+
+Test title
+
+
+
+"""
+
+ # Supply the expected ViewStateUserKey via one of the cookies inspected by carve_to_check_secret
+ cookies = {"ASP.NET_SessionId": "xwrpnizumzekndin03addnmm"}
+
+ r = x.carve(body=html, cookies=cookies)
+ assert r
+ assert len(r) == 1
+ assert r[0]["type"] == "SecretFound"
+ assert "/wEPDwUJODExMDE5NzY5ZGTX0g6r3svRDbR+eCZDnrj4MT4/FA==" in r[0]["product"]
diff --git a/tests/examples_telerik_knownkey_test.py b/tests/examples_telerik_knownkey_test.py
index e1b1ed08..26178f85 100644
--- a/tests/examples_telerik_knownkey_test.py
+++ b/tests/examples_telerik_knownkey_test.py
@@ -103,7 +103,7 @@ def asyncupload_found_key_matcher_PBKDF1_MS_incorrect(request):
def PBKDF2_found_key_matcher(request):
if (
request.body
- == "dialogParametersHolder=Ct3E%2FAXZ0ct05hNqzzSbCRVxte%2F%2BQBIVbVz21p21CqLSnQsGfzTjsiq%2FxoAQaaDuaafBKu8cNXMOGT5kJcE0snNDBVbQqvbQLEYa1cWQYr%2FL2tOMq8Rnuzq6F7HKpN2%2BP0tdCPxrO3s6K2W43kvEO5wyaDlijlF9r2XI6UL1FUk%3D"
+ == "dialogParametersHolder=%2Bv%2BRs6kf9lDUYnqqYk32Vg84DkpdruQOKGZRmm6RMkaYuxNmvg5Ca5cT%2F74qkOozHIKkG1ovf6XBsjlp4kgO8BJ6KgNcT78BExQZfT1mN5rFGZylxNlfmCxZEQFLAyV2xh%2FkGVb%2Bk95TQYnppybCMfuwinH7NDbVXKO7qr3kTNUCkgUUdFGWw6%2BoM49hkD%2BwQN%2F62S%2F%2BfVkxGJeRQEKHakLELFYpjwgW6UsXXDGmQilTdKx4iZ1MlO3JsD%2FWMUF94bACEiq26YUKhW7j0MEChv4regUuWBhAvrq0WKEdRbk%3D"
):
return True
return False
@@ -112,29 +112,49 @@ def PBKDF2_found_key_matcher(request):
def PBKDF2_found_key_matcher_negative(request):
if (
request.body
- == "dialogParametersHolder=Ct3E%2FAXZ0ct05hNqzzSbCRVxte%2F%2BQBIVbVz21p21CqLSnQsGfzTjsiq%2FxoAQaaDuaafBKu8cNXMOGT5kJcE0snNDBVbQqvbQLEYa1cWQYr%2FL2tOMq8Rnuzq6F7HKpN2%2BP0tdCPxrO3s6K2W43kvEO5wyaDlijlF9r2XI6UL1FUk%3D"
+ == "dialogParametersHolder=%2Bv%2BRs6kf9lDUYnqqYk32Vg84DkpdruQOKGZRmm6RMkaYuxNmvg5Ca5cT%2F74qkOozHIKkG1ovf6XBsjlp4kgO8BJ6KgNcT78BExQZfT1mN5rFGZylxNlfmCxZEQFLAyV2xh%2FkGVb%2Bk95TQYnppybCMfuwinH7NDbVXKO7qr3kTNUCkgUUdFGWw6%2BoM49hkD%2BwQN%2F62S%2F%2BfVkxGJeRQEKHakLELFYpjwgW6UsXXDGmQilTdKx4iZ1MlO3JsD%2FWMUF94bACEiq26YUKhW7j0MEChv4regUuWBhAvrq0WKEdRbk%3D"
):
return False
return True
def PBKDF2_version_probe_matcher(request):
+ if (
+ request.body
+ == "dialogParametersHolder=%2Bv%2BRs6kf9lDUYnqqYk32Vg84DkpdruQOKGZRmm6RMkaYuxNmvg5Ca5cT%2F74qkOozHIKkG1ovf6XBsjlp4kgO8BJ6KgNcT78BExQZfT1mN5rMO8kcLDRdffFhFXmvAr0o%2F4x%2B9VoRJVaOyGLXk2nhX4OMP%2BjGP2C96Fa6LyfGWHlk1CF0E5mAPeQ6CLbycR88WU5hlmUUqniXC2UdeYd6HO9RFnISEnhq72MkdiEfvNsqAhr2XaCX2%2BQxFXfCLi2%2Fc%2Bn2NmUiFRdhCLutnVxILEnYiRmU5eHJdB2IOTtoc2XZ3NUdZJwrwOswjzCkk7LOwt2bddTvOXdfWtRrbNz1GDNXlPz1cXotgAhucxLLsknNDbeeboMbL%2Bk3tIeervi7oI%2FRQn6Ml3ffUAfcqHzwcZCEIlQXh%2FBEIKHAY9fGKs5JSdtRbREDI0rh9sH%2B0TmYv444WQyqYpa8pOqtxgC1QRRcsNQcVGFzpyNL2SfKSlLTZi5Q7bo8XMTfLG6jg60csDEDiJ7MwJBGIm1iYzt%2FP9JEKkZujTMyHoBI0RESNpux7BeanEIDsfDmfwbcUo%2B2%2BkoHkCE4zXWBdW3lqssk4GwSbc0mbmf3U79rsQdNEqIOL87evE1U6tGB5PuXgwAIj9sKdyffd8%2B%2Bz1CCffFovLM72ilbCmSljAJ%2BvVBfNpTiL7RV7j3XGygljzi4NL8yXJuCLYiNxmqPMdV8DahLed0jSe2mkU1u6rx4yS3dcWEfwMWjI5tVrfnbqtdInC8TliXkTZ919CtORoydmIXGL1u3kdBIq8EZcjRMa4bN4VTvUlbqeIe8p8QYEQwAi7vXiZCKS6R6dmJfQv%2B%2FqBHXWSFuglLYde019GNtNdGQfEnY31zT0Q86ieDYn4k55LbYq5lK8PNjg50gdJxn9fNtHTQ7frKP9vRM4cImRSvDBTATVw1PDzMqn0exo3xciYd5%2BXYAxlFoqwFMDz40w2xR4OWwoPsixpVjR2DYiqYiZrYytFMjziRCLQhkVuJpED8nB9CTlo05WBKN%2Bb4UBHBg%2FkCkHXJxNakIX7UbAjDcqzrNCGhjrgehCGA81uOf0Ppfswda0ZHMi8g9W6Y7uwWmn7Ux7xBMgDCUNIi8I3UvLGXdKnuB8YHX8TLC1z2%2Fm3ip797Pix1ya2sBsbw9KgOJ7PBT0u9W0puchi7zpT%2FzFe3V2HbV0ottDethRJhzaN856VgvjyNhbbmA04gnal%2Fq01j7LNWxEwTjNPyHORI1l9jztvYqItLei7YQYg2pFhmvuv0Od8DPfH40Y1m3mL2F2d%2FAy3ImzFI%2BKQB6mnGPvRcDIS1j7zPhciKRuLfu3dCxhIH7ojo83rhQus3SyXdyZ5cjkFKcG3H7WmBBMOFs2o5xjWcdLARevRbNbqwRfATerc5GuJxy1Qb8RJvOqhDcS5YAHyxVMx2QYU3yMhg0tCpy4wW%2FHsa33feu3NeBu9lRI38ojJNM7o6xYRoSTQu4tYadB4Yh4w60e%2FsttnecOC5plZrLw6BYN2piqvUD07BnO4yTvrpdBDXR%2BMFDchnFh2YK9JtvvtAISvpoSOJojOhwRKuafCwEJn0GB1dsdmOOxxaFHkPXQ7789eCxlTL5mkVf3ktzmHQdDyBxBlDLFWSjmFIBHp%2BPobFdDOmv5p6J3%2F%2FM23PMgGDLRMrj5LVZV3trGV1ZaJHEFIGmVwW0tN4426Q4rCdcxT4ju%2B%2FNhcq90e8crWw9nrF2rPTzW1YM7VqWWwhLj8MtVtGZFa3N%2FxdjEys8FWyT8VqAbC4IltuT5lW1ou1SXsA96h%2F9y3vzJADbm4Lv624OGnh6M%2FCmR930i6YeUlWWmMw1%2FpcZ5werHPm9v0OWulNmGfbNEoKuThz2sSCZ8FLNVToygv1VXPXnur4dJnoCkwBP2%2BQQ6%2FHlyFRXnrrGsiDJE3qtRXgECIhc2zpuC5HAz9FhIfC9VZZ5nxRMbhA6W%2Fz%2BjPpKLCBpmLqHJfy8%2B%2FausiZJv7d9yQ0SvHtq0y%2FSY04hOgZTJul6IIYpObD6s%2FqrGy2nMmY3%2FtEn830%2F%2BFERnXMeBsj%2B%2F5ZSewYe4xBnub1wvSbsA3qjoU5gq7fhDJOhmMQXkbas%2FRholsU9CNKNXpSyqVarqAc8XwaG34JmdG3wjQXd6p%2Bz2jZLew5ja8nelvVdIeN%2F9ejCNOoXcPApYLHyxslcrEuJrSHlAMR4FbonfrFhYYTR%2B8pdxRGYGpVUDxlIRvayztxVhLnSpRwg5uIXktoMwJ%2FSaF8x29hA9LIyUqAu4%2FR2hQW%2B4SImPpsXXpqtiGkjfub23eHBh6%2BtPfI7KNBt0Sz%2F3IcUvQk%2BWZYFfPMd8cXJdempaxEs%2BWRlN16p%2BjqhLiVh2A8iaZ4WvdHZmEP7slp3BgAJHjnl7C9sEWeDqCEwe%2FjIDLeJ1X%2FDjBXwflC7CNUtfL5Xw3En%2FArqlvVhUGhwvFy6lQocBfs6%2BLYvOaWiwZ37DX8rkRZlWpkY2rpapUrmnba7Ly%2FoLx924DzkK78M%2BzFL0ra5b1t6Rgv5zuibZAhF47t1EdOxpWIlBlf3zB9gg2M5Rk%2F9IMH%2BzrDHou9o9uO%2BDC6WFddIOuEWc1nrjSenwFkvqgNVdc9CtdiVDWnFLKJh70er5L8AlH7uCb4iXrYljyCSAeyr0DiKz6T8ox10NRGPI6iJbYf%2FIr3IuZE1oJgqcvn7tKhQBOq4jemlZpbeQgPy0FxO0%2BDxeqI%3D"
+ ):
+ return True
+ return False
+
+
+def PBKDF2_version_probe_matcher_incorrect(request):
if (
request.body != "dialogParametersHolder=AAAA"
and request.body
- == "dialogParametersHolder=%2Bv%2BRs6kf9lDUYnqqYk32Vg84DkpdruQOKGZRmm6RMkaYuxNmvg5Ca5cT%2F74qkOozHIKkG1ovf6XBsjlp4kgO8BJ6KgNcT78BExQZfT1mN5rMO8kcLDRdffFhFXmvAr0o%2F4x%2B9VoRJVaOyGLXk2nhX4OMP%2BjGP2C96Fa6LyfGWHlk1CF0E5mAPeQ6CLbycR88WU5hlmUUqniXC2UdeYd6HO9RFnISEnhq72MkdiEfvNsqAhr2XaCX2%2BQxFXfCLi2%2Fc%2Bn2NmUiFRdhCLutnVxILEnYiRmU5eHJdB2IOTtoc2XZ3NUdZJwrwOswjzCkk7LOwt2bddTvOXdfWtRrbNz1GDNXlPz1cXotgAhucxLLsknNDbeeboMbL%2Bk3tIeervi7oI%2FRQn6Ml3ffUAfcqHzwcZCEIlQXh%2FBEIKHAY9fGKs5JSdtRbREDI0rh9sH%2B0TmYv444WQyqYpa8pOqtxgC1QRRcsNQcVGFzpyNL2SfKSlLTZi5Q7bo8XMTfLG6jg60csDEDiJ7MwJBGIm1iYzt%2FP9JEKkZujTMyHoBI0RESNpux7BeanEIDsfDmfwbcUo%2B2%2BkoHkCE4zXWBdW3lqssk4GwSbc0mbmf3U79rsQdNEqIOL87evE1U6tGB5PuXgwAIj9sKdyffd8%2B%2Bz1CCffFovLM72ilbCmSljAJ%2BvVBfNpTiL7RV7j3XGygljzi4NL8yXJuCLYiNxmqPMdV8DahLed0jSe2mkU1u6rx4yS3dcWEfwMWjI5tVrfnbqtdInC8TliXkTZ919CtORoydmIXGL1u3kdBIq8EZcjRMa4bN4VTvUlbqeIe8p8QYEQwAi7vXiZCKS6R6dmJfQv%2B%2FqBHXWSFuglLYde019GNtNdGQfEnY31zT0Q86ieDYn4k55LbYq5lK8PNjg50gdJxn9fNtHTQ7frKP9vRM4cImRSvDBTATVw1PDzMqn0exo3xciYd5%2BXYAxlFoqwFMDz40w2xR4OWwoPsixpVjR2DYiqYiZrYytFMjziRCLQhkVuJpED8nB9CTlo05WBKN%2Bb4UBHBg%2FkCkHXJxNakIX7UbAjDcqzrNCGhjrgehCGA81uOf0Ppfswda0ZHMi8g9W6Y7uwWmn7Ux7xBMgDCUNIi8I3UvLGXdKnuB8YHX8TLC1z2%2Fm3ip797Pix1ya2sBsbw9KgOJ7PBT0u9W0puchi7zpT%2FzFe3V2HbV0ottDethRJhzaN856VgvjyNhbbmA04gnal%2Fq01j7LNWxEwTjNPyHORI1l9jztvYqItLei7YQYg2pFhmvuv0Od8DPfH40Y1m3mL2F2d%2FAy3ImzFI%2BKQB6mnGPvRcDIS1j7zPhciKRuLfu3dCxhIH7ojo83rhQus3SyXdyZ5cjkFKcG3H7WmBBMOFs2o5xjWcdLARevRbNbqwRfATerc5GuJxy1Qb8RJvOqhDcS5YAHyxVMx2QYU3yMhg0tCpy4wW%2FHsa33feu3NeBu9lRI38ojJNM7o6xYRoSTQu4tYadB4Yh4w60e%2FsttnecOC5plZrLw6BYN2piqvUD07BnO4yTvrpdBDXR%2BMFDchnFh2YK9JtvvtAISvpoSOJojOhwRKuafCwEJn0GB1dsdmOOxxaFHkPXQ7789eCxlTL5mkVf3ktzmHQdDyBxBlDLFWSjmFIBHp%2BPobFdDOmv5p6J3%2F%2FM23PMgGDLRMrj5LVZV3trGV1ZaJHEFIGmVwW0tN4426Q4rCdcxT4ju%2B%2FNhcq90e8crWw9nrF2rPTzW1YM7VqWWwhLj8MtVtGZFa3N%2FxdjEys8FWyT8VqAbC4IltuT5lW1ou1SXsA96h%2F9y3vzJADbm4Lv624OGnh6M%2FCmR930i6YeUlWWmMw1%2FpcZ5werHPm9v0OWulNmGfbNEoKuThz2sSCZ8FLNVToygv1VXPXnur4dJnoCkwBP2%2BQQ6%2FHlyFRXnrrGsiDJE3qtRXgECIhc2zpuC5HAz9FhIfC9VZZ5nxRMbhA6W%2Fz%2BjPpKLCBpmLqHJfy8%2B%2FausiZJv7d9yQ0SvHtq0y%2FSY04hOgZTJul6IIYpObD6s%2FqrGy2nMmY3%2FtEn830%2F%2BFERnXMeBsj%2B%2F5ZSewYe4xBnub1wvSbsA3qjoU5gq7fhDJOhmMQXkbas%2FRholsU9CNKNXpSyqVarqAc8XwaG34JmdG3wjQXd6p%2Bz2jZLew5ja8nelvVdIeN%2F9ejCNOoXcPApYLHyxslcrEuJrSHlAMR4FbonfrFhYYTR%2B8pdxRGYGpVUDxlIRvay5xE4PoiuJ4tF82nhc3kr%2FsJWj86DXt9uK%2FPIDMokhA1wZ2BS8rN8V8J43gXMVkQtHFyqiAMoKttVwox3GtbTdmzYcjtjdZmL3VB27giGRreZsDbr6lsLJKVYnGtzAwL1nb45fLFtBNpiGXKHwE0soY3dapt%2FwadcvpFryVyG%2BesgLUwLWjgGepMMbQgPgi7Lk9TDgl5pO9Sg2%2B%2BCDEKkhmknkE%2FW4zr%2FbE3Qg97NK3hkIC0ajQvysQCsD2G98NREwRp5Yo2qUVqoKsz%2BM5FifnHVivHtbpB%2B0jSdbMPBVqrn6aJutLfJazoTo1MP5RGYQXwBR%2BiE%2BzrvvH3cYwPt7ac%2FkG%2BPEEDYQKPU%2F945Sh5D2ST2TwV1nVjoVq0xMgmM4rJmTTKSABcevdVyK41RiiOgJ1hXMLvtClnaA0rmU1zdilFkAHpka5VW9IKQa4edHYgnnLRdQfQ6YljskVGbbHuSZX9a5AiW9eHYyoNYZno%3D"
