Invalid authentication request
noname29 opened this issue · comments
[+] Token created successfully for user ID: 2
{'Server': 'nginx/1.14.0 (Ubuntu)', 'Date': 'Sun, 10 Mar 2024 04:01:57 GMT', 'Content-Type': 'text/plain;charset=UTF-8', 'Transfer-Encoding': 'chunked', 'Connection': 'keep-alive', 'TeamCity-Node-Id': 'MAIN_SERVER', 'WWW-Authenticate': 'Basic realm="TeamCity", Bearer realm="TeamCity"', 'Set-Cookie': 'TCSESSIONID=148890ADCDB824DCE5469324591E60D1; Path=/; Secure; HttpOnly', 'Cache-Control': 'no-store'}
b'Invalid authentication request or authentication scheme is not supported\nTo login manually go to "/login.html" page'
[-] Failed to modify internal properties. Status Code: 401
I get Invalid authentication request so I need more than the token here ? I logged the response
appreciated
Can you give me a screenshot of burp?
I don't use burp, I just modified lines so that it logs response.headers and response.content.
response = requests.post(uri, headers=headers, params=params, verify=False)
if response.status_code == 200:
self.custom_print("Internal properties modified successfully.", "+")
return True
else:
print('')
print(response.headers)
print(response.content)
self.custom_print(
f"Failed to modify internal properties. Status Code: {response.status_code}",
"-",
)
return False
If you really wish I will check that
The problem is I don't know where you got the problem
oh geez, I was referring to the other repo which has exploit.py Ok with your exploit if I try to run the command, I get the following Match failed
command > ls
[-] Match failed. Response text:
<!DOCTYPE html>
<html lang="en">
<head>
<title>Log in to TeamCity — TeamCity</title>
<link rel="Shortcut Icon" href="https://github.com/favicon.ico;TCSESSIONID=9A7434B5281F9F53EBAD8636BA5F9B45?v10" target="_blank" rel="nofollow" type="image/x-icon" sizes="16x16 32x32"/>
<meta charset="UTF-8">
<meta name="format-detection" content="telephone=no"/>
<meta name="application-name" content="TeamCity (Log in to TeamCity &mdash; TeamCity)"/>
<meta name="description" content="Powerful Continuous Integration and Build Server"/>
<meta name="viewport" content="width=1000"/>
<link rel="apple-touch-icon" sizes="57x57" href="/img/icons/apple-touch-icon-57x57.png;TCSESSIONID=9A7434B5281F9F53EBAD8636BA5F9B45"/>
<link rel="apple-touch-icon" sizes="60x60" href="/img/icons/apple-touch-icon-60x60.png;TCSESSIONID=9A7434B5281F9F53EBAD8636BA5F9B45"/>
<link rel="apple-touch-icon" sizes="72x72" href="/img/icons/apple-touch-icon-72x72.png;TCSESSIONID=9A7434B5281F9F53EBAD8636BA5F9B45"/>
<link rel="apple-touch-icon" sizes="76x76" href="/img/icons/apple-touch-icon-76x76.png;TCSESSIONID=9A7434B5281F9F53EBAD8636BA5F9B45"/>
<link rel="apple-touch-icon" sizes="114x114" href="/img/icons/apple-touch-icon-114x114.png;TCSESSIONID=9A7434B5281F9F53EBAD8636BA5F9B45"/>
<link rel="apple-touch-icon" sizes="120x120" href="/img/icons/apple-touch-icon-120x120.png;TCSESSIONID=9A7434B5281F9F53EBAD8636BA5F9B45"/>
<link rel="apple-touch-icon" sizes="144x144" href="/img/icons/apple-touch-icon-144x144.png;TCSESSIONID=9A7434B5281F9F53EBAD8636BA5F9B45"/>
<link rel="apple-touch-icon" sizes="152x152" href="/img/icons/apple-touch-icon-152x152.png;TCSESSIONID=9A7434B5281F9F53EBAD8636BA5F9B45"/>
