parser.add_argument("-F", "--format", default="plaintext", action="store", choices=["plaintext", "syntaxhighlighting", "markdown"], help="format of paste (default: plaintext)") send_parser.add_argument("-F", "--format", default="plaintext", action="store", choices=["plaintext", "syntaxhighlighting", "markdown"], help="format of paste (default: plaintext)")
send_parser.add_argument("-p", "--password", help="password for crypting paste") send_parser.add_argument("-p", "--password", help="password for encrypting paste")
send_parser.add_argument("-d", "--debug", default=False, action="store_true", help="enable debug") send_parser.add_argument("-d", "--debug", default=False, action="store_true", help="enable debug")
send_parser.add_argument("-f", "--file", help="example: image.jpg or full path to file") send_parser.add_argument("-f", "--file", help="example: image.jpg or full path to file")
send_parser.set_defaults(func=pbincli.actions.send) send_parser.set_defaults(func=pbincli.actions.send)
@ -30,6 +30,7 @@ def main():
) )
get_parser.add_argument("pasteinfo", help="example: aabb#cccddd") get_parser.add_argument("pasteinfo", help="example: aabb#cccddd")
get_parser.add_argument("-d", "--debug", default=False, action="store_true", help="enable debug") get_parser.add_argument("-d", "--debug", default=False, action="store_true", help="enable debug")
get_parser.add_argument("-p", "--password", help="password for decrypting paste")
get_parser.set_defaults(func=pbincli.actions.get) get_parser.set_defaults(func=pbincli.actions.get)
# parse arguments # parse arguments