+ != "dialogParametersHolder=%2Bv%2BRs6kf9lDUYnqqYk32Vg84DkpdruQOKGZRmm6RMkaYuxNmvg5Ca5cT%2F74qkOozHIKkG1ovf6XBsjlp4kgO8BJ6KgNcT78BExQZfT1mN5rMO8kcLDRdffFhFXmvAr0o%2F4x%2B9VoRJVaOyGLXk2nhX4OMP%2BjGP2C96Fa6LyfGWHlk1CF0E5mAPeQ6CLbycR88WU5hlmUUqniXC2UdeYd6HO9RFnISEnhq72MkdiEfvNsqAhr2XaCX2%2BQxFXfCLi2%2Fc%2Bn2NmUiFRdhCLutnVxILEnYiRmU5eHJdB2IOTtoc2XZ3NUdZJwrwOswjzCkk7LOwt2bddTvOXdfWtRrbNz1GDNXlPz1cXotgAhucxLLsknNDbeeboMbL%2Bk3tIeervi7oI%2FRQn6Ml3ffUAfcqHzwcZCEIlQXh%2FBEIKHAY9fGKs5JSdtRbREDI0rh9sH%2B0TmYv444WQyqYpa8pOqtxgC1QRRcsNQcVGFzpyNL2SfKSlLTZi5Q7bo8XMTfLG6jg60csDEDiJ7MwJBGIm1iYzt%2FP9JEKkZujTMyHoBI0RESNpux7BeanEIDsfDmfwbcUo%2B2%2BkoHkCE4zXWBdW3lqssk4GwSbc0mbmf3U79rsQdNEqIOL87evE1U6tGB5PuXgwAIj9sKdyffd8%2B%2Bz1CCffFovLM72ilbCmSljAJ%2BvVBfNpTiL7RV7j3XGygljzi4NL8yXJuCLYiNxmqPMdV8DahLed0jSe2mkU1u6rx4yS3dcWEfwMWjI5tVrfnbqtdInC8TliXkTZ919CtORoydmIXGL1u3kdBIq8EZcjRMa4bN4VTvUlbqeIe8p8QYEQwAi7vXiZCKS6R6dmJfQv%2B%2FqBHXWSFuglLYde019GNtNdGQfEnY31zT0Q86ieDYn4k55LbYq5lK8PNjg50gdJxn9fNtHTQ7frKP9vRM4cImRSvDBTATVw1PDzMqn0exo3xciYd5%2BXYAxlFoqwFMDz40w2xR4OWwoPsixpVjR2DYiqYiZrYytFMjziRCLQhkVuJpED8nB9CTlo05WBKN%2Bb4UBHBg%2FkCkHXJxNakIX7UbAjDcqzrNCGhjrgehCGA81uOf0Ppfswda0ZHMi8g9W6Y7uwWmn7Ux7xBMgDCUNIi8I3UvLGXdKnuB8YHX8TLC1z2%2Fm3ip797Pix1ya2sBsbw9KgOJ7PBT0u9W0puchi7zpT%2FzFe3V2HbV0ottDethRJhzaN856VgvjyNhbbmA04gnal%2Fq01j7LNWxEwTjNPyHORI1l9jztvYqItLei7YQYg2pFhmvuv0Od8DPfH40Y1m3mL2F2d%2FAy3ImzFI%2BKQB6mnGPvRcDIS1j7zPhciKRuLfu3dCxhIH7ojo83rhQus3SyXdyZ5cjkFKcG3H7WmBBMOFs2o5xjWcdLARevRbNbqwRfATerc5GuJxy1Qb8RJvOqhDcS5YAHyxVMx2QYU3yMhg0tCpy4wW%2FHsa33feu3NeBu9lRI38ojJNM7o6xYRoSTQu4tYadB4Yh4w60e%2FsttnecOC5plZrLw6BYN2piqvUD07BnO4yTvrpdBDXR%2BMFDchnFh2YK9JtvvtAISvpoSOJojOhwRKuafCwEJn0GB1dsdmOOxxaFHkPXQ7789eCxlTL5mkVf3ktzmHQdDyBxBlDLFWSjmFIBHp%2BPobFdDOmv5p6J3%2F%2FM23PMgGDLRMrj5LVZV3trGV1ZaJHEFIGmVwW0tN4426Q4rCdcxT4ju%2B%2FNhcq90e8crWw9nrF2rPTzW1YM7VqWWwhLj8MtVtGZFa3N%2FxdjEys8FWyT8VqAbC4IltuT5lW1ou1SXsA96h%2F9y3vzJADbm4Lv624OGnh6M%2FCmR930i6YeUlWWmMw1%2FpcZ5werHPm9v0OWulNmGfbNEoKuThz2sSCZ8FLNVToygv1VXPXnur4dJnoCkwBP2%2BQQ6%2FHlyFRXnrrGsiDJE3qtRXgECIhc2zpuC5HAz9FhIfC9VZZ5nxRMbhA6W%2Fz%2BjPpKLCBpmLqHJfy8%2B%2FausiZJv7d9yQ0SvHtq0y%2FSY04hOgZTJul6IIYpObD6s%2FqrGy2nMmY3%2FtEn830%2F%2BFERnXMeBsj%2B%2F5ZSewYe4xBnub1wvSbsA3qjoU5gq7fhDJOhmMQXkbas%2FRholsU9CNKNXpSyqVarqAc8XwaG34JmdG3wjQXd6p%2Bz2jZLew5ja8nelvVdIeN%2F9ejCNOoXcPApYLHyxslcrEuJrSHlAMR4FbonfrFhYYTR%2B8pdxRGYGpVUDxlIRvayztxVhLnSpRwg5uIXktoMwJ%2FSaF8x29hA9LIyUqAu4%2FR2hQW%2B4SImPpsXXpqtiGkjfub23eHBh6%2BtPfI7KNBt0Sz%2F3IcUvQk%2BWZYFfPMd8cXJdempaxEs%2BWRlN16p%2BjqhLiVh2A8iaZ4WvdHZmEP7slp3BgAJHjnl7C9sEWeDqCEwe%2FjIDLeJ1X%2FDjBXwflC7CNUtfL5Xw3En%2FArqlvVhUGhwvFy6lQocBfs6%2BLYvOaWiwZ37DX8rkRZlWpkY2rpapUrmnba7Ly%2FoLx924DzkK78M%2BzFL0ra5b1t6Rgv5zuibZAhF47t1EdOxpWIlBlf3zB9gg2M5Rk%2F9IMH%2BzrDHou9o9uO%2BDC6WFddIOuEWc1nrjSenwFkvqgNVdc9CtdiVDWnFLKJh70er5L8AlH7uCb4iXrYljyCSAeyr0DiKz6T8ox10NRGPI6iJbYf%2FIr3IuZE1oJgqcvn7tKhQBOq4jemlZpbeQgPy0FxO0%2BDxeqI%3D"
+ and request.body
+ != "dialogParametersHolder=%2Bv%2BRs6kf9lDUYnqqYk32Vg84DkpdruQOKGZRmm6RMkaYuxNmvg5Ca5cT%2F74qkOozHIKkG1ovf6XBsjlp4kgO8BJ6KgNcT78BExQZfT1mN5rFGZylxNlfmCxZEQFLAyV2xh%2FkGVb%2Bk95TQYnppybCMfuwinH7NDbVXKO7qr3kTNUCkgUUdFGWw6%2BoM49hkD%2BwQN%2F62S%2F%2BfVkxGJeRQEKHakLELFYpjwgW6UsXXDGmQilTdKx4iZ1MlO3JsD%2FWMUF94bACEiq26YUKhW7j0MEChv4regUuWBhAvrq0WKEdRbk%3D"
):
return True
return False
-def PBKDF2_version_probe_matcher_incorrect(request):
+def PBKDF2_version_probe_matcher_modern(request):
+ if (
+ request.body
+ == "dialogParametersHolder=%2Bv%2BRs6kf9lDUYnqqYk32Vg84DkpdruQOKGZRmm6RMkaYuxNmvg5Ca5cT%2F74qkOozHIKkG1ovf6XBsjlp4kgO8BJ6KgNcT78BExQZfT1mN5rMO8kcLDRdffFhFXmvAr0o%2F4x%2B9VoRJVaOyGLXk2nhX4OMP%2BjGP2C96Fa6LyfGWHlk1CF0E5mAPeQ6CLbycR88WU5hlmUUqniXC2UdeYd6HO9RFnISEnhq72MkdiEfvNsqAhr2XaCX2%2BQxFXfCLi2%2Fc%2Bn2NmUiFRdhCLutnVxILEnYiRmU5eHJdB2IOTtoc2XZ3NUdZJwrwOswjzCkk7LOwt2bddTvOXdfWtRrbNz1GDNXlPz1cXotgAhucxLLsknNDbeeboMbL%2Bk3tIeervi7oI%2FRQn6Ml3ffUAfcqHzwcXSXq6ey16mT7GUJbst%2BCQnfUQu5gqzYBOwSmvNPc9AtoVWV%2F5dfO1uPm%2F%2FfLxuOXoxO5v7UIJNIX1KUEuFcysdbBSkZHdCqSRasDt63Li1lZEqHBCuHSNj%2BcEcRGx841w%2BCN%2BWrJyanc%2F3OOP%2BNWRYRstLeKZVf3aRHhKYNp4Q%2B%2BSEQxIVpv9UxWpkOSs%2Bbckk36t3N6DCcKGB1z9lelAGTDzlOLPUh9GhikJAESqLytLBC0CXn40%2BI%2BlBRZ44m4TX53YDcKBPOfiP880p3%2BfnIOY1X6p7HMNoi5jcUlphEQv5aN60B7TkYzZVRQS6xX0gq8r1La9iEUeE4t8378DhGQ8qkcHv1JkJM4WBgQaFzfWxj5Dg%2BL7USGaCKNH4W0kzeBSNrRW5ETwJDrDh683%2BzOJCEqh5Wlqjswo4986yHARJEJzRgJC2O4EbGcGyBtiaNioPFUyyX87ovcxMqIdMEyfZpo5QeWd4s0Sufx4vICyl%2BkGtzo0f7xIhIeuJRsbXvKmHxx0wwVJZsOFR5SBYrd7%2Bs6TM8waDsXr5pC%2FdTT3pBCh%2BWPS%2Fy%2FMgHjh75q6lWy4UTygpb6brMqiW%2F%2F1NXRLLHqqweT8xy5N0x7ck8bspjo7yF1rNn%2FixyuQ7HLZsEiXEbwBCBGGnTF2P4geoz9t7y7wUdoRw5SDyhSqoS2X5Urwou8KNAN4kY20JNgoM8L3ef8TcHctE2vwQ0jvCLxec%2FC3hr61NyO8QVxi8KzJvjRaHqkDkzJ5GQ3N1JLfA7Mdg%2FZTRzu2C7v5ubmJPR%2BiA24xOoKUvsYJQ0KiXRkWdGG5bprG4DjFWgkrGVh0yH4lj5R97BQ0uIIZehSQXibhI9RiANf459jDJN3eTQ6mcpYkvz%2FW0GnHKRgjcqRFqXnqsUdEHnuUkmZvdhbyRdPrkHvn99RhVmX4QXHYO0ehZVXknk42D5euG0acZMSyygTXrZZNu6e%2BriIrlmMGQgKuwN%2FNVz%2Bocl987zG%2Fmf7r%2FRz1ZSXkNtixN7LQwpZ%2BCM7zP64ugTT%2FWoo76hZgf5PjlW3C9k8tIPXEVT6HKIzteaP6YrviJCuy8VAybH5t1aDY%2FGl5MXiFjfGZNf3921yvTlwmWOi0oUFky5460M1RYwt4UHkwmFIAIJF4TN5kIu%2FaJxYHTCG%2BC14r7TjVPJuy%2FI2iYEJOA58G9yOevW6ixm650ELGqXXgbRRUH3hec6j%2FrRdrNdPU7isX%2FBBicEACDS97uvz62YkJwwJ5AUEnfuV%2FhnlJzIjNC%2Fq7xAb2sXuv6HTdtJYaJbe5%2BXWwq0AppO5NV9oU2cD%2F%2F1JhRN6GZ3myMGYGwDRYdPIqJ0l9PUCetBrSQR7830WkfGJ%2FHfuIWH%2F45zGsixZXYwHfE90rVvCisAjJ%2BBsjYX%2BKSx3PXAg2%2BKzybzyd6m%2B6ArimL%2FwWXF4t6eEFOrzKL8zYzNMDlKab6rgFhXPYw%2Bseulb9lwi90MlPoBmDjuEDJxtD7tNYMd3yWBIYyVN3Pv6adra6cKizf8zGBTl3ofs%2Fj5v2wjb1Dp33tbcASpHAL0rfyns7O%2Bm%2BZRAtn1tr5JRFSseu%2BqNXCiFCr2Oc3%2FCseGewyQhMqBkcPDOxfRvPMNdQhR4e92EDnFV1a%2FzJKSf%2BvqBzDiAeqBojmIjUppKBPtDTs0J%2B6UIPzkO8z5Ff%2BstJwF%2FplkftFk6CpAvDITRDgKgbMJ%2BVB8CqeOF2%2FS3Q4LEcLxxUUTgUvEQb9OxVWzd7YDTSAvcCvc3y9T3d0bJxJ0%2BGjZO2ZbnB7tDgBmC4clqtwp3m2JyFWOWzzkmLx16bfgA259Piju0qHZKFtQaASrFTy2QxM0MmyXpgcBWZgiubyta4%2B6d9YkgMQp4tcsL6k1HLYGRHujkaixzdVgjvXwsQ0EqYeX5RM2vzWaPhxSK%2BnsjxgiURZbj5wWvVQPml9RHnTdyYRvELRAqxPCFhYFQ%2BpEIwUHwEuvgkvgmyHjN3ZspADp%2BcO9B9VoAFmLg74jkcifZJqy2WpIPTL6JASkn9A2UgmmnAAqmu%2BwEayHVtrBGrpswqeKT3q7JttEn5YbbWYN%2FLyOtVG5VCBoxjP3XFTcLV0wcXHSrm6EMPkzi%2Bqv%2BYHUBJQ43YycfduyjZuWw9jmU4wm8O%2BIFVsaSxmmxnsQ2jAotpr%2BxUZXTjInv8TvHuO4xaLqyifS%2B7Ht1wAwrXtcfseEkkCVwRLib5F%2FEMIWWDrYpKWx5fYZjBNlhMb21WvehQkeVu71jK%2FUdqV%2BBVfT8yjHbk7vaxxxiewLXV7LP3D56LPD8koeIwptkJ62JHFBjnlvR9XHZowkiPZZ3X7BV3S6S6t5TIjDHVeuO3PZnSv9ic0BGb8Srbq2eABgsmOXPKTHgaTAFzUTa8axECwKYWQfZvJRnDrvP8qt34C2Y9tDa1THJqdtb3x3Qco6exHd5WpH2LcR0j1fc4ZJDocOXnZaQKyvDlMTZIfA4O2WzeECxHIJIe2ulebZpJHCX3bFtBrlmy45z4pwbl%2BcUBzLLpzn8Ro7g5427G3aj%2Ftn5s1K42yMbrcNCbaSPK4SnCAA9%2BkKqwcoatuiyi3fy7vhOAgP0BNNFRO8LjLsJth%2BfRRQDTNLD0jUKPtS7DtAKck3h30%2FRFJj4QYLYeQ%3D"
+ ):
+ return True
+ return False
+
+