<link rel="apple-touch-icon" sizes="180x180" href="/img/icons/apple-touch-icon-180x180.png;TCSESSIONID=9A7434B5281F9F53EBAD8636BA5F9B45"/>
<link rel="mask-icon" href="/img/icons/teamcity.black.svg;TCSESSIONID=9A7434B5281F9F53EBAD8636BA5F9B45?v2" color="black"/>
<meta name="msapplication-TileColor" content="#000000"/>
<meta name="msapplication-TileImage" content="/img/icons/mstile-144x144.png;TCSESSIONID=9A7434B5281F9F53EBAD8636BA5F9B45"/>
<meta name="msapplication-square70x70logo" content="/img/icons/mstile-70x70.png;TCSESSIONID=9A7434B5281F9F53EBAD8636BA5F9B45"/>
<meta name="msapplication-square150x150logo" content="/img/icons/mstile-150x150.png;TCSESSIONID=9A7434B5281F9F53EBAD8636BA5F9B45"/>
<meta name="msapplication-wide310x150logo" content="/img/icons/mstile-310x150.png;TCSESSIONID=9A7434B5281F9F53EBAD8636BA5F9B45"/>
<meta name="msapplication-square310x310logo" content="/img/icons/mstile-310x310.png;TCSESSIONID=9A7434B5281F9F53EBAD8636BA5F9B45"/>
<meta name="tc-csrf-token" content="69f46693-6609-452a-8712-43920e4b0760"/>
<meta name="robots" content="noindex" />
<style id="18bb3fb7244" type="text/css">
@import "/res/6114880409683721742.css;TCSESSIONID=9A7434B5281F9F53EBAD8636BA5F9B45?v=1699531611296";
</style>
<script type="text/javascript" src="/res/-3603535750726916660.js;TCSESSIONID=9A7434B5281F9F53EBAD8636BA5F9B45?v=1699531611296"></script>
<script type="text/javascript">
var base_uri=window.location.protocol+"//"+window.location.host+"";
</script>
<script type="text/javascript" src="/res/-6060474511570324796.js;TCSESSIONID=9A7434B5281F9F53EBAD8636BA5F9B45?v=1699531611296"></script>
<style id="18bb3fb7245" type="text/css">
@import "/res/459560978433157637.css;TCSESSIONID=9A7434B5281F9F53EBAD8636BA5F9B45?v=1699531611296";
</style>
<script type="text/javascript" src="/res/5833290380196265600.js;TCSESSIONID=9A7434B5281F9F53EBAD8636BA5F9B45?v=1699531611296"></script>
<script type="text/javascript">
window.$j = jQuery.noConflict();
</script>
<script type="text/javascript" src="/res/-5410233700357870077.js;TCSESSIONID=9A7434B5281F9F53EBAD8636BA5F9B45?v=1699531611296"></script>
<script type="text/javascript" src="/res/-4735258447288317237.js;TCSESSIONID=9A7434B5281F9F53EBAD8636BA5F9B45?v=1699531611296"></script>
<script type="text/javascript" src="/res/-4985008087834695917.js;TCSESSIONID=9A7434B5281F9F53EBAD8636BA5F9B45?v=1699531611296"></script>
<script type="text/javascript">
var internalProps = [];
internalProps['teamcity.ui.experimental'] = 'enableDefault';
internalProps['teamcity.ui.useServiceWorkers'] = true;
internalProps['teamcity.ui.forceServiceWorkerSkipWaiting'] = true;
internalProps['teamcity.ui.websocket.connectTimeout'] = 3000;
internalProps['teamcity.ui.webSocket.logToConsole'] = false;
internalProps['teamcity.ui.pollInterval'] = 6;
internalProps['teamcity.ui.serverAvailability.pollInterval'] = 3;
internalProps['teamcity.ui.events.pollInterval'] = 6;
internalProps['teamcity.ui.systemProblems.pollInterval'] = 40;
internalProps['teamcity.ui.problemsSummary.pollInterval'] = 8;
internalProps['teamcity.ui.buildQueueEstimates.pollInterval'] = 10;
internalProps['teamcity.ui.subscriptions.debounceInterval'] = 3000;
// Doesn't use BS.SubscriptionManager and standard subscription mechanism
internalProps['teamcity.ui.cleanupNotificatorProgress.pollInterval'] = 6;
internalProps['teamcity.ui.codeMirrorEditor.enabled'] = true;