43
pbincli/actions.py

@ -16,15 +16,15 @@ def path_leaf(path):
def send(args): def send(args):
passphrase = os.urandom(32) passphrase = b64encode(os.urandom(32))
if args.debug: print("Passphrase:\t{}".format(b64encode(passphrase))) if args.debug: print("Passphrase:\t{}".format(b64encode(passphrase)))
if args.password: if args.password:
p = SHA256.new() p = SHA256.new()
p.update(args.password.encode("UTF-8")) p.update(args.password.encode("UTF-8"))
passphrase = b64encode(passphrase + p.hexdigest().encode("UTF-8")) password = passphrase + p.hexdigest().encode("UTF-8")
else: else:
passphrase = b64encode(passphrase) password = passphrase
if args.debug: print("Password:\t{}".format(passphrase)) if args.debug: print("Password:\t{}".format(password))
if args.comment: if args.comment:
text = b64encode(compress(args.comment)) text = b64encode(compress(args.comment))
@ -41,12 +41,12 @@ def send(args):
file = b64encode(compress(contents)) file = b64encode(compress(contents))
filename = b64encode(compress(path_leaf(args.file))) filename = b64encode(compress(path_leaf(args.file)))
cipherfile = pbincli.sjcl_simple.encrypt(passphrase, file) cipherfile = pbincli.sjcl_simple.encrypt(password, file)
cipherfilename = pbincli.sjcl_simple.encrypt(passphrase, filename) cipherfilename = pbincli.sjcl_simple.encrypt(password, filename)
"""Sending text from 'data' string""" """Sending text from 'data' string"""
#cipher = SJCL().encrypt(b64encode(text), passphrase) #cipher = SJCL().encrypt(b64encode(text), passphrase)
cipher = pbincli.sjcl_simple.encrypt(passphrase, text) cipher = pbincli.sjcl_simple.encrypt(password, text)
request = {'data':json.dumps(cipher, ensure_ascii=False).replace(' ',''),'expire':args.expire,'formatter':args.format,'burnafterreading':int(args.burn),'opendiscussion':int(args.discus)} request = {'data':json.dumps(cipher, ensure_ascii=False).replace(' ',''),'expire':args.expire,'formatter':args.format,'burnafterreading':int(args.burn),'opendiscussion':int(args.discus)}
if cipherfile and cipherfilename: if cipherfile and cipherfilename:
request['attachment'] = json.dumps(cipherfile, ensure_ascii=False).replace(' ','') request['attachment'] = json.dumps(cipherfile, ensure_ascii=False).replace(' ','')
@ -59,7 +59,7 @@ def send(args):
result = json.loads(result) result = json.loads(result)
"""Standart response: {"status":0,"id":"aaabbb","url":"\/?aaabbb","deletetoken":"aaabbbccc"}""" """Standart response: {"status":0,"id":"aaabbb","url":"\/?aaabbb","deletetoken":"aaabbbccc"}"""
if result['status'] == 0: if result['status'] == 0:
print("Paste uploaded!\nPasteID:\t{}\nPassword:\t{}\nDelete token:\t{}\n\nLink:\t{}?{}#{}".format(result['id'], passphrase.decode("UTF-8"), result['deletetoken'], server, result['id'], passphrase.decode("UTF-8"))) print("Paste uploaded!\nPasteID:\t{}\nPassword:\t{}\nDelete token:\t{}\n\nLink:\t{}?{}#{}".format(result['id'], passphrase, result['deletetoken'], server, result['id'], passphrase))
else: else:
print("Something went wrong...\nError:\t{}".format(result['message'])) print("Something went wrong...\nError:\t{}".format(result['message']))
sys.exit(1) sys.exit(1)
@ -68,8 +68,18 @@ def send(args):
def get(args): def get(args):
paste = args.pasteinfo.split("#") paste = args.pasteinfo.split("#")
if paste[0] and paste[1]: if paste[0] and paste[1]:
if args.debug: print("PasteID:\t{}\nPassword:\t{}\n".format(paste[0], paste[1])) if args.debug: print("PasteID:\t{}\nPassphrase:\t{}".format(paste[0], paste[1]))
result = privatebin().get(args.pasteinfo)
if args.password:
p = SHA256.new()
p.update(args.password.encode("UTF-8"))
passphrase = paste[1] + p.hexdigest().encode("UTF-8")
else:
passphrase = paste[1]
if args.debug: print("Password:\t{}".format(passphrase))
result = privatebin().get(paste[0])
else: else:
print("PBinCLI error: Incorrect request") print("PBinCLI error: Incorrect request")
sys.exit(1) sys.exit(1)
@ -79,16 +89,21 @@ def get(args):
if result['status'] == 0: if result['status'] == 0:
print("Paste received! Text inside:") print("Paste received! Text inside:")
data = pbincli.utils.json_loads_byteified(result['data']) data = pbincli.utils.json_loads_byteified(result['data'])
text = pbincli.sjcl_simple.decrypt(paste[1], data) text = pbincli.sjcl_simple.decrypt(passphrase, data)
#text = pbincli.sjcl_gcm.SJCL().decrypt(daat, paste[1]) #text = pbincli.sjcl_gcm.SJCL().decrypt(daat, paste[1])
print(decompress(b64decode(text))) print(decompress(b64decode(text)))
check_writable("paste.txt")
with open("paste.txt", "wb") as f:
f.write(decompress(b64decode(text)))
f.close
if 'attachment' in result and 'attachmentname' in result: if 'attachment' in result and 'attachmentname' in result:
print("Found file, attached to paste. Decoding it and saving") print("Found file, attached to paste. Decoding it and saving")
cipherfile = pbincli.utils.json_loads_byteified(result['attachment']) cipherfile = pbincli.utils.json_loads_byteified(result['attachment'])
cipherfilename = pbincli.utils.json_loads_byteified(result['attachmentname']) cipherfilename = pbincli.utils.json_loads_byteified(result['attachmentname'])
attachment = pbincli.sjcl_simple.decrypt(paste[1], cipherfile) attachment = pbincli.sjcl_simple.decrypt(passphrase, cipherfile)
attachmentname = pbincli.sjcl_simple.decrypt(paste[1], cipherfilename) attachmentname = pbincli.sjcl_simple.decrypt(passphrase, cipherfilename)
file = decompress(b64decode(attachment)) file = decompress(b64decode(attachment))
filename = decompress(b64decode(attachmentname)) filename = decompress(b64decode(attachmentname))
if args.debug: print("Filename:\t{}\n".format(filename)) if args.debug: print("Filename:\t{}\n".format(filename))
@ -99,8 +114,10 @@ def get(args):
f.close f.close
if 'burnafterreading' in result['meta'] and result['meta']['burnafterreading']: if 'burnafterreading' in result['meta'] and result['meta']['burnafterreading']:
print("Burn afrer reading flag found. Deleting paste...")
result = privatebin().delete(paste[0], 'burnafterreading') result = privatebin().delete(paste[0], 'burnafterreading')
if args.debug: print("Delete response:\t{}\n".format(result.decode("UTF-8"))) if args.debug: print("Delete response:\t{}\n".format(result.decode("UTF-8")))
else: else:
print("Something went wrong...\nError:\t{}".format(result['message'])) print("Something went wrong...\nError:\t{}".format(result['message']))
sys.exit(1) sys.exit(1)

Loading…
Cancel
Save