+def PBKDF2_version_probe_matcher_incorrect_modern(request):
if (
request.body != "dialogParametersHolder=AAAA"
and request.body
- != "dialogParametersHolder=%2Bv%2BRs6kf9lDUYnqqYk32Vg84DkpdruQOKGZRmm6RMkaYuxNmvg5Ca5cT%2F74qkOozHIKkG1ovf6XBsjlp4kgO8BJ6KgNcT78BExQZfT1mN5rMO8kcLDRdffFhFXmvAr0o%2F4x%2B9VoRJVaOyGLXk2nhX4OMP%2BjGP2C96Fa6LyfGWHlk1CF0E5mAPeQ6CLbycR88WU5hlmUUqniXC2UdeYd6HO9RFnISEnhq72MkdiEfvNsqAhr2XaCX2%2BQxFXfCLi2%2Fc%2Bn2NmUiFRdhCLutnVxILEnYiRmU5eHJdB2IOTtoc2XZ3NUdZJwrwOswjzCkk7LOwt2bddTvOXdfWtRrbNz1GDNXlPz1cXotgAhucxLLsknNDbeeboMbL%2Bk3tIeervi7oI%2FRQn6Ml3ffUAfcqHzwcZCEIlQXh%2FBEIKHAY9fGKs5JSdtRbREDI0rh9sH%2B0TmYv444WQyqYpa8pOqtxgC1QRRcsNQcVGFzpyNL2SfKSlLTZi5Q7bo8XMTfLG6jg60csDEDiJ7MwJBGIm1iYzt%2FP9JEKkZujTMyHoBI0RESNpux7BeanEIDsfDmfwbcUo%2B2%2BkoHkCE4zXWBdW3lqssk4GwSbc0mbmf3U79rsQdNEqIOL87evE1U6tGB5PuXgwAIj9sKdyffd8%2B%2Bz1CCffFovLM72ilbCmSljAJ%2BvVBfNpTiL7RV7j3XGygljzi4NL8yXJuCLYiNxmqPMdV8DahLed0jSe2mkU1u6rx4yS3dcWEfwMWjI5tVrfnbqtdInC8TliXkTZ919CtORoydmIXGL1u3kdBIq8EZcjRMa4bN4VTvUlbqeIe8p8QYEQwAi7vXiZCKS6R6dmJfQv%2B%2FqBHXWSFuglLYde019GNtNdGQfEnY31zT0Q86ieDYn4k55LbYq5lK8PNjg50gdJxn9fNtHTQ7frKP9vRM4cImRSvDBTATVw1PDzMqn0exo3xciYd5%2BXYAxlFoqwFMDz40w2xR4OWwoPsixpVjR2DYiqYiZrYytFMjziRCLQhkVuJpED8nB9CTlo05WBKN%2Bb4UBHBg%2FkCkHXJxNakIX7UbAjDcqzrNCGhjrgehCGA81uOf0Ppfswda0ZHMi8g9W6Y7uwWmn7Ux7xBMgDCUNIi8I3UvLGXdKnuB8YHX8TLC1z2%2Fm3ip797Pix1ya2sBsbw9KgOJ7PBT0u9W0puchi7zpT%2FzFe3V2HbV0ottDethRJhzaN856VgvjyNhbbmA04gnal%2Fq01j7LNWxEwTjNPyHORI1l9jztvYqItLei7YQYg2pFhmvuv0Od8DPfH40Y1m3mL2F2d%2FAy3ImzFI%2BKQB6mnGPvRcDIS1j7zPhciKRuLfu3dCxhIH7ojo83rhQus3SyXdyZ5cjkFKcG3H7WmBBMOFs2o5xjWcdLARevRbNbqwRfATerc5GuJxy1Qb8RJvOqhDcS5YAHyxVMx2QYU3yMhg0tCpy4wW%2FHsa33feu3NeBu9lRI38ojJNM7o6xYRoSTQu4tYadB4Yh4w60e%2FsttnecOC5plZrLw6BYN2piqvUD07BnO4yTvrpdBDXR%2BMFDchnFh2YK9JtvvtAISvpoSOJojOhwRKuafCwEJn0GB1dsdmOOxxaFHkPXQ7789eCxlTL5mkVf3ktzmHQdDyBxBlDLFWSjmFIBHp%2BPobFdDOmv5p6J3%2F%2FM23PMgGDLRMrj5LVZV3trGV1ZaJHEFIGmVwW0tN4426Q4rCdcxT4ju%2B%2FNhcq90e8crWw9nrF2rPTzW1YM7VqWWwhLj8MtVtGZFa3N%2FxdjEys8FWyT8VqAbC4IltuT5lW1ou1SXsA96h%2F9y3vzJADbm4Lv624OGnh6M%2FCmR930i6YeUlWWmMw1%2FpcZ5werHPm9v0OWulNmGfbNEoKuThz2sSCZ8FLNVToygv1VXPXnur4dJnoCkwBP2%2BQQ6%2FHlyFRXnrrGsiDJE3qtRXgECIhc2zpuC5HAz9FhIfC9VZZ5nxRMbhA6W%2Fz%2BjPpKLCBpmLqHJfy8%2B%2FausiZJv7d9yQ0SvHtq0y%2FSY04hOgZTJul6IIYpObD6s%2FqrGy2nMmY3%2FtEn830%2F%2BFERnXMeBsj%2B%2F5ZSewYe4xBnub1wvSbsA3qjoU5gq7fhDJOhmMQXkbas%2FRholsU9CNKNXpSyqVarqAc8XwaG34JmdG3wjQXd6p%2Bz2jZLew5ja8nelvVdIeN%2F9ejCNOoXcPApYLHyxslcrEuJrSHlAMR4FbonfrFhYYTR%2B8pdxRGYGpVUDxlIRvay5xE4PoiuJ4tF82nhc3kr%2FsJWj86DXt9uK%2FPIDMokhA1wZ2BS8rN8V8J43gXMVkQtHFyqiAMoKttVwox3GtbTdmzYcjtjdZmL3VB27giGRreZsDbr6lsLJKVYnGtzAwL1nb45fLFtBNpiGXKHwE0soY3dapt%2FwadcvpFryVyG%2BesgLUwLWjgGepMMbQgPgi7Lk9TDgl5pO9Sg2%2B%2BCDEKkhmknkE%2FW4zr%2FbE3Qg97NK3hkIC0ajQvysQCsD2G98NREwRp5Yo2qUVqoKsz%2BM5FifnHVivHtbpB%2B0jSdbMPBVqrn6aJutLfJazoTo1MP5RGYQXwBR%2BiE%2BzrvvH3cYwPt7ac%2FkG%2BPEEDYQKPU%2F945Sh5D2ST2TwV1nVjoVq0xMgmM4rJmTTKSABcevdVyK41RiiOgJ1hXMLvtClnaA0rmU1zdilFkAHpka5VW9IKQa4edHYgnnLRdQfQ6YljskVGbbHuSZX9a5AiW9eHYyoNYZno%3D"
+ != "dialogParametersHolder=%2Bv%2BRs6kf9lDUYnqqYk32Vg84DkpdruQOKGZRmm6RMkaYuxNmvg5Ca5cT%2F74qkOozHIKkG1ovf6XBsjlp4kgO8BJ6KgNcT78BExQZfT1mN5rMO8kcLDRdffFhFXmvAr0o%2F4x%2B9VoRJVaOyGLXk2nhX4OMP%2BjGP2C96Fa6LyfGWHlk1CF0E5mAPeQ6CLbycR88WU5hlmUUqniXC2UdeYd6HO9RFnISEnhq72MkdiEfvNsqAhr2XaCX2%2BQxFXfCLi2%2Fc%2Bn2NmUiFRdhCLutnVxILEnYiRmU5eHJdB2IOTtoc2XZ3NUdZJwrwOswjzCkk7LOwt2bddTvOXdfWtRrbNz1GDNXlPz1cXotgAhucxLLsknNDbeeboMbL%2Bk3tIeervi7oI%2FRQn6Ml3ffUAfcqHzwcXSXq6ey16mT7GUJbst%2BCQnfUQu5gqzYBOwSmvNPc9AtoVWV%2F5dfO1uPm%2F%2FfLxuOXoxO5v7UIJNIX1KUEuFcysdbBSkZHdCqSRasDt63Li1lZEqHBCuHSNj%2BcEcRGx841w%2BCN%2BWrJyanc%2F3OOP%2BNWRYRstLeKZVf3aRHhKYNp4Q%2B%2BSEQxIVpv9UxWpkOSs%2Bbckk36t3N6DCcKGB1z9lelAGTDzlOLPUh9GhikJAESqLytLBC0CXn40%2BI%2BlBRZ44m4TX53YDcKBPOfiP880p3%2BfnIOY1X6p7HMNoi5jcUlphEQv5aN60B7TkYzZVRQS6xX0gq8r1La9iEUeE4t8378DhGQ8qkcHv1JkJM4WBgQaFzfWxj5Dg%2BL7USGaCKNH4W0kzeBSNrRW5ETwJDrDh683%2BzOJCEqh5Wlqjswo4986yHARJEJzRgJC2O4EbGcGyBtiaNioPFUyyX87ovcxMqIdMEyfZpo5QeWd4s0Sufx4vICyl%2BkGtzo0f7xIhIeuJRsbXvKmHxx0wwVJZsOFR5SBYrd7%2Bs6TM8waDsXr5pC%2FdTT3pBCh%2BWPS%2Fy%2FMgHjh75q6lWy4UTygpb6brMqiW%2F%2F1NXRLLHqqweT8xy5N0x7ck8bspjo7yF1rNn%2FixyuQ7HLZsEiXEbwBCBGGnTF2P4geoz9t7y7wUdoRw5SDyhSqoS2X5Urwou8KNAN4kY20JNgoM8L3ef8TcHctE2vwQ0jvCLxec%2FC3hr61NyO8QVxi8KzJvjRaHqkDkzJ5GQ3N1JLfA7Mdg%2FZTRzu2C7v5ubmJPR%2BiA24xOoKUvsYJQ0KiXRkWdGG5bprG4DjFWgkrGVh0yH4lj5R97BQ0uIIZehSQXibhI9RiANf459jDJN3eTQ6mcpYkvz%2FW0GnHKRgjcqRFqXnqsUdEHnuUkmZvdhbyRdPrkHvn99RhVmX4QXHYO0ehZVXknk42D5euG0acZMSyygTXrZZNu6e%2BriIrlmMGQgKuwN%2FNVz%2Bocl987zG%2Fmf7r%2FRz1ZSXkNtixN7LQwpZ%2BCM7zP64ugTT%2FWoo76hZgf5PjlW3C9k8tIPXEVT6HKIzteaP6YrviJCuy8VAybH5t1aDY%2FGl5MXiFjfGZNf3921yvTlwmWOi0oUFky5460M1RYwt4UHkwmFIAIJF4TN5kIu%2FaJxYHTCG%2BC14r7TjVPJuy%2FI2iYEJOA58G9yOevW6ixm650ELGqXXgbRRUH3hec6j%2FrRdrNdPU7isX%2FBBicEACDS97uvz62YkJwwJ5AUEnfuV%2FhnlJzIjNC%2Fq7xAb2sXuv6HTdtJYaJbe5%2BXWwq0AppO5NV9oU2cD%2F%2F1JhRN6GZ3myMGYGwDRYdPIqJ0l9PUCetBrSQR7830WkfGJ%2FHfuIWH%2F45zGsixZXYwHfE90rVvCisAjJ%2BBsjYX%2BKSx3PXAg2%2BKzybzyd6m%2B6ArimL%2FwWXF4t6eEFOrzKL8zYzNMDlKab6rgFhXPYw%2Bseulb9lwi90MlPoBmDjuEDJxtD7tNYMd3yWBIYyVN3Pv6adra6cKizf8zGBTl3ofs%2Fj5v2wjb1Dp33tbcASpHAL0rfyns7O%2Bm%2BZRAtn1tr5JRFSseu%2BqNXCiFCr2Oc3%2FCseGewyQhMqBkcPDOxfRvPMNdQhR4e92EDnFV1a%2FzJKSf%2BvqBzDiAeqBojmIjUppKBPtDTs0J%2B6UIPzkO8z5Ff%2BstJwF%2FplkftFk6CpAvDITRDgKgbMJ%2BVB8CqeOF2%2FS3Q4LEcLxxUUTgUvEQb9OxVWzd7YDTSAvcCvc3y9T3d0bJxJ0%2BGjZO2ZbnB7tDgBmC4clqtwp3m2JyFWOWzzkmLx16bfgA259Piju0qHZKFtQaASrFTy2QxM0MmyXpgcBWZgiubyta4%2B6d9YkgMQp4tcsL6k1HLYGRHujkaixzdVgjvXwsQ0EqYeX5RM2vzWaPhxSK%2BnsjxgiURZbj5wWvVQPml9RHnTdyYRvELRAqxPCFhYFQ%2BpEIwUHwEuvgkvgmyHjN3ZspADp%2BcO9B9VoAFmLg74jkcifZJqy2WpIPTL6JASkn9A2UgmmnAAqmu%2BwEayHVtrBGrpswqeKT3q7JttEn5YbbWYN%2FLyOtVG5VCBoxjP3XFTcLV0wcXHSrm6EMPkzi%2Bqv%2BYHUBJQ43YycfduyjZuWw9jmU4wm8O%2BIFVsaSxmmxnsQ2jAotpr%2BxUZXTjInv8TvHuO4xaLqyifS%2B7Ht1wAwrXtcfseEkkCVwRLib5F%2FEMIWWDrYpKWx5fYZjBNlhMb21WvehQkeVu71jK%2FUdqV%2BBVfT8yjHbk7vaxxxiewLXV7LP3D56LPD8koeIwptkJ62JHFBjnlvR9XHZowkiPZZ3X7BV3S6S6t5TIjDHVeuO3PZnSv9ic0BGb8Srbq2eABgsmOXPKTHgaTAFzUTa8axECwKYWQfZvJRnDrvP8qt34C2Y9tDa1THJqdtb3x3Qco6exHd5WpH2LcR0j1fc4ZJDocOXnZaQKyvDlMTZIfA4O2WzeECxHIJIe2ulebZpJHCX3bFtBrlmy45z4pwbl%2BcUBzLLpzn8Ro7g5427G3aj%2Ftn5s1K42yMbrcNCbaSPK4SnCAA9%2BkKqwcoatuiyi3fy7vhOAgP0BNNFRO8LjLsJth%2BfRRQDTNLD0jUKPtS7DtAKck3h30%2FRFJj4QYLYeQ%3D"
and request.body
- != "dialogParametersHolder=Ct3E%2FAXZ0ct05hNqzzSbCRVxte%2F%2BQBIVbVz21p21CqLSnQsGfzTjsiq%2FxoAQaaDuaafBKu8cNXMOGT5kJcE0snNDBVbQqvbQLEYa1cWQYr%2FL2tOMq8Rnuzq6F7HKpN2%2BP0tdCPxrO3s6K2W43kvEO5wyaDlijlF9r2XI6UL1FUk%3D"
+ != "dialogParametersHolder=%2Bv%2BRs6kf9lDUYnqqYk32Vg84DkpdruQOKGZRmm6RMkaYuxNmvg5Ca5cT%2F74qkOozHIKkG1ovf6XBsjlp4kgO8BJ6KgNcT78BExQZfT1mN5rFGZylxNlfmCxZEQFLAyV2xh%2FkGVb%2Bk95TQYnppybCMfuwinH7NDbVXKO7qr3kTNUCkgUUdFGWw6%2BoM49hkD%2BwQN%2F62S%2F%2BfVkxGJeRQEKHakLELFYpjwgW6UsXXDGmQilTdKx4iZ1MlO3JsD%2FWMUF94bACEiq26YUKhW7j0MEChv4regUuWBhAvrq0WKEdRbk%3D"
):
return True
return False
@@ -290,7 +310,8 @@ def generate_keylist_hash(include_machinekeys):
m.post(
f"http://PBKDF2.telerik.com/Telerik.Web.UI.DialogHandler.aspx",
additional_matcher=PBKDF2_version_probe_matcher_incorrect,
- status_code=500,
+ status_code=200,
+ text="Could not load file or assembly 'Telerik.Web.UI, Version=1984.5.622, Culture=neutral, PublicKeyToken=121fae78165ba3d4' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)",
)
monkeypatch.setattr(
@@ -301,16 +322,86 @@ def generate_keylist_hash(include_machinekeys):