internalProps['teamcity.ui.customConfirm'] = false;
internalProps['teamcity.ui.restBreadcrumbs.popupInMainLink.enabled'] = false;
internalProps['teamcity.ui.serverRestart.warningDelay'] = 120;
internalProps['teamcity.ui.serverUpdate.warningDelay'] = 120;
internalProps['teamcity.ui.editSettings.showResolveValueIcon'] = false;
internalProps['teamcity.ui.changesPage.singleExpandedNodeOnly'] = true;
internalProps['teamcity.ui.rest.base'] = '/app/rest/ui';
internalProps['teamcity.internal.buildChangesPopupLimit'] = '100';
internalProps['teamcity.internal.agent.distribution.jdk.bundle.enabled'] = false
internalProps['teamcity.development.mode'] = false;
internalProps['teamcity.ui.showObligatoryHints'] = false;
internalProps['teamcity.ui.showLicenseAgreementToAllUsers'] = true;
internalProps['teamcity.ui.showNoCompatibleAgentsPopup'] = true;
internalProps['teamcity.ui.showDownloadAllArtifactsLink'] = true;
internalProps['teamcity.ui.newBuildParametersTab'] = true;
internalProps['teamcity.ui.newInvestigationsPage'] = false;
internalProps['teamcity.ui.newMatrixBuildSection'] = false;
internalProps['teamcity.ui.rememberTestGroupingMode'] = true;
internalProps['teamcity.ui.sakuraQueuePage.enabled'] = true;
internalProps['teamcity.ui.buildlog.search.enabled'] = true;
internalProps['teamcity.ui.customWelcomeTitle'] = '';
internalProps['teamcity.ui.showExperimentalUIWelcome'] = true;
internalProps['teamcity.ui.sakuraInvestigationsTab'] = false;
internalProps['teamcity.ui.requestPoolSize'] = 5;
internalProps['teamcity.ui.internalSubscriptionsAutobatching'] = true;
internalProps['teamcity.ui.newAgentCompatibleConfigurationsTab'] = false;
internalProps['teamcity.ui.newAgentPoolManagement'] = true;
internalProps['teamcity.ui.newAgentParametersTab'] = false;
internalProps['teamcity.overviewPage.buildTypes.limit'] = 200;
internalProps['teamcity.ui.agentPreviewsUpdateTimeout'] = 8000;
internalProps['teamcity.ui.agentDataUpdateTimeout'] = 8000;
internalProps['teamcity.ui.statuses.throttleInterval'] = -1;
internalProps['teamcity.ui.supportLink.enabled'] = true;
try {
internalProps['teamcity.ui.tabs.linkToMainUI.build'] = '';
internalProps['teamcity.ui.tabs.linkToMainUI.buildType'] = '';
internalProps['teamcity.ui.tabs.linkToMainUI.project'] = '';
} catch (error) {
console.log('Iframe Adapter blacklist properties have not been correctly specified');
}
internalProps['teamcity.ui.tabs.buildType.chain'] = true;
internalProps['teamcity.ui.sidebar.skipWSEventsSubscription'] = true;
internalProps['teamcity.cloudProfiles.hiddenCloudTypes'] = '';
internalProps['teamcity.pipelines.enabled'] = false;
internalProps['teamcity.pipelines.projects.enabled'] = true;
internalProps['teamcity.pipelines.jobCountSoftLimit'] = 20;
internalProps['teamcity.pipelines.jobCountHardLimit'] = 30;
internalProps['teamcity.pipelines.gitHubConnectionId'] = 'tc-cloud-github-connection';
internalProps['teamcity.pipelines.featuresWaitingForBackend'] = false;
internalProps['teamcity.ui.sakura.releaseBanner.enabled'] = true;
internalProps['teamcity.hidden.artifacts.use.extended.names'] = true;
internalProps['teamcity.ui.darkTheme.allowed'] = true;
internalProps['teamcity.ui.darkTheme.adapter.enabled'] = true;
</script>
