blacklanternsecurity
diff --git a/‎badsecrets/modules/jsf_viewstate.py‎
Lines changed: 2 additions & 2 deletions b/‎badsecrets/modules/jsf_viewstate.py‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎badsecrets/modules/rack2_signedcookies.py‎
Lines changed: 0 additions & 2 deletions b/‎badsecrets/modules/rack2_signedcookies.py‎
Lines changed: 0 additions & 2 deletions
@@ -85,7 +85,7 @@ def myfaces_validate_decrypt(self, decrypted):
 
         if b"java." in decrypted:
             # instead of b64 encoding and looking for rO0, stay in bytes and look for as many as you can
-            if b"\xAC\xED\x00\x05" in decrypted and ord(bytes([decrypted[4]])) in list(range(112, 126)):
+            if b"\xac\xed\x00\x05" in decrypted and ord(bytes([decrypted[4]])) in list(range(112, 126)):
                 return (True, True, uncompressed)
             else:
                 return (True, False, uncompressed)
@@ -134,7 +134,7 @@ def myfaces_decrypt(self, ct_bytes, password_bytes, dec_algos, hash_sizes):
                             iv_guesses.append(password_bytes[:16])
 
                         iv_guesses.append(dec_algo.block_size * b"\x00")
-                        iv_guesses.append(dec_algo.block_size * b"\xFF")
+                        iv_guesses.append(dec_algo.block_size * b"\xff")
                         iv_guesses.append(dec_algo.block_size * b"\x61")
                         iv_guesses.append(dec_algo.block_size * b"\x41")
                         iv_guesses.append(dec_algo.block_size * b"\x30")
 
@@ -49,8 +49,6 @@ def check_secret(self, rack_cookie):
 
     def get_hashcat_commands(self, rack_cookie, *args):
         rack_cookie_split = rack_cookie.rsplit("--", 1)
-        print("rack_cookie")
-        print(rack_cookie_split)
         return [
             {
                 "command": f"hashcat -m 150 -a 0 {rack_cookie_split[1]}:{base64.b64decode(unquote(rack_cookie_split[0])).hex()} --hex-salt  <dictionary_file>",
Original file line number	Diff line number	Diff line change
`@@ -49,8 +49,6 @@ def check_secret(self, rack_cookie):`
`49`	`49`
`50`	`50`	`def get_hashcat_commands(self, rack_cookie, *args):`
`51`	`51`	`rack_cookie_split = rack_cookie.rsplit("--", 1)`
`52`		`- print("rack_cookie")`
`53`		`- print(rack_cookie_split)`
`54`	`52`	`return [`
`55`	`53`	`{`
`56`	`54`	`"command": f"hashcat -m 150 -a 0 {rack_cookie_split[1]}:{base64.b64decode(unquote(rack_cookie_split[0])).hex()} --hex-salt <dictionary_file>",`