captured = capsys.readouterr()
print(captured.out)
assert "Target is a newer version of Telerik UI" in captured.out
- assert "Found Encryption key!" in captured.out
- assert "Found matching hashkey!" in captured.out
+ assert "Found encryption key: [d2a312d9-7af4-43de-be5a-ae717b46cea6]" in captured.out
+ assert "SUCCESS! Found encryption key: [d2a312d9-7af4-43de-be5a-ae717b46cea6]" in captured.out
+ assert ("SUCCESS! Found working version: 2018.1.117") in captured.out
assert (
- "%2Bv%2BRs6kf9lDUYnqqYk32Vg84DkpdruQOKGZRmm6RMkaYuxNmvg5Ca5cT%2F74qkOozHIKkG1ovf6XBsjlp4kgO8BJ6KgNcT78BExQZfT1mN5rMO8kcLDRdffFhFXmvAr0o%2F4x%2B9VoRJVaOyGLXk2nhX4OMP%2BjGP2C96Fa6LyfGWHlk1CF0E5mAPeQ6CLbycR88WU5hlmUUqniXC2UdeYd6HO9RFnISEnhq72MkdiEfvNsqAhr2XaCX2%2BQxFXfCLi2%2Fc%2Bn2NmUiFRdhCLutnVxILEnYiRmU5eHJdB2IOTtoc2XZ3NUdZJwrwOswjzCkk7LOwt2bddTvOXdfWtRrbNz1GDNXlPz1cXotgAhucxLLsknNDbeeboMbL%2Bk3tIeervi7oI%2FRQn6Ml3ffUAfcqHzwcZCEIlQXh%2FBEIKHAY9fGKs5JSdtRbREDI0rh9sH%2B0TmYv444WQyqYpa8pOqtxgC1QRRcsNQcVGFzpyNL2SfKSlLTZi5Q7bo8XMTfLG6jg60csDEDiJ7MwJBGIm1iYzt%2FP9JEKkZujTMyHoBI0RESNpux7BeanEIDsfDmfwbcUo%2B2%2BkoHkCE4zXWBdW3lqssk4GwSbc0mbmf3U79rsQdNEqIOL87evE1U6tGB5PuXgwAIj9sKdyffd8%2B%2Bz1CCffFovLM72ilbCmSljAJ%2BvVBfNpTiL7RV7j3XGygljzi4NL8yXJuCLYiNxmqPMdV8DahLed0jSe2mkU1u6rx4yS3dcWEfwMWjI5tVrfnbqtdInC8TliXkTZ919CtORoydmIXGL1u3kdBIq8EZcjRMa4bN4VTvUlbqeIe8p8QYEQwAi7vXiZCKS6R6dmJfQv%2B%2FqBHXWSFuglLYde019GNtNdGQfEnY31zT0Q86ieDYn4k55LbYq5lK8PNjg50gdJxn9fNtHTQ7frKP9vRM4cImRSvDBTATVw1PDzMqn0exo3xciYd5%2BXYAxlFoqwFMDz40w2xR4OWwoPsixpVjR2DYiqYiZrYytFMjziRCLQhkVuJpED8nB9CTlo05WBKN%2Bb4UBHBg%2FkCkHXJxNakIX7UbAjDcqzrNCGhjrgehCGA81uOf0Ppfswda0ZHMi8g9W6Y7uwWmn7Ux7xBMgDCUNIi8I3UvLGXdKnuB8YHX8TLC1z2%2Fm3ip797Pix1ya2sBsbw9KgOJ7PBT0u9W0puchi7zpT%2FzFe3V2HbV0ottDethRJhzaN856VgvjyNhbbmA04gnal%2Fq01j7LNWxEwTjNPyHORI1l9jztvYqItLei7YQYg2pFhmvuv0Od8DPfH40Y1m3mL2F2d%2FAy3ImzFI%2BKQB6mnGPvRcDIS1j7zPhciKRuLfu3dCxhIH7ojo83rhQus3SyXdyZ5cjkFKcG3H7WmBBMOFs2o5xjWcdLARevRbNbqwRfATerc5GuJxy1Qb8RJvOqhDcS5YAHyxVMx2QYU3yMhg0tCpy4wW%2FHsa33feu3NeBu9lRI38ojJNM7o6xYRoSTQu4tYadB4Yh4w60e%2FsttnecOC5plZrLw6BYN2piqvUD07BnO4yTvrpdBDXR%2BMFDchnFh2YK9JtvvtAISvpoSOJojOhwRKuafCwEJn0GB1dsdmOOxxaFHkPXQ7789eCxlTL5mkVf3ktzmHQdDyBxBlDLFWSjmFIBHp%2BPobFdDOmv5p6J3%2F%2FM23PMgGDLRMrj5LVZV3trGV1ZaJHEFIGmVwW0tN4426Q4rCdcxT4ju%2B%2FNhcq90e8crWw9nrF2rPTzW1YM7VqWWwhLj8MtVtGZFa3N%2FxdjEys8FWyT8VqAbC4IltuT5lW1ou1SXsA96h%2F9y3vzJADbm4Lv624OGnh6M%2FCmR930i6YeUlWWmMw1%2FpcZ5werHPm9v0OWulNmGfbNEoKuThz2sSCZ8FLNVToygv1VXPXnur4dJnoCkwBP2%2BQQ6%2FHlyFRXnrrGsiDJE3qtRXgECIhc2zpuC5HAz9FhIfC9VZZ5nxRMbhA6W%2Fz%2BjPpKLCBpmLqHJfy8%2B%2FausiZJv7d9yQ0SvHtq0y%2FSY04hOgZTJul6IIYpObD6s%2FqrGy2nMmY3%2FtEn830%2F%2BFERnXMeBsj%2B%2F5ZSewYe4xBnub1wvSbsA3qjoU5gq7fhDJOhmMQXkbas%2FRholsU9CNKNXpSyqVarqAc8XwaG34JmdG3wjQXd6p%2Bz2jZLew5ja8nelvVdIeN%2F9ejCNOoXcPApYLHyxslcrEuJrSHlAMR4FbonfrFhYYTR%2B8pdxRGYGpVUDxlIRvay5xE4PoiuJ4tF82nhc3kr%2FsJWj86DXt9uK%2FPIDMokhA1wZ2BS8rN8V8J43gXMVkQtHFyqiAMoKttVwox3GtbTdmzYcjtjdZmL3VB27giGRreZsDbr6lsLJKVYnGtzAwL1nb45fLFtBNpiGXKHwE0soY3dapt%2FwadcvpFryVyG%2BesgLUwLWjgGepMMbQgPgi7Lk9TDgl5pO9Sg2%2B%2BCDEKkhmknkE%2FW4zr%2FbE3Qg97NK3hkIC0ajQvysQCsD2G98NREwRp5Yo2qUVqoKsz%2BM5FifnHVivHtbpB%2B0jSdbMPBVqrn6aJutLfJazoTo1MP5RGYQXwBR%2BiE%2BzrvvH3cYwPt7ac%2FkG%2BPEEDYQKPU%2F945Sh5D2ST2TwV1nVjoVq0xMgmM4rJmTTKSABcevdVyK41RiiOgJ1hXMLvtClnaA0rmU1zdilFkAHpka5VW9IKQa4edHYgnnLRdQfQ6YljskVGbbHuSZX9a5AiW9eHYyoNYZno%3D"
+ "%2Bv%2BRs6kf9lDUYnqqYk32Vg84DkpdruQOKGZRmm6RMkaYuxNmvg5Ca5cT%2F74qkOozHIKkG1ovf6XBsjlp4kgO8BJ6KgNcT78BExQZfT1mN5rMO8kcLDRdffFhFXmvAr0o%2F4x%2B9VoRJVaOyGLXk2nhX4OMP%2BjGP2C96Fa6LyfGWHlk1CF0E5mAPeQ6CLbycR88WU5hlmUUqniXC2UdeYd6HO9RFnISEnhq72MkdiEfvNsqAhr2XaCX2%2BQxFXfCLi2%2Fc%2Bn2NmUiFRdhCLutnVxILEnYiRmU5eHJdB2IOTtoc2XZ3NUdZJwrwOswjzCkk7LOwt2bddTvOXdfWtRrbNz1GDNXlPz1cXotgAhucxLLsknNDbeeboMbL%2Bk3tIeervi7oI%2FRQn6Ml3ffUAfcqHzwcZCEIlQXh%2FBEIKHAY9fGKs5JSdtRbREDI0rh9sH%2B0TmYv444WQyqYpa8pOqtxgC1QRRcsNQcVGFzpyNL2SfKSlLTZi5Q7bo8XMTfLG6jg60csDEDiJ7MwJBGIm1iYzt%2FP9JEKkZujTMyHoBI0RESNpux7BeanEIDsfDmfwbcUo%2B2%2BkoHkCE4zXWBdW3lqssk4GwSbc0mbmf3U79rsQdNEqIOL87evE1U6tGB5PuXgwAIj9sKdyffd8%2B%2Bz1CCffFovLM72ilbCmSljAJ%2BvVBfNpTiL7RV7j3XGygljzi4NL8yXJuCLYiNxmqPMdV8DahLed0jSe2mkU1u6rx4yS3dcWEfwMWjI5tVrfnbqtdInC8TliXkTZ919CtORoydmIXGL1u3kdBIq8EZcjRMa4bN4VTvUlbqeIe8p8QYEQwAi7vXiZCKS6R6dmJfQv%2B%2FqBHXWSFuglLYde019GNtNdGQfEnY31zT0Q86ieDYn4k55LbYq5lK8PNjg50gdJxn9fNtHTQ7frKP9vRM4cImRSvDBTATVw1PDzMqn0exo3xciYd5%2BXYAxlFoqwFMDz40w2xR4OWwoPsixpVjR2DYiqYiZrYytFMjziRCLQhkVuJpED8nB9CTlo05WBKN%2Bb4UBHBg%2FkCkHXJxNakIX7UbAjDcqzrNCGhjrgehCGA81uOf0Ppfswda0ZHMi8g9W6Y7uwWmn7Ux7xBMgDCUNIi8I3UvLGXdKnuB8YHX8TLC1z2%2Fm3ip797Pix1ya2sBsbw9KgOJ7PBT0u9W0puchi7zpT%2FzFe3V2HbV0ottDethRJhzaN856VgvjyNhbbmA04gnal%2Fq01j7LNWxEwTjNPyHORI1l9jztvYqItLei7YQYg2pFhmvuv0Od8DPfH40Y1m3mL2F2d%2FAy3ImzFI%2BKQB6mnGPvRcDIS1j7zPhciKRuLfu3dCxhIH7ojo83rhQus3SyXdyZ5cjkFKcG3H7WmBBMOFs2o5xjWcdLARevRbNbqwRfATerc5GuJxy1Qb8RJvOqhDcS5YAHyxVMx2QYU3yMhg0tCpy4wW%2FHsa33feu3NeBu9lRI38ojJNM7o6xYRoSTQu4tYadB4Yh4w60e%2FsttnecOC5plZrLw6BYN2piqvUD07BnO4yTvrpdBDXR%2BMFDchnFh2YK9JtvvtAISvpoSOJojOhwRKuafCwEJn0GB1dsdmOOxxaFHkPXQ7789eCxlTL5mkVf3ktzmHQdDyBxBlDLFWSjmFIBHp%2BPobFdDOmv5p6J3%2F%2FM23PMgGDLRMrj5LVZV3trGV1ZaJHEFIGmVwW0tN4426Q4rCdcxT4ju%2B%2FNhcq90e8crWw9nrF2rPTzW1YM7VqWWwhLj8MtVtGZFa3N%2FxdjEys8FWyT8VqAbC4IltuT5lW1ou1SXsA96h%2F9y3vzJADbm4Lv624OGnh6M%2FCmR930i6YeUlWWmMw1%2FpcZ5werHPm9v0OWulNmGfbNEoKuThz2sSCZ8FLNVToygv1VXPXnur4dJnoCkwBP2%2BQQ6%2FHlyFRXnrrGsiDJE3qtRXgECIhc2zpuC5HAz9FhIfC9VZZ5nxRMbhA6W%2Fz%2BjPpKLCBpmLqHJfy8%2B%2FausiZJv7d9yQ0SvHtq0y%2FSY04hOgZTJul6IIYpObD6s%2FqrGy2nMmY3%2FtEn830%2F%2BFERnXMeBsj%2B%2F5ZSewYe4xBnub1wvSbsA3qjoU5gq7fhDJOhmMQXkbas%2FRholsU9CNKNXpSyqVarqAc8XwaG34JmdG3wjQXd6p%2Bz2jZLew5ja8nelvVdIeN%2F9ejCNOoXcPApYLHyxslcrEuJrSHlAMR4FbonfrFhYYTR%2B8pdxRGYGpVUDxlIRvayztxVhLnSpRwg5uIXktoMwJ%2FSaF8x29hA9LIyUqAu4%2FR2hQW%2B4SImPpsXXpqtiGkjfub23eHBh6%2BtPfI7KNBt0Sz%2F3IcUvQk%2BWZYFfPMd8cXJdempaxEs%2BWRlN16p%2BjqhLiVh2A8iaZ4WvdHZmEP7slp3BgAJHjnl7C9sEWeDqCEwe%2FjIDLeJ1X%2FDjBXwflC7CNUtfL5Xw3En%2FArqlvVhUGhwvFy6lQocBfs6%2BLYvOaWiwZ37DX8rkRZlWpkY2rpapUrmnba7Ly%2FoLx924DzkK78M%2BzFL0ra5b1t6Rgv5zuibZAhF47t1EdOxpWIlBlf3zB9gg2M5Rk%2F9IMH%2BzrDHou9o9uO%2BDC6WFddIOuEWc1nrjSenwFkvqgNVdc9CtdiVDWnFLKJh70er5L8AlH7uCb4iXrYljyCSAeyr0DiKz6T8ox10NRGPI6iJbYf%2FIr3IuZE1oJgqcvn7tKhQBOq4jemlZpbeQgPy0FxO0%2BDxeqI%3D"
in captured.out
)
+
+
+def test_fullrun_PBKDF2_version_customkeys(monkeypatch, capsys, mocker):
+
+ def generate_keylist_enc(include_machinekeys):
+ return iter(["Not_The_Real_Encryption_Key", "another_fake_encryption_key"])
+
+ def generate_keylist_hash(include_machinekeys):
+ return iter(["Not_The_Real_HaSh_Key", "Y3t_anoth3r_f@k3_key"])
+
+ mocker.patch.object(Telerik_EncryptionKey, "prepare_keylist", side_effect=generate_keylist_enc)
+ mocker.patch.object(Telerik_HashKey, "prepare_keylist", side_effect=generate_keylist_hash)
+
+ with requests_mock.Mocker() as m:
+ # Basic Probe Detects Telerik
+ m.get(
+ f"http://PBKDF2.telerik.com/Telerik.Web.UI.DialogHandler.aspx", status_code=200, text=partial_dialog_page
+ )
+
+ m.post(
+ f"http://PBKDF2.telerik.com/Telerik.Web.UI.DialogHandler.aspx",
+ additional_matcher=PBKDF2_found_key_matcher,
+ status_code=200,
+ text="Please refresh the editor page.Error Message:Index was outside the bounds of the array",
+ )
+
+ m.post(
+ f"http://PBKDF2.telerik.com/Telerik.Web.UI.DialogHandler.aspx",
+ additional_matcher=PBKDF2_found_key_matcher_negative,
+ status_code=200,
+ text="
Error Message:Exception of type 'System.Exception' was thrown.