<script type="text/javascript" src="/res/-4634852899786694785.js;TCSESSIONID=9A7434B5281F9F53EBAD8636BA5F9B45?v=1699531611296"></script>
<script type="text/javascript" src="/res/2083999511917917652.js;TCSESSIONID=9A7434B5281F9F53EBAD8636BA5F9B45?v=1699531611296"></script>
<style id="18bb3fb7246" type="text/css">
@import "/res/-3342039278521329535.css;TCSESSIONID=9A7434B5281F9F53EBAD8636BA5F9B45?v=1699531611296";
</style>
<link data-ignore-dark-theme-adapter href="/js/ring/styles.ec0f005dfe9f707a247c.css" rel="stylesheet">
<script src="/js/ring/vendors-node_modules_atlaskit_logo_dist_esm_bitbucket-logo_icon_js-node_modules_hypnosphi_rec-9fb90f.ddeece374971f624eadb.js"></script>
<script src="/js/ring/bundle.6912ca50eec620198278.js"></script>
<style id="18bb3fb7247" type="text/css">
@import "/res/-1503540342333606626.css;TCSESSIONID=9A7434B5281F9F53EBAD8636BA5F9B45?v=1699531611296";
</style>
<script type="text/javascript" src="/res/-419506198816766862.js;TCSESSIONID=9A7434B5281F9F53EBAD8636BA5F9B45?v=1699531611296"></script>
<script>
ReactUI.setGlobalTheme();
</script>
<script type="text/javascript">
$j(document).ready(function($) {
var loginForm = $('.loginForm');
$("#username").focus();
loginForm.attr('action', '/loginSubmit.html;TCSESSIONID=9A7434B5281F9F53EBAD8636BA5F9B45');
loginForm.submit(function() {
return BS.LoginForm.submitLogin();
});
if (BS.Cookie.get("__test") != "1") {
$("#noCookiesEnabledMessage").show();
}
if (BS.Cookie.get("RecentLogin") !== null) {
const errBlock = document.querySelector('#errorMessage');
errBlock.textContent = "Clear the browser cookies or restart the browser to log in.";
errBlock.style.display = "block";
BS.Cookie.remove("RecentLogin");
}
if ($('#fading').length > 0) {
BS.Highlight('fading');
}
const username = {
name: 'Username',
input: document.getElementById('username'),
error: document.getElementById('username-error'),
maxLength: 60
};
const password = {
name: 'Password',
input: document.getElementById('password'),
error: document.getElementById('password-error'),
maxLength: 128
};
const submit = document.querySelector('.loginButton');
function validateInput({name, input, error, maxLength}) {
if (input.value.length > maxLength) {
input.classList.add('errorField');
error.textContent = name + ' should be no longer than ' + maxLength + ' characters';
return false
} else {
input.classList.remove('errorField');
error.textContent = '';
return true;
}
}
function handleChange() {
const usernameValid = validateInput(username);
const passwordValid = validateInput(password);
submit.disabled = !usernameValid || !passwordValid;
}
username.input.addEventListener('input', handleChange);
password.input.addEventListener('input', handleChange);
});
</script>
</head>
<body>
<div id="loginPage" class="initialPage">
<div class="page-content-wrapper">
<div id="pageContent">
<span class="logo" title="TeamCity"></span>
<h1 id="header">Log in to TeamCity</h1>
<!-- START EXTENSION CONTENT jetbrains.buildServer.serverSide.oauth.BaseOAuthAuthentication$3: name:Google-login: /oauth/google/loginViaGoogle.jsp -->
<a href="/oauth/google/login.html;TCSESSIONID=9A7434B5281F9F53EBAD8636BA5F9B45" title="Log in with Google"><span class="loginIcon_google"/></a>
<!-- END EXTENSION CONTENT jetbrains.buildServer.serverSide.oauth.BaseOAuthAuthentication$3 -->
