leolion3/recover_password.py

## recover_password.py
#!/usr/bin/env python3
"""
Basic password recovery tool for HP OfficeJet 8020 EWS.
Note: the username needs to be known! The tool merely allows you unlimited login attempts.
"""
from getpass import getpass
from typing import Tuple

import requests
import random


root_url: str = ''
username: str = 'admin'


def _create_session() -> requests.session:
	"""
	Creates a new HTTP session with a fake User-Agent header.
	Current user agent is set to Opera.
	:return: the requests session object.
	"""
	s = requests.session()
	s.headers.update({
		'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0'
		})
	return s


def _get_cookie(s: requests.session) -> None:
	"""
	Fetches the sid cookie by doing a GET on the root url of the printer.
	"""
	global root_url
	r = s.get(root_url, verify=False)
	if r.status_code != 200:
		print('Error fetching cookie, incorrent url.')
		exit()

def _get_auth_credentials() -> Tuple[str, str]:
	"""
	Get the HTTP Basic Auth Credentials as a tuple.
	Requests will automatically encode the password in base64.
	:return: the HTTP Basic Auth credentials as a tuple of strings.
	"""
	global username
	password: str = getpass('Enter password: #> ')
	if not len(password.strip()):
		print('No password entered. Try again!')
		return _get_auth_credentials()
	return (username, password)


def _get_auth_client_counter() -> int:
	"""
	Generates a random number for the EWS auth security.
	:return: the random number.
	"""
	return int(round(random.randint(0, 999999)))


def _perform_login(s: requests.session, username: str, password: str, auth_client_counter: int) -> bool:
	"""
	Perform a login using the provided credentials.
	:return: True if the login succeeded, False otherwise (HTTP codes: 401 - False, 200 - True)
	"""
	url = f'{root_url}/AuthChk'
	r = s.get(url, headers={
		'X-Auth-Client-Counter': str(auth_client_counter)
		}, auth=(username, password), verify=False)
	return r.status_code == 200


def login():
	global root_url, username
	print()
	s = _create_session()
	_get_cookie(s)
	credentials: Tuple[str, str] = _get_auth_credentials()
	auth_client_counter = _get_auth_client_counter()
	if not _perform_login(s, *credentials, auth_client_counter):
		print('Wrong password, try again!')
		login()
		return
	print()
	print()
	print('Found password:', credentials[1])


if __name__ == '__main__':
	login()
	#!/usr/bin/env python3
	"""
	Basic password recovery tool for HP OfficeJet 8020 EWS.
	Note: the username needs to be known! The tool merely allows you unlimited login attempts.
	"""
	from getpass import getpass
	from typing import Tuple

	import requests
	import random


	root_url: str = ''
	username: str = 'admin'


	def _create_session() -> requests.session:
	"""
	Creates a new HTTP session with a fake User-Agent header.
	Current user agent is set to Opera.
	:return: the requests session object.
	"""
	s = requests.session()
	s.headers.update({
	'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0'
	})
	return s


	def _get_cookie(s: requests.session) -> None:
	"""
	Fetches the sid cookie by doing a GET on the root url of the printer.
	"""
	global root_url
	r = s.get(root_url, verify=False)
	if r.status_code != 200:
	print('Error fetching cookie, incorrent url.')
	exit()

	def _get_auth_credentials() -> Tuple[str, str]:
	"""
	Get the HTTP Basic Auth Credentials as a tuple.
	Requests will automatically encode the password in base64.
	:return: the HTTP Basic Auth credentials as a tuple of strings.
	"""
	global username
	password: str = getpass('Enter password: #> ')
	if not len(password.strip()):
	print('No password entered. Try again!')
	return _get_auth_credentials()
	return (username, password)


	def _get_auth_client_counter() -> int:
	"""
	Generates a random number for the EWS auth security.
	:return: the random number.
	"""
	return int(round(random.randint(0, 999999)))


	def _perform_login(s: requests.session, username: str, password: str, auth_client_counter: int) -> bool:
	"""
	Perform a login using the provided credentials.
	:return: True if the login succeeded, False otherwise (HTTP codes: 401 - False, 200 - True)
	"""
	url = f'{root_url}/AuthChk'
	r = s.get(url, headers={
	'X-Auth-Client-Counter': str(auth_client_counter)
	}, auth=(username, password), verify=False)
	return r.status_code == 200


	def login():
	global root_url, username
	print()
	s = _create_session()
	_get_cookie(s)
	credentials: Tuple[str, str] = _get_auth_credentials()
	auth_client_counter = _get_auth_client_counter()
	if not _perform_login(s, *credentials, auth_client_counter):
	print('Wrong password, try again!')
	login()
	return
	print()
	print()
	print('Found password:', credentials[1])


	if __name__ == '__main__':
	login()
No results found