",
+ )
+
+ m.post(
+ f"http://PBKDF2.telerik.com/Telerik.Web.UI.DialogHandler.aspx",
+ additional_matcher=PBKDF2_version_probe_matcher,
+ status_code=200,
+ text="DoesntMatter",
+ )
+
+ m.post(
+ f"http://PBKDF2.telerik.com/Telerik.Web.UI.DialogHandler.aspx",
+ additional_matcher=PBKDF2_version_probe_matcher_incorrect,
+ status_code=200,
+ text="
telerikCould not load file or assembly 'Telerik.Web.UI, Version=1984.5.622, Culture=neutral, PublicKeyToken=121fae78165ba3d4' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)",
+ )
+
+ monkeypatch.setattr(
+ "sys.argv",
+ [
+ "python",
+ "--url",
+ "http://PBKDF2.telerik.com/Telerik.Web.UI.DialogHandler.aspx",
+ "--version",
+ "2018.1.117",
+ "--custom-keys",
+ "d2a312d9-7af4-43de-be5a-ae717b46cea6,YOUR_ENCRYPTION_KEY_TO_GO_HERE",
+ ],
+ )
+ telerik_knownkey.main()
+ captured = capsys.readouterr()
print(captured.out)
+ assert "Target is a newer version of Telerik UI" in captured.out
+ assert "Found encryption key: [d2a312d9-7af4-43de-be5a-ae717b46cea6]" in captured.out
+ assert "SUCCESS! Found encryption key: [d2a312d9-7af4-43de-be5a-ae717b46cea6]" in captured.out
+ assert ("SUCCESS! Found working version: 2018.1.117") in captured.out
+ assert (
+ "%2Bv%2BRs6kf9lDUYnqqYk32Vg84DkpdruQOKGZRmm6RMkaYuxNmvg5Ca5cT%2F74qkOozHIKkG1ovf6XBsjlp4kgO8BJ6KgNcT78BExQZfT1mN5rMO8kcLDRdffFhFXmvAr0o%2F4x%2B9VoRJVaOyGLXk2nhX4OMP%2BjGP2C96Fa6LyfGWHlk1CF0E5mAPeQ6CLbycR88WU5hlmUUqniXC2UdeYd6HO9RFnISEnhq72MkdiEfvNsqAhr2XaCX2%2BQxFXfCLi2%2Fc%2Bn2NmUiFRdhCLutnVxILEnYiRmU5eHJdB2IOTtoc2XZ3NUdZJwrwOswjzCkk7LOwt2bddTvOXdfWtRrbNz1GDNXlPz1cXotgAhucxLLsknNDbeeboMbL%2Bk3tIeervi7oI%2FRQn6Ml3ffUAfcqHzwcZCEIlQXh%2FBEIKHAY9fGKs5JSdtRbREDI0rh9sH%2B0TmYv444WQyqYpa8pOqtxgC1QRRcsNQcVGFzpyNL2SfKSlLTZi5Q7bo8XMTfLG6jg60csDEDiJ7MwJBGIm1iYzt%2FP9JEKkZujTMyHoBI0RESNpux7BeanEIDsfDmfwbcUo%2B2%2BkoHkCE4zXWBdW3lqssk4GwSbc0mbmf3U79rsQdNEqIOL87evE1U6tGB5PuXgwAIj9sKdyffd8%2B%2Bz1CCffFovLM72ilbCmSljAJ%2BvVBfNpTiL7RV7j3XGygljzi4NL8yXJuCLYiNxmqPMdV8DahLed0jSe2mkU1u6rx4yS3dcWEfwMWjI5tVrfnbqtdInC8TliXkTZ919CtORoydmIXGL1u3kdBIq8EZcjRMa4bN4VTvUlbqeIe8p8QYEQwAi7vXiZCKS6R6dmJfQv%2B%2FqBHXWSFuglLYde019GNtNdGQfEnY31zT0Q86ieDYn4k55LbYq5lK8PNjg50gdJxn9fNtHTQ7frKP9vRM4cImRSvDBTATVw1PDzMqn0exo3xciYd5%2BXYAxlFoqwFMDz40w2xR4OWwoPsixpVjR2DYiqYiZrYytFMjziRCLQhkVuJpED8nB9CTlo05WBKN%2Bb4UBHBg%2FkCkHXJxNakIX7UbAjDcqzrNCGhjrgehCGA81uOf0Ppfswda0ZHMi8g9W6Y7uwWmn7Ux7xBMgDCUNIi8I3UvLGXdKnuB8YHX8TLC1z2%2Fm3ip797Pix1ya2sBsbw9KgOJ7PBT0u9W0puchi7zpT%2FzFe3V2HbV0ottDethRJhzaN856VgvjyNhbbmA04gnal%2Fq01j7LNWxEwTjNPyHORI1l9jztvYqItLei7YQYg2pFhmvuv0Od8DPfH40Y1m3mL2F2d%2FAy3ImzFI%2BKQB6mnGPvRcDIS1j7zPhciKRuLfu3dCxhIH7ojo83rhQus3SyXdyZ5cjkFKcG3H7WmBBMOFs2o5xjWcdLARevRbNbqwRfATerc5GuJxy1Qb8RJvOqhDcS5YAHyxVMx2QYU3yMhg0tCpy4wW%2FHsa33feu3NeBu9lRI38ojJNM7o6xYRoSTQu4tYadB4Yh4w60e%2FsttnecOC5plZrLw6BYN2piqvUD07BnO4yTvrpdBDXR%2BMFDchnFh2YK9JtvvtAISvpoSOJojOhwRKuafCwEJn0GB1dsdmOOxxaFHkPXQ7789eCxlTL5mkVf3ktzmHQdDyBxBlDLFWSjmFIBHp%2BPobFdDOmv5p6J3%2F%2FM23PMgGDLRMrj5LVZV3trGV1ZaJHEFIGmVwW0tN4426Q4rCdcxT4ju%2B%2FNhcq90e8crWw9nrF2rPTzW1YM7VqWWwhLj8MtVtGZFa3N%2FxdjEys8FWyT8VqAbC4IltuT5lW1ou1SXsA96h%2F9y3vzJADbm4Lv624OGnh6M%2FCmR930i6YeUlWWmMw1%2FpcZ5werHPm9v0OWulNmGfbNEoKuThz2sSCZ8FLNVToygv1VXPXnur4dJnoCkwBP2%2BQQ6%2FHlyFRXnrrGsiDJE3qtRXgECIhc2zpuC5HAz9FhIfC9VZZ5nxRMbhA6W%2Fz%2BjPpKLCBpmLqHJfy8%2B%2FausiZJv7d9yQ0SvHtq0y%2FSY04hOgZTJul6IIYpObD6s%2FqrGy2nMmY3%2FtEn830%2F%2BFERnXMeBsj%2B%2F5ZSewYe4xBnub1wvSbsA3qjoU5gq7fhDJOhmMQXkbas%2FRholsU9CNKNXpSyqVarqAc8XwaG34JmdG3wjQXd6p%2Bz2jZLew5ja8nelvVdIeN%2F9ejCNOoXcPApYLHyxslcrEuJrSHlAMR4FbonfrFhYYTR%2B8pdxRGYGpVUDxlIRvayztxVhLnSpRwg5uIXktoMwJ%2FSaF8x29hA9LIyUqAu4%2FR2hQW%2B4SImPpsXXpqtiGkjfub23eHBh6%2BtPfI7KNBt0Sz%2F3IcUvQk%2BWZYFfPMd8cXJdempaxEs%2BWRlN16p%2BjqhLiVh2A8iaZ4WvdHZmEP7slp3BgAJHjnl7C9sEWeDqCEwe%2FjIDLeJ1X%2FDjBXwflC7CNUtfL5Xw3En%2FArqlvVhUGhwvFy6lQocBfs6%2BLYvOaWiwZ37DX8rkRZlWpkY2rpapUrmnba7Ly%2FoLx924DzkK78M%2BzFL0ra5b1t6Rgv5zuibZAhF47t1EdOxpWIlBlf3zB9gg2M5Rk%2F9IMH%2BzrDHou9o9uO%2BDC6WFddIOuEWc1nrjSenwFkvqgNVdc9CtdiVDWnFLKJh70er5L8AlH7uCb4iXrYljyCSAeyr0DiKz6T8ox10NRGPI6iJbYf%2FIr3IuZE1oJgqcvn7tKhQBOq4jemlZpbeQgPy0FxO0%2BDxeqI%3D"
+ in captured.out
+ )
-def test_nomatch_PBKDF2(monkeypatch, capsys, mocker):
+def test_fullrun_PBKDF2_modern_dialog_params(monkeypatch, capsys, mocker):
def generate_keylist_enc(include_machinekeys):
return iter(
@@ -331,6 +422,85 @@ def generate_keylist_hash(include_machinekeys):
m.post(
f"http://PBKDF2.telerik.com/Telerik.Web.UI.DialogHandler.aspx",
+ additional_matcher=PBKDF2_found_key_matcher,
+ status_code=200,
+ text="Please refresh the editor page.
Error Message:Index was outside the bounds of the array",
+ )
+
+ m.post(
+ f"http://PBKDF2.telerik.com/Telerik.Web.UI.DialogHandler.aspx",
+ additional_matcher=PBKDF2_found_key_matcher_negative,
+ status_code=200,
+ text="
Error Message:Exception of type 'System.Exception' was thrown.