<div id="errorMessage" style="display: block;">Invalid authentication request or authentication scheme is not supported</div>
<div id="loginForm" >
<form class="loginForm" method="post">
<div>
<label for="username">Username</label>
<input class="text" id="username" type="text" name="username">
<span class="error" id="username-error"></span>
</div>
<div>
<label for="password">Password</label>
<input class="text" id="password" type="password" name="password">
<span class="error" id="password-error"></span>
</div>
<div class="remember-section">
<div class="remember-section__inner">
<span class="custom-checkbox ring-checkbox-checkbox checkbox"
>
<input type="checkbox"
class="custom-checkbox_input ring-checkbox-input"
name="remember"
id="remember"
checked
value="true">
<span class="ring-checkbox-cell">
<span
class="svg-icon ring-checkbox-check ring-checkbox-icon ring-icon-icon"
><svg xmlns="http://www.w3.org/2000/svg" width="14" height="14"><path d="M11.78 3.1497C12.0425 3.37384 12.0736 3.76835 11.8495 4.03085L6.30786 10.5208C5.79248 11.1243 4.87455 11.1675 4.30485 10.6149L2.18984 8.56337C1.94208 8.32304 1.93605 7.92736 2.17638 7.67959C2.41671 7.43182 2.81239 7.42579 3.06016 7.66612L5.17516 9.71763C5.22695 9.76787 5.3104 9.76395 5.35725 9.70908L10.8989 3.21915C11.123 2.95665 11.5175 2.92555 11.78 3.1497Z"/></svg></span>
</span>
<input type="hidden" name="_remember" value="">
</span>
<label class="rememberMe" for="remember">Remember me</label></div>
<span id="resetPasswordContainer"></span>
</div>
<noscript>
<div class="noJavaScriptEnabledMessage">
Please enable JavaScript in your browser to proceed with the login.
</div>
</noscript>
<div id="noCookiesEnabledMessage" class="noCookiesEnabledMessage" style="display: none;">
Please enable cookies in your browser to proceed with the login.
</div>
<div class="buttons">
<input class="btn loginButton" type="submit" name="submitLogin" value="Log in">
<div class="loader-cell"><i id="saving" style="display: none; " class="ring-loader-inline progressRing progressRingSubmitBlock" title="Please wait..."></i></div>
</div>
<input type="hidden" id="publicKey" name="publicKey" value="00be9917841c012d1a336b367086fc87f33be235b3e3a9bfe3c53b311b9cfd4d2190b8b80a7cced6efd13ca599e42c034ae36de169ed60da39fe6dedc96b4228adedec2eb047150908d3cc517d834f469be67d89f131aa69f89ea438298c715ddeb1b9e2e9ff222791f206e66638c8d386436d327c52245bd891e1e8c8549ebb13"/>
</form>
</div>
<!-- START EXTENSION CONTENT jetbrains.buildServer.web.forbiddenDomains.ForbiddenDomainHeaderWarning$Extension: name:jetbrains.buildServer.web.forbiddenDomains.ForbiddenDomainHeaderWarning: /forbiddenDomainWarning.jsp -->
<!-- END EXTENSION CONTENT jetbrains.buildServer.web.forbiddenDomains.ForbiddenDomainHeaderWarning$Extension -->
<div class="version">
<span class="greyNote version"><span class="vWord">Version</span> 2023.05.4 (build 129421)</span>
</div>
</div>
</div>
</div>
<div data-iframe-height></div>
</body>
</html>
I just put the whole response,
You did not use my script completely, so the authentication failure caused the script to jump to the teamcity login interface when accessing any URI.
Hi. Why did my execution result be like this, fully executed your script. What to look out fo
It means that the origin header needs to be added. Can you help determine which function is causing the problem?
Try it again now.