",
+ )
+
+ m.post(
+ f"http://PBKDF2.telerik.com/Telerik.Web.UI.DialogHandler.aspx",
+ additional_matcher=PBKDF2_version_probe_matcher_modern,
+ status_code=200,
+ text="DoesntMatter",
+ )
+
+ m.post(
+ f"http://PBKDF2.telerik.com/Telerik.Web.UI.DialogHandler.aspx",
+ additional_matcher=PBKDF2_version_probe_matcher_incorrect_modern,
+ status_code=200,
+ text="
telerikCould not load file or assembly 'Telerik.Web.UI, Version=1984.5.622, Culture=neutral, PublicKeyToken=121fae78165ba3d4' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)",
+ )
+
+ monkeypatch.setattr(
+ "sys.argv",
+ [
+ "python",
+ "--url",
+ "http://PBKDF2.telerik.com/Telerik.Web.UI.DialogHandler.aspx",
+ "--version",
+ "2018.1.117",
+ "--modern-dialog-params",
+ ],
+ )
+ telerik_knownkey.main()
+ captured = capsys.readouterr()
+ print(captured.out)
+ assert "Target is a newer version of Telerik UI" in captured.out
+ assert "Found encryption key: [d2a312d9-7af4-43de-be5a-ae717b46cea6]" in captured.out
+ assert "SUCCESS! Found encryption key: [d2a312d9-7af4-43de-be5a-ae717b46cea6]" in captured.out
+ assert ("SUCCESS! Found working version: 2018.1.117") in captured.out
+ assert (
+ "%2Bv%2BRs6kf9lDUYnqqYk32Vg84DkpdruQOKGZRmm6RMkaYuxNmvg5Ca5cT%2F74qkOozHIKkG1ovf6XBsjlp4kgO8BJ6KgNcT78BExQZfT1mN5rMO8kcLDRdffFhFXmvAr0o%2F4x%2B9VoRJVaOyGLXk2nhX4OMP%2BjGP2C96Fa6LyfGWHlk1CF0E5mAPeQ6CLbycR88WU5hlmUUqniXC2UdeYd6HO9RFnISEnhq72MkdiEfvNsqAhr2XaCX2%2BQxFXfCLi2%2Fc%2Bn2NmUiFRdhCLutnVxILEnYiRmU5eHJdB2IOTtoc2XZ3NUdZJwrwOswjzCkk7LOwt2bddTvOXdfWtRrbNz1GDNXlPz1cXotgAhucxLLsknNDbeeboMbL%2Bk3tIeervi7oI%2FRQn6Ml3ffUAfcqHzwcXSXq6ey16mT7GUJbst%2BCQnfUQu5gqzYBOwSmvNPc9AtoVWV%2F5dfO1uPm%2F%2FfLxuOXoxO5v7UIJNIX1KUEuFcysdbBSkZHdCqSRasDt63Li1lZEqHBCuHSNj%2BcEcRGx841w%2BCN%2BWrJyanc%2F3OOP%2BNWRYRstLeKZVf3aRHhKYNp4Q%2B%2BSEQxIVpv9UxWpkOSs%2Bbckk36t3N6DCcKGB1z9lelAGTDzlOLPUh9GhikJAESqLytLBC0CXn40%2BI%2BlBRZ44m4TX53YDcKBPOfiP880p3%2BfnIOY1X6p7HMNoi5jcUlphEQv5aN60B7TkYzZVRQS6xX0gq8r1La9iEUeE4t8378DhGQ8qkcHv1JkJM4WBgQaFzfWxj5Dg%2BL7USGaCKNH4W0kzeBSNrRW5ETwJDrDh683%2BzOJCEqh5Wlqjswo4986yHARJEJzRgJC2O4EbGcGyBtiaNioPFUyyX87ovcxMqIdMEyfZpo5QeWd4s0Sufx4vICyl%2BkGtzo0f7xIhIeuJRsbXvKmHxx0wwVJZsOFR5SBYrd7%2Bs6TM8waDsXr5pC%2FdTT3pBCh%2BWPS%2Fy%2FMgHjh75q6lWy4UTygpb6brMqiW%2F%2F1NXRLLHqqweT8xy5N0x7ck8bspjo7yF1rNn%2FixyuQ7HLZsEiXEbwBCBGGnTF2P4geoz9t7y7wUdoRw5SDyhSqoS2X5Urwou8KNAN4kY20JNgoM8L3ef8TcHctE2vwQ0jvCLxec%2FC3hr61NyO8QVxi8KzJvjRaHqkDkzJ5GQ3N1JLfA7Mdg%2FZTRzu2C7v5ubmJPR%2BiA24xOoKUvsYJQ0KiXRkWdGG5bprG4DjFWgkrGVh0yH4lj5R97BQ0uIIZehSQXibhI9RiANf459jDJN3eTQ6mcpYkvz%2FW0GnHKRgjcqRFqXnqsUdEHnuUkmZvdhbyRdPrkHvn99RhVmX4QXHYO0ehZVXknk42D5euG0acZMSyygTXrZZNu6e%2BriIrlmMGQgKuwN%2FNVz%2Bocl987zG%2Fmf7r%2FRz1ZSXkNtixN7LQwpZ%2BCM7zP64ugTT%2FWoo76hZgf5PjlW3C9k8tIPXEVT6HKIzteaP6YrviJCuy8VAybH5t1aDY%2FGl5MXiFjfGZNf3921yvTlwmWOi0oUFky5460M1RYwt4UHkwmFIAIJF4TN5kIu%2FaJxYHTCG%2BC14r7TjVPJuy%2FI2iYEJOA58G9yOevW6ixm650ELGqXXgbRRUH3hec6j%2FrRdrNdPU7isX%2FBBicEACDS97uvz62YkJwwJ5AUEnfuV%2FhnlJzIjNC%2Fq7xAb2sXuv6HTdtJYaJbe5%2BXWwq0AppO5NV9oU2cD%2F%2F1JhRN6GZ3myMGYGwDRYdPIqJ0l9PUCetBrSQR7830WkfGJ%2FHfuIWH%2F45zGsixZXYwHfE90rVvCisAjJ%2BBsjYX%2BKSx3PXAg2%2BKzybzyd6m%2B6ArimL%2FwWXF4t6eEFOrzKL8zYzNMDlKab6rgFhXPYw%2Bseulb9lwi90MlPoBmDjuEDJxtD7tNYMd3yWBIYyVN3Pv6adra6cKizf8zGBTl3ofs%2Fj5v2wjb1Dp33tbcASpHAL0rfyns7O%2Bm%2BZRAtn1tr5JRFSseu%2BqNXCiFCr2Oc3%2FCseGewyQhMqBkcPDOxfRvPMNdQhR4e92EDnFV1a%2FzJKSf%2BvqBzDiAeqBojmIjUppKBPtDTs0J%2B6UIPzkO8z5Ff%2BstJwF%2FplkftFk6CpAvDITRDgKgbMJ%2BVB8CqeOF2%2FS3Q4LEcLxxUUTgUvEQb9OxVWzd7YDTSAvcCvc3y9T3d0bJxJ0%2BGjZO2ZbnB7tDgBmC4clqtwp3m2JyFWOWzzkmLx16bfgA259Piju0qHZKFtQaASrFTy2QxM0MmyXpgcBWZgiubyta4%2B6d9YkgMQp4tcsL6k1HLYGRHujkaixzdVgjvXwsQ0EqYeX5RM2vzWaPhxSK%2BnsjxgiURZbj5wWvVQPml9RHnTdyYRvELRAqxPCFhYFQ%2BpEIwUHwEuvgkvgmyHjN3ZspADp%2BcO9B9VoAFmLg74jkcifZJqy2WpIPTL6JASkn9A2UgmmnAAqmu%2BwEayHVtrBGrpswqeKT3q7JttEn5YbbWYN%2FLyOtVG5VCBoxjP3XFTcLV0wcXHSrm6EMPkzi%2Bqv%2BYHUBJQ43YycfduyjZuWw9jmU4wm8O%2BIFVsaSxmmxnsQ2jAotpr%2BxUZXTjInv8TvHuO4xaLqyifS%2B7Ht1wAwrXtcfseEkkCVwRLib5F%2FEMIWWDrYpKWx5fYZjBNlhMb21WvehQkeVu71jK%2FUdqV%2BBVfT8yjHbk7vaxxxiewLXV7LP3D56LPD8koeIwptkJ62JHFBjnlvR9XHZowkiPZZ3X7BV3S6S6t5TIjDHVeuO3PZnSv9ic0BGb8Srbq2eABgsmOXPKTHgaTAFzUTa8axECwKYWQfZvJRnDrvP8qt34C2Y9tDa1THJqdtb3x3Qco6exHd5WpH2LcR0j1fc4ZJDocOXnZaQKyvDlMTZIfA4O2WzeECxHIJIe2ulebZpJHCX3bFtBrlmy45z4pwbl%2BcUBzLLpzn8Ro7g5427G3aj%2Ftn5s1K42yMbrcNCbaSPK4SnCAA9%2BkKqwcoatuiyi3fy7vhOAgP0BNNFRO8LjLsJth%2BfRRQDTNLD0jUKPtS7DtAKck3h30%2FRFJj4QYLYeQ%3D"
+ in captured.out
+ )
+
+
+def test_nomatch_PBKDF2(monkeypatch, capsys, mocker):
+
+ def generate_keylist_enc(include_machinekeys):
+ return iter(
+ ["Not_The_Real_Encryption_Key", "d2a312d9-7af4-43de-be5a-ae717b46cea6", "another_fake_encryption_key"]
+ )
+
+ def generate_keylist_hash(include_machinekeys):
+ return iter(["Not_The_Real_HaSh_Key", "YOUR_ENCRYPTION_KEY_TO_GO_HERE", "Y3t_anoth3r_f@k3_key"])
+
+ mocker.patch.object(Telerik_EncryptionKey, "prepare_keylist", side_effect=generate_keylist_enc)
+ mocker.patch.object(Telerik_HashKey, "prepare_keylist", side_effect=generate_keylist_hash)
+
+ with requests_mock.Mocker() as m:
+ # Basic Probe Detects Telerik presence
+ m.get(
+ f"http://PBKDF2.telerik.com/Telerik.Web.UI.DialogHandler.aspx", status_code=200, text=partial_dialog_page
+ )
+
+ m.post(
+ f"http://PBKDF2.telerik.com/Telerik.Web.UI.DialogHandler.aspx",
+ additional_matcher=PBKDF2_found_key_matcher,
+ status_code=200,
+ text="Please refresh the editor page.
Error Message:Index was outside the bounds of the array",
+ )
+
+ m.post(
+ f"http://PBKDF2.telerik.com/Telerik.Web.UI.DialogHandler.aspx",
+ additional_matcher=PBKDF2_found_key_matcher_negative,
status_code=200,
text="
Error Message:Exception of type 'System.Exception' was thrown.
",
)
@@ -345,19 +515,26 @@ def generate_keylist_hash(include_machinekeys):
m.post(
f"http://PBKDF2.telerik.com/Telerik.Web.UI.DialogHandler.aspx",
additional_matcher=PBKDF2_version_probe_matcher_incorrect,
- status_code=500,
+ status_code=200,
+ text="
telerikCould not load file or assembly 'Telerik.Web.UI, Version=1984.5.622, Culture=neutral, PublicKeyToken=121fae78165ba3d4' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)",
)
monkeypatch.setattr(
"sys.argv",
- ["python", "--url", "http://PBKDF2.telerik.com/Telerik.Web.UI.DialogHandler.aspx", "--machine-keys"],
+ [
+ "python",
+ "--url",
+ "http://PBKDF2.telerik.com/Telerik.Web.UI.DialogHandler.aspx",
+ "--machine-keys",
+ "--debug",
+ ],
)
telerik_knownkey.main()
captured = capsys.readouterr()
print(captured.out)
assert "Target is a newer version of Telerik UI" in captured.out
assert (
- "Warning: MachineKeys inclusion mode is enabled, which affects this Telerik version particularly dramatically. Brute Forcing will be VERY SLOW"
+ "WARNING: MachineKeys inclusion mode is enabled, which affects this Telerik version particularly dramatically. Brute Forcing will be VERY SLOW"
in captured.out
)
print(captured.out)
@@ -416,24 +593,25 @@ def test_fullrun_PBKDF1_MS(monkeypatch, capsys, mocker):
m.post(
f"http://PBKDF1_MS.telerik.com/Telerik.Web.UI.DialogHandler.aspx",
additional_matcher=PBKDF1_MS_version_probe_matcher_incorrect,
- status_code=500,
+ status_code=200,
+ text="
telerikCould not load file or assembly 'Telerik.Web.UI, Version=1984.5.622, Culture=neutral, PublicKeyToken=121fae78165ba3d4' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)",
)
monkeypatch.setattr(
"sys.argv",
- ["python", "--url", "http://PBKDF1_MS.telerik.com/Telerik.Web.UI.DialogHandler.aspx"],
+ ["python", "--url", "http://PBKDF1_MS.telerik.com/Telerik.Web.UI.DialogHandler.aspx", "--debug"],
)
telerik_knownkey.main()
captured = capsys.readouterr()
+ print(captured.out)
assert "Target is a valid DialogHandler endpoint. Brute forcing Telerik Hash Key" in captured.out
- assert "Found matching hashkey! [YOUR_ENCRYPTION_KEY_TO_GO_HERE]" in captured.out
- assert "Found Encryption key! [d2a312d9-7af4-43de-be5a-ae717b46cea6]" in captured.out
+ assert "Found matching hashkey: [YOUR_ENCRYPTION_KEY_TO_GO_HERE]" in captured.out
+ assert "Found encryption key: [d2a312d9-7af4-43de-be5a-ae717b46cea6]" in captured.out
assert "Found Telerik Version! [2018.1.117]" in captured.out
assert (
"gRRgyE4BOGtN%2FLtBxeEeJDuLj%2FUwIG4oBhO5rCDfPjeH10P8Y02mDK3B%2FtsdOIrwILK7XjQiuTlTZMgHckSyb518JPAo6evNlVTPWD5AZX5l4UIUkfdJvq28UHyeBA4eC58PfA6nG7V2Q97Qwqef6cpbM6t88zvE0wJt8uUKji4ZfyBif4du8JgpDzzdSi%2BlWYd3YhzNbbfKVH%2F0sfraIHOsRvwNwrVc0V%2Fnmn%2BGlqm1rheswSONIo7BzKo04RLb232aDuWcluEWDMFdNJpzpdgcq96mWrs9KttFyRjUZ%2FhUi8ZQi0R4GXCrfHRTAYOq%2B2TNdECbAEfmA4n9Pb0BDDGDfghLV6h%2FbLrUaMWZCx6U5zCQfymn96h1t5acGgfxYMCS%2FYS7WRPytc759VdSM2KhGVmuGlupbxVz5gVOWffo5rTDQxwiPhcWYHTJlN%2FawmJfHJsJV0WvTBaW9nEPL0QeeUEu3jc7OPW9CbVufHb7Rfg7RQ%2F6Gjz5TBlzfY32lcFTsyRolWjxU3%2FVBb09tcN2EJGBnjZxpl6eFsYOvexTx0ykt0PCQagdR0DPFLPsdj7kDMrdDhpMDjsqQA0W06ULEtlR8unWsjavyK0%2B8CuTN%2BkuMzFrH10Wvqb5j3SYwANq3pyEuf3OScByrY8NVz7EzX%2BYQb5%2FByHmXi99NCHbO6ZQyHnM%2BPWYwinlnFrU6f%2BvI2ruMl35dZ%2BWWSGnEdv0DVxiedxWgqDlov31JoGaaffpBs8OO3LhtYqIixQPFbjq2wPrEcHPLgM40eYtJfduPI6exc%2BkKlxFGOyB44XjDuC4VHBPmCCFH%2FguBAatG%2FSZU1z%2Fj%2FJ0YDIVedDDdPg2NtQXjjjidSW8ISbfOk1SoLSFz04F9BmmMnPVsg9Dvtbbf%2Bz%2FhudrAo9Ys%2Fa6OzksFXxwQ%2FcSIDYVAsYkRjDMcgRv6erm8bBqgABiSF7SwBLkL75mI18fA3qCxgYDrcXZJYCIbS%2BQg9QiROf7PnRBcrnAg0G2ArfRY5gQE69DA4hvUFuXZvCbVbqQGZs7TrKNqBH40DzPqKFqhBKawuCF84zc08QzWVdbl92rAUl%2FbGi6RYzgx27pPzu7LbYLl4G8a5vtVZjuK7SchY0B7FfMvF3uQA%2FY4G%2FjqDGqGshadxalKPmwfUNbDSaatepav%2Bx4zfzQhn6cV2r8t1qz1TfHypR%2BCaAEVhEa36reVmWrAKXjr0JFOSSAQJTti%2BKhNRhaVPTgVI%2BsX%2F0pf8Fn0Zvv%2FbPL9C9L1pEAco%2FGIOV9AHNoh5E18zHcmINA2HmoZWha91ONomoIGvWnlM5USb%2FYSrXZuJDsSFFU9oal%2F45NDUNWlNVsXD%2B8RvuVsl1DY7i9iftU%2FtZpskuIldUFYmXWgMWCwk6sQAaARQoQKBEvCL6OV8UcD3bsde0ubcUG9oH140jsAW6Yh7okoKYZlL2xtp4ba7o8CS3R%2FduPuJLFY6fUexkHpvKj1Nn%2B31oQSjRywNhDdNvlczG4Z2LI73TdsZuCKnSPHNF7DNtOxmeGKZl9z9utufWZIb1FetBPy97bOOVKx69nZYTjmfv7hzBuEd5SweBD9QA2WspaycH9H01R4IXXcnrWKHkkaaVS3jDR%2F%2Bll4S0yGKlVT8EiRqLcZVX6mP2C7tmpbTE1tE%2F5ydEXkHMQ4Q75MDhO6F24ahX2rF%2FyfzuAMnR784wtXAM2E3hvVbCzu1rS9Xy1O7uSL%2Fzw1PxRlBZ%2FTwP00bUw22fQfnye%2Fb5s1NmvpWcrSX6tUNlK%2BrCHlfKSxWVhMWiZOqjMq9chUja87UzhcVXYBWZqhfuGsbRIoDQ40P6k7LDTuuzR7UuMU0nPFvGXsfwyu4UQzQppBmjwdQQlpo9GK2XAR7M2Wj5XNB5yZ3n8uMfW%2BktjiC0yW9bo0BVtvvmEOayXYwXyndHauAcJ0HpHnRLtnzNKnTKI3IY%2Fl4kYFS%2BiYUk6n0nd2eVKroYdrMjKZehZmpwmXfU3%2FWpwmt6HK%2FWKAWZzjlEUaN5zDbG%2BtGNxrjYaVvJuDn2uVtmozVU8dbCdz82O6sukqV5QZ86FFImnlZPOKcSHIFq%2F%2B1AdBG%2FUEKZ28aaadpm11H4ovyjAawjFwoWhtDsJB%2F1YbGDIqlKJ40ZOav8gu1Q%2Bv9UtpaQsDfm84FjlzlmwRQn2LF%2FBZLNmAjc8uug0sItSc2bX9d7gR9EWc3KML3PiBecc%2B6LfUkd5WyqHKPP%2FHDETbor16YGv%2Bt3d6KNtQgY3p%2B2Y8kVRCqtngKNzuid%2FXOmNTpwgKgj69id3uo8asDGcs%2B%2FVu5WjbkDNF%2FJlg2TWyTzwpr53wOKmm6tsWwf2FYScCHzXvfWjxHIR9qyGtIOembCqhaK%2Bv7NYDhaI8dAOtvz2su0yzecbzGa65MlwPIyRmv458OLvCMd1BLubANPxC3YfpMHm7x0JllAwNm4K%2BfM73Qkk6jsLwAr28YC1rvMCRONv4Q0sqEpuXfGbS212hv2LeVMq9wrORW353yq2MeRDxFnc2v0oTtVL9D7nlAlBXotJu4rT%2FzhFkH%2Be%2Fbmcbe1sgbaR4BIqrp65Nwq7RjjbB8FX8fi3xA%2BVE68b9DwmAMsub7oVbmI%2B09Wf85hjYjV5fS1xHdKqT6GRTqF9HhkiRxSIDKXzMM7pBXvzwuG%2BOWTVEBOgctSA2alhhyKvUBizsrW6TO%2FSPoX8n%2Fg3qUfufYGrb05PuoeDayC9iZEzmYc%3D"
in captured.out
)
- print(captured)
def test_misctest_PBKDF1_MS(monkeypatch, capsys, mocker):
@@ -505,15 +683,16 @@ def test_misctest_PBKDF1_MS(monkeypatch, capsys, mocker):
monkeypatch.setattr(
"sys.argv",
- ["python", "--url", "http://PBKDF1_MS.telerik.com/Telerik.Web.UI.DialogHandler.aspx"],
+ ["python", "--url", "http://PBKDF1_MS.telerik.com/Telerik.Web.UI.DialogHandler.aspx", "--debug"],
)
telerik_knownkey.main()
captured = capsys.readouterr()
+ print(captured.out)
assert "Target is a valid DialogHandler endpoint. Brute forcing Telerik Hash Key" in captured.out
assert "Found Telerik Version!" not in captured.out
- assert "Since we found a valid hash key, we can check for known Telerik Encryption Keys" in captured.out
+ assert "SUCCESS! Found matching hashkey: [YOUR_ENCRYPTION_KEY_TO_GO_HERE]" in captured.out
+ assert "Now checking for known Telerik Encryption Keys..."
assert "Could not identify encryption key." in captured.out
- print(captured.out)
def test_nomatch_PBKDF1_MS(monkeypatch, capsys, mocker):
@@ -552,11 +731,12 @@ def generate_keylist_hash(include_machinekeys):
monkeypatch.setattr(
"sys.argv",
- ["python", "--url", "http://PBKDF1_MS.telerik.com/Telerik.Web.UI.DialogHandler.aspx"],
+ ["python", "--url", "http://PBKDF1_MS.telerik.com/Telerik.Web.UI.DialogHandler.aspx", "--debug"],
)
telerik_knownkey.main()
captured = capsys.readouterr()
- assert "This means it should be vulnerable to CVE-2017-9248!!!" in captured.out
+ print(captured.out)
+ assert "Target appears to be a pre-2017 version without hash key (CVE-2017-9248)" in captured.out
def test_badoutput_PBKDF1_MS(monkeypatch, capsys, mocker):
@@ -595,7 +775,7 @@ def generate_keylist_hash(include_machinekeys):
monkeypatch.setattr(
"sys.argv",
- ["python", "--url", "http://PBKDF1_MS.telerik.com/Telerik.Web.UI.DialogHandler.aspx"],
+ ["python", "--url", "http://PBKDF1_MS.telerik.com/Telerik.Web.UI.DialogHandler.aspx", "--debug"],
)
telerik_knownkey.main()
captured = capsys.readouterr()
@@ -630,7 +810,7 @@ def generate_keylist_hash(include_machinekeys):
f"http://asyncupload.telerik.com/Telerik.Web.UI.WebResource.axd",
additional_matcher=asyncupload_early_result_matcher,
status_code=500,
- text="
Exception Details: System.IO.FileLoadException: Could not load file or assembly 'Telerik.Web.UI, Version=2022.3.1109, Culture=neutral, PublicKeyToken=121fae78165ba3d4' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)
",
+ text="
telerik Exception Details: System.IO.FileLoadException: Could not load file or assembly 'Telerik.Web.UI, Version=2022.3.1109, Culture=neutral, PublicKeyToken=121fae78165ba3d4' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)
",
)
m.post(
@@ -641,7 +821,7 @@ def generate_keylist_hash(include_machinekeys):
monkeypatch.setattr(
"sys.argv",
- ["python", "--url", "http://asyncupload.telerik.com/Telerik.Web.UI.WebResource.axd", "--force"],
+ ["python", "--url", "http://asyncupload.telerik.com/Telerik.Web.UI.WebResource.axd", "--force", "--debug"],
)
telerik_knownkey.main()
captured = capsys.readouterr()
@@ -689,7 +869,63 @@ def generate_keylist_hash(include_machinekeys):
monkeypatch.setattr(
"sys.argv",
- ["python", "--url", "http://asyncupload.telerik.com/Telerik.Web.UI.WebResource.axd", "--force"],
+ ["python", "--url", "http://asyncupload.telerik.com/Telerik.Web.UI.WebResource.axd", "--force", "--debug"],
+ )
+ telerik_knownkey.main()
+ captured = capsys.readouterr()
+ print(captured.out)
+ assert (
+ "TARGET VULNERABLE! Version: [2022.3.913] Encryption Key: [d2a312d9-7af4-43de-be5a-ae717b46cea6] Hash Key: [YOUR_ENCRYPTION_KEY_TO_GO_HERE] Derive Algo: [PBKDF2]"
+ in captured.out
+ )
+
+
+def test_fullrun_asyncupload_success_version_customkeys(monkeypatch, capsys, mocker):
+
+ def generate_keylist_enc(include_machinekeys):
+ return iter(["Not_The_Real_Encryption_Key", "another_fake_encryption_key"])
+
+ def generate_keylist_hash(include_machinekeys):
+ return iter(["Not_The_Real_HaSh_Key", "Y3t_anoth3r_f@k3_key"])
+
+ mocker.patch.object(Telerik_EncryptionKey, "prepare_keylist", side_effect=generate_keylist_enc)
+ mocker.patch.object(Telerik_HashKey, "prepare_keylist", side_effect=generate_keylist_hash)
+
+ with requests_mock.Mocker() as m:
+
+ # Basic Probe Detects Telerik
+ m.get(
+ f"http://asyncupload.telerik.com/Telerik.Web.UI.WebResource.axd",
+ status_code=200,
+ text='{ "message" : "RadAsyncUpload handler is registered succesfully, however, it may not be accessed directly." }',
+ )
+
+ m.post(
+ f"http://asyncupload.telerik.com/Telerik.Web.UI.WebResource.axd",
+ additional_matcher=asyncupload_found_key_matcher,
+ status_code=200,
+ text='{"fileInfo":{"FileName":"1c72ebb0","ContentType":"text/html","ContentLength":8,"DateJson":"2020-01-02T08:02:01.067Z","Index":0}, "metaData":"a+pkVM70XskLLvpXsOGH+RUEWaNgrvi2EGIZcUrVQ4rr7hIwpIcHtxyJsGCQYWy5tgSKmK58kIk/HpDDs9Gh2qnaFi3m+pe0kb4xb8s6zIkxQYrYGrfj7EesKwvuY6HUn+y3GwesijRrVsPpt0/N5FYxu4ptrsmjWfIM65XOe8b47kLO/Rpx/4/lfJyT9ZFsFuvSZmJzWDdoV40wu5ROK9DVnU26ztRRCwpnqqxmeKvdSGpYwd/d1gisJy0i5UVNFuvRT2XC32eDiw3Kn9GOrRldOHtq5WAQWu2YzVmxr/NOmvjg3NpRLtbxU+h9D0u0K/B3kRYliO+XlCpG+l/QMLh2nAjQehNvaCG3wJ4dkW9JHHeNzbPyd+tNrlSBj6/Z+b/Ld2HCk3XydTRHuUyzqk8bC6rEHGdclNPmTIS2X0IZaI0wTctsnPHxiruwdWVNjepnaSv5IHHYFH3WhCzKy6cLPES0cAuVgxycs+49nuj7kL/JzqT6iJm0YZd/Qjo4" }',
+ )
+
+ m.post(
+ f"http://asyncupload.telerik.com/Telerik.Web.UI.WebResource.axd",
+ additional_matcher=asyncupload_found_key_matcher_incorrect,
+ status_code=500,
+ )
+
+ monkeypatch.setattr(
+ "sys.argv",
+ [
+ "python",
+ "--url",
+ "http://asyncupload.telerik.com/Telerik.Web.UI.WebResource.axd",
+ "--force",
+ "--debug",
+ "--version",
+ "2022.3.913",
+ "--custom-keys",
+ "d2a312d9-7af4-43de-be5a-ae717b46cea6,YOUR_ENCRYPTION_KEY_TO_GO_HERE",
+ ],
)
telerik_knownkey.main()
captured = capsys.readouterr()
@@ -725,7 +961,7 @@ def test_fullrun_asyncupload_PBKDF1_MS(monkeypatch, capsys, mocker):
monkeypatch.setattr(
"sys.argv",
- ["python", "--url", "http://asyncupload.telerik.com/Telerik.Web.UI.WebResource.axd", "--force"],
+ ["python", "--url", "http://asyncupload.telerik.com/Telerik.Web.UI.WebResource.axd", "--force", "--debug"],
)
telerik_knownkey.main()
captured = capsys.readouterr()
@@ -761,7 +997,7 @@ def test_verbose_error_parsing_PBKDF1_MS(monkeypatch, capsys, mocker):
monkeypatch.setattr(
"sys.argv",
- ["python", "--url", "http://asyncupload.telerik.com/Telerik.Web.UI.WebResource.axd", "--force"],
+ ["python", "--url", "http://asyncupload.telerik.com/Telerik.Web.UI.WebResource.axd", "--force", "--debug"],
)
telerik_knownkey.main()
captured = capsys.readouterr()
@@ -797,7 +1033,7 @@ def test_verbose_error_parsing_notdetermined_PBKDF1_MS(monkeypatch, capsys, mock
monkeypatch.setattr(
"sys.argv",
- ["python", "--url", "http://asyncupload.telerik.com/Telerik.Web.UI.WebResource.axd", "--force"],
+ ["python", "--url", "http://asyncupload.telerik.com/Telerik.Web.UI.WebResource.axd", "--force", "--debug"],
)
telerik_knownkey.main()
captured = capsys.readouterr()
@@ -831,10 +1067,287 @@ def test_verbose_error_parsing_PBKDF2(monkeypatch, capsys, mocker):
monkeypatch.setattr(
"sys.argv",
- ["python", "--url", "http://asyncupload.telerik.com/Telerik.Web.UI.WebResource.axd", "--force"],
+ ["python", "--url", "http://asyncupload.telerik.com/Telerik.Web.UI.WebResource.axd", "--force", "--debug"],
)
telerik_knownkey.main()
captured = capsys.readouterr()
print(captured.out)
assert "Verbose Errors are enabled!" in captured.out
assert "Version is Post-2020 (Encrypt-Then-Mac Enabled, with Generic Crypto Failure Message)" in captured.out
+
+
+def test_fullrun_PBKDF2_onlyhashkeyfound(monkeypatch, capsys, mocker):
+
+ def generate_keylist_enc(include_machinekeys):
+ return iter(
+ ["Not_The_Real_Encryption_Key", "d2a312d9-7af4-43de-be5a-ae717b46cea6", "another_fake_encryption_key"]
+ )
+
+ def generate_keylist_hash(include_machinekeys):
+ return iter(["Not_The_Real_HaSh_Key", "Y3t_anoth3r_f@k3_key"])
+
+ mocker.patch.object(Telerik_EncryptionKey, "prepare_keylist", side_effect=generate_keylist_enc)
+ mocker.patch.object(Telerik_HashKey, "prepare_keylist", side_effect=generate_keylist_hash)
+
+ with requests_mock.Mocker() as m:
+ # Basic Probe Detects Telerik
+ m.get(
+ f"http://PBKDF2.telerik.com/Telerik.Web.UI.DialogHandler.aspx", status_code=200, text=partial_dialog_page
+ )
+
+ m.post(
+ f"http://PBKDF2.telerik.com/Telerik.Web.UI.DialogHandler.aspx",
+ additional_matcher=PBKDF2_found_key_matcher,
+ status_code=200,
+ text="Please refresh the editor page.
Error Message:Index was outside the bounds of the array",
+ )
+
+ m.post(
+ f"http://PBKDF2.telerik.com/Telerik.Web.UI.DialogHandler.aspx",
+ additional_matcher=PBKDF2_found_key_matcher_negative,
+ status_code=200,
+ text="
Error Message:Exception of type 'System.Exception' was thrown.
",
+ )
+
+ m.post(
+ f"http://PBKDF2.telerik.com/Telerik.Web.UI.DialogHandler.aspx",
+ additional_matcher=PBKDF2_version_probe_matcher,
+ status_code=200,
+ text="DoesntMatter",
+ )
+
+ m.post(
+ f"http://PBKDF2.telerik.com/Telerik.Web.UI.DialogHandler.aspx",
+ additional_matcher=PBKDF2_version_probe_matcher_incorrect,
+ status_code=200,
+ text="
telerikCould not load file or assembly 'Telerik.Web.UI, Version=1984.5.622, Culture=neutral, PublicKeyToken=121fae78165ba3d4' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)",
+ )
+
+ monkeypatch.setattr(
+ "sys.argv",
+ ["python", "--url", "http://PBKDF2.telerik.com/Telerik.Web.UI.DialogHandler.aspx"],
+ )
+ telerik_knownkey.main()
+ captured = capsys.readouterr()
+ print(captured.out)
+ assert "Target is a newer version of Telerik UI" in captured.out
+ assert "Did not find hashkey / encryption key. Exiting." in captured.out
+
+
+def test_fullrun_PBKDF1_MS_customkeys(monkeypatch, capsys, mocker):
+ mocker.patch.object(
+ Telerik_EncryptionKey,
+ "prepare_keylist",
+ return_value=iter(["Not_The_Real_Encryption_Key", "another_fake_encryption_key"]),
+ )
+ mocker.patch.object(
+ Telerik_HashKey,
+ "prepare_keylist",
+ return_value=iter(["Not_The_Real_HaSh_Key", "Y3t_anoth3r_f@k3_key"]),
+ )
+
+ with requests_mock.Mocker() as m:
+ # Basic Probe Detects Telerik
+ m.get(
+ f"http://PBKDF1_MS.telerik.com/Telerik.Web.UI.DialogHandler.aspx",
+ status_code=200,
+ text=partial_dialog_page,
+ )
+
+ m.post(
+ f"http://PBKDF1_MS.telerik.com/Telerik.Web.UI.DialogHandler.aspx",
+ additional_matcher=PBKDF1_MS_found_key_matcher,
+ status_code=200,
+ text="
Error Message:The input data is not a complete block.
",
+ )
+
+ m.post(
+ f"http://PBKDF1_MS.telerik.com/Telerik.Web.UI.DialogHandler.aspx",
+ additional_matcher=PBKDF1_MS_found_key_matcher_negative,
+ status_code=200,
+ text="
Error Message:The hash is not valid!
",
+ )
+
+ m.post(
+ f"http://PBKDF1_MS.telerik.com/Telerik.Web.UI.DialogHandler.aspx",
+ additional_matcher=PBKDF1_MS_probe_matcher,
+ status_code=200,
+ text="Error Message:Length cannot be less than zero",
+ )
+
+ m.post(
+ f"http://PBKDF1_MS.telerik.com/Telerik.Web.UI.DialogHandler.aspx",
+ additional_matcher=PBKDF1_MS_encryption_probe_matcher,
+ status_code=200,
+ text="
Error Message:Index was outside the bounds of the array.
",
+ )
+
+ m.post(
+ f"http://PBKDF1_MS.telerik.com/Telerik.Web.UI.DialogHandler.aspx",
+ additional_matcher=PBKDF1_MS_version_probe_matcher_incorrect,
+ status_code=200,
+ text="
telerikCould not load file or assembly 'Telerik.Web.UI, Version=1984.5.622, Culture=neutral, PublicKeyToken=121fae78165ba3d4' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)",
+ )
+
+ monkeypatch.setattr(
+ "sys.argv",
+ [
+ "python",
+ "--url",
+ "http://PBKDF1_MS.telerik.com/Telerik.Web.UI.DialogHandler.aspx",
+ "--debug",
+ "--custom-keys",
+ "d2a312d9-7af4-43de-be5a-ae717b46cea6,YOUR_ENCRYPTION_KEY_TO_GO_HERE",
+ ],
+ )
+ telerik_knownkey.main()
+ captured = capsys.readouterr()
+ print(captured.out)
+ assert "Target is a valid DialogHandler endpoint. Brute forcing Telerik Hash Key" in captured.out
+ assert "Found matching hashkey: [YOUR_ENCRYPTION_KEY_TO_GO_HERE]" in captured.out
+ assert "Found encryption key: [d2a312d9-7af4-43de-be5a-ae717b46cea6]" in captured.out
+ assert "Found Telerik Version! [2018.1.117]" in captured.out
+ assert (
+ "gRRgyE4BOGtN%2FLtBxeEeJDuLj%2FUwIG4oBhO5rCDfPjeH10P8Y02mDK3B%2FtsdOIrwILK7XjQiuTlTZMgHckSyb518JPAo6evNlVTPWD5AZX5l4UIUkfdJvq28UHyeBA4eC58PfA6nG7V2Q97Qwqef6cpbM6t88zvE0wJt8uUKji4ZfyBif4du8JgpDzzdSi%2BlWYd3YhzNbbfKVH%2F0sfraIHOsRvwNwrVc0V%2Fnmn%2BGlqm1rheswSONIo7BzKo04RLb232aDuWcluEWDMFdNJpzpdgcq96mWrs9KttFyRjUZ%2FhUi8ZQi0R4GXCrfHRTAYOq%2B2TNdECbAEfmA4n9Pb0BDDGDfghLV6h%2FbLrUaMWZCx6U5zCQfymn96h1t5acGgfxYMCS%2FYS7WRPytc759VdSM2KhGVmuGlupbxVz5gVOWffo5rTDQxwiPhcWYHTJlN%2FawmJfHJsJV0WvTBaW9nEPL0QeeUEu3jc7OPW9CbVufHb7Rfg7RQ%2F6Gjz5TBlzfY32lcFTsyRolWjxU3%2FVBb09tcN2EJGBnjZxpl6eFsYOvexTx0ykt0PCQagdR0DPFLPsdj7kDMrdDhpMDjsqQA0W06ULEtlR8unWsjavyK0%2B8CuTN%2BkuMzFrH10Wvqb5j3SYwANq3pyEuf3OScByrY8NVz7EzX%2BYQb5%2FByHmXi99NCHbO6ZQyHnM%2BPWYwinlnFrU6f%2BvI2ruMl35dZ%2BWWSGnEdv0DVxiedxWgqDlov31JoGaaffpBs8OO3LhtYqIixQPFbjq2wPrEcHPLgM40eYtJfduPI6exc%2BkKlxFGOyB44XjDuC4VHBPmCCFH%2FguBAatG%2FSZU1z%2Fj%2FJ0YDIVedDDdPg2NtQXjjjidSW8ISbfOk1SoLSFz04F9BmmMnPVsg9Dvtbbf%2Bz%2FhudrAo9Ys%2Fa6OzksFXxwQ%2FcSIDYVAsYkRjDMcgRv6erm8bBqgABiSF7SwBLkL75mI18fA3qCxgYDrcXZJYCIbS%2BQg9QiROf7PnRBcrnAg0G2ArfRY5gQE69DA4hvUFuXZvCbVbqQGZs7TrKNqBH40DzPqKFqhBKawuCF84zc08QzWVdbl92rAUl%2FbGi6RYzgx27pPzu7LbYLl4G8a5vtVZjuK7SchY0B7FfMvF3uQA%2FY4G%2FjqDGqGshadxalKPmwfUNbDSaatepav%2Bx4zfzQhn6cV2r8t1qz1TfHypR%2BCaAEVhEa36reVmWrAKXjr0JFOSSAQJTti%2BKhNRhaVPTgVI%2BsX%2F0pf8Fn0Zvv%2FbPL9C9L1pEAco%2FGIOV9AHNoh5E18zHcmINA2HmoZWha91ONomoIGvWnlM5USb%2FYSrXZuJDsSFFU9oal%2F45NDUNWlNVsXD%2B8RvuVsl1DY7i9iftU%2FtZpskuIldUFYmXWgMWCwk6sQAaARQoQKBEvCL6OV8UcD3bsde0ubcUG9oH140jsAW6Yh7okoKYZlL2xtp4ba7o8CS3R%2FduPuJLFY6fUexkHpvKj1Nn%2B31oQSjRywNhDdNvlczG4Z2LI73TdsZuCKnSPHNF7DNtOxmeGKZl9z9utufWZIb1FetBPy97bOOVKx69nZYTjmfv7hzBuEd5SweBD9QA2WspaycH9H01R4IXXcnrWKHkkaaVS3jDR%2F%2Bll4S0yGKlVT8EiRqLcZVX6mP2C7tmpbTE1tE%2F5ydEXkHMQ4Q75MDhO6F24ahX2rF%2FyfzuAMnR784wtXAM2E3hvVbCzu1rS9Xy1O7uSL%2Fzw1PxRlBZ%2FTwP00bUw22fQfnye%2Fb5s1NmvpWcrSX6tUNlK%2BrCHlfKSxWVhMWiZOqjMq9chUja87UzhcVXYBWZqhfuGsbRIoDQ40P6k7LDTuuzR7UuMU0nPFvGXsfwyu4UQzQppBmjwdQQlpo9GK2XAR7M2Wj5XNB5yZ3n8uMfW%2BktjiC0yW9bo0BVtvvmEOayXYwXyndHauAcJ0HpHnRLtnzNKnTKI3IY%2Fl4kYFS%2BiYUk6n0nd2eVKroYdrMjKZehZmpwmXfU3%2FWpwmt6HK%2FWKAWZzjlEUaN5zDbG%2BtGNxrjYaVvJuDn2uVtmozVU8dbCdz82O6sukqV5QZ86FFImnlZPOKcSHIFq%2F%2B1AdBG%2FUEKZ28aaadpm11H4ovyjAawjFwoWhtDsJB%2F1YbGDIqlKJ40ZOav8gu1Q%2Bv9UtpaQsDfm84FjlzlmwRQn2LF%2FBZLNmAjc8uug0sItSc2bX9d7gR9EWc3KML3PiBecc%2B6LfUkd5WyqHKPP%2FHDETbor16YGv%2Bt3d6KNtQgY3p%2B2Y8kVRCqtngKNzuid%2FXOmNTpwgKgj69id3uo8asDGcs%2B%2FVu5WjbkDNF%2FJlg2TWyTzwpr53wOKmm6tsWwf2FYScCHzXvfWjxHIR9qyGtIOembCqhaK%2Bv7NYDhaI8dAOtvz2su0yzecbzGa65MlwPIyRmv458OLvCMd1BLubANPxC3YfpMHm7x0JllAwNm4K%2BfM73Qkk6jsLwAr28YC1rvMCRONv4Q0sqEpuXfGbS212hv2LeVMq9wrORW353yq2MeRDxFnc2v0oTtVL9D7nlAlBXotJu4rT%2FzhFkH%2Be%2Fbmcbe1sgbaR4BIqrp65Nwq7RjjbB8FX8fi3xA%2BVE68b9DwmAMsub7oVbmI%2B09Wf85hjYjV5fS1xHdKqT6GRTqF9HhkiRxSIDKXzMM7pBXvzwuG%2BOWTVEBOgctSA2alhhyKvUBizsrW6TO%2FSPoX8n%2Fg3qUfufYGrb05PuoeDayC9iZEzmYc%3D"
+ in captured.out
+ )
+
+
+def test_fullrun_PBKDF1_MS_customkeys_onlyhashkeyfound(monkeypatch, capsys, mocker):
+ mocker.patch.object(
+ Telerik_EncryptionKey,
+ "prepare_keylist",
+ return_value=iter(["Not_The_Real_Encryption_Key", "another_fake_encryption_key"]),
+ )
+ mocker.patch.object(
+ Telerik_HashKey,
+ "prepare_keylist",
+ return_value=iter(["Not_The_Real_HaSh_Key", "Y3t_anoth3r_f@k3_key"]),
+ )
+
+ with requests_mock.Mocker() as m:
+ # Basic Probe Detects Telerik
+ m.get(
+ f"http://PBKDF1_MS.telerik.com/Telerik.Web.UI.DialogHandler.aspx",
+ status_code=200,
+ text=partial_dialog_page,
+ )
+
+ m.post(
+ f"http://PBKDF1_MS.telerik.com/Telerik.Web.UI.DialogHandler.aspx",
+ additional_matcher=PBKDF1_MS_found_key_matcher,
+ status_code=200,
+ text="
Error Message:The input data is not a complete block.
",
+ )
+
+ m.post(
+ f"http://PBKDF1_MS.telerik.com/Telerik.Web.UI.DialogHandler.aspx",
+ additional_matcher=PBKDF1_MS_found_key_matcher_negative,
+ status_code=200,
+ text="
Error Message:The hash is not valid!
",
+ )
+
+ m.post(
+ f"http://PBKDF1_MS.telerik.com/Telerik.Web.UI.DialogHandler.aspx",
+ additional_matcher=PBKDF1_MS_probe_matcher,
+ status_code=200,
+ text="Error Message:Length cannot be less than zero",
+ )
+
+ m.post(
+ f"http://PBKDF1_MS.telerik.com/Telerik.Web.UI.DialogHandler.aspx",
+ additional_matcher=PBKDF1_MS_encryption_probe_matcher,
+ status_code=200,
+ text="
Error Message:Index was outside the bounds of the array.
",
+ )
+
+ m.post(
+ f"http://PBKDF1_MS.telerik.com/Telerik.Web.UI.DialogHandler.aspx",
+ additional_matcher=PBKDF1_MS_version_probe_matcher_incorrect,
+ status_code=200,
+ text="
telerikCould not load file or assembly 'Telerik.Web.UI, Version=1984.5.622, Culture=neutral, PublicKeyToken=121fae78165ba3d4' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)",
+ )
+
+ monkeypatch.setattr(
+ "sys.argv",
+ [
+ "python",
+ "--url",
+ "http://PBKDF1_MS.telerik.com/Telerik.Web.UI.DialogHandler.aspx",
+ "--debug",
+ "--custom-keys",
+ "NOPENOPENOPENOPE,YOUR_ENCRYPTION_KEY_TO_GO_HERE",
+ ],
+ )
+ telerik_knownkey.main()
+ captured = capsys.readouterr()
+ print(captured.out)
+ assert "Target is a valid DialogHandler endpoint. Brute forcing Telerik Hash Key" in captured.out
+ assert "Found matching hashkey: [YOUR_ENCRYPTION_KEY_TO_GO_HERE]" in captured.out
+ assert "FAILED: Could not identify encryption key." in captured.out
+
+
+def test_fullrun_PBKDF2_version_customkeys_nogoodversion(monkeypatch, capsys, mocker):
+
+ def generate_keylist_enc(include_machinekeys):
+ return iter(["Not_The_Real_Encryption_Key", "another_fake_encryption_key"])
+
+ def generate_keylist_hash(include_machinekeys):
+ return iter(["Not_The_Real_HaSh_Key", "Y3t_anoth3r_f@k3_key"])
+
+ mocker.patch.object(Telerik_EncryptionKey, "prepare_keylist", side_effect=generate_keylist_enc)
+ mocker.patch.object(Telerik_HashKey, "prepare_keylist", side_effect=generate_keylist_hash)
+
+ with requests_mock.Mocker() as m:
+ # Basic Probe Detects Telerik
+ m.get(
+ f"http://PBKDF2.telerik.com/Telerik.Web.UI.DialogHandler.aspx", status_code=200, text=partial_dialog_page
+ )
+
+ m.post(
+ f"http://PBKDF2.telerik.com/Telerik.Web.UI.DialogHandler.aspx",
+ additional_matcher=PBKDF2_found_key_matcher,
+ status_code=200,
+ text="Please refresh the editor page.
Error Message:Index was outside the bounds of the array",
+ )
+
+ m.post(
+ f"http://PBKDF2.telerik.com/Telerik.Web.UI.DialogHandler.aspx",
+ additional_matcher=PBKDF2_found_key_matcher_negative,
+ status_code=200,
+ text="
Error Message:Exception of type 'System.Exception' was thrown.
",
+ )
+
+ m.post(
+ f"http://PBKDF2.telerik.com/Telerik.Web.UI.DialogHandler.aspx",
+ additional_matcher=PBKDF2_version_probe_matcher,
+ status_code=200,
+ text="DoesntMatter",
+ )
+
+ m.post(
+ f"http://PBKDF2.telerik.com/Telerik.Web.UI.DialogHandler.aspx",
+ additional_matcher=PBKDF2_version_probe_matcher_incorrect,
+ status_code=200,
+ text="
telerikCould not load file or assembly 'Telerik.Web.UI, Version=1984.5.622, Culture=neutral, PublicKeyToken=121fae78165ba3d4' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)",
+ )
+
+ monkeypatch.setattr(
+ "sys.argv",
+ [
+ "python",
+ "--url",
+ "http://PBKDF2.telerik.com/Telerik.Web.UI.DialogHandler.aspx",
+ "--version",
+ "1944.6.6",
+ "--custom-keys",
+ "d2a312d9-7af4-43de-be5a-ae717b46cea6,YOUR_ENCRYPTION_KEY_TO_GO_HERE",
+ ],
+ )
+ telerik_knownkey.main()
+ captured = capsys.readouterr()
+ print(captured.out)
+ assert "Target is a newer version of Telerik UI" in captured.out
+ assert "Found encryption key: [d2a312d9-7af4-43de-be5a-ae717b46cea6]" in captured.out
+ assert "SUCCESS! Found encryption key: [d2a312d9-7af4-43de-be5a-ae717b46cea6]" in captured.out
+ assert "FAILED: Could not find a working version despite having valid keys." in captured.out