|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| |
|
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9145
People Online:
Visitors: 838
Members: 0
Total: 838
|
|
|
|
|
|
PacketStorm News |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
phpBB3 Login Backdoor |
|
Posted: Sun Feb 15, 2009 4:49 pm |
|
|
azzido |
Beginner |
|
|
Joined: Feb 09, 2009 |
Posts: 2 |
|
|
|
|
|
|
|
Code: | #!/usr/bin/python
#This is a phpBB scanner, searches if vulnerable paths
#exist. Put phpvuln.txt in the dir
#at which you are running this script.
#Every path in phpvuln.txt has a vuln. or an exploit for it.
#(considering its the right version)
#Changelog v1.2 : added update function
#Changelog v1.1 : added verbose mode, changed http
#response bug, added new vuln. paths
#http://www.darkc0de.com
##d3hydr8[at]gmail[dot]com
import sys, httplib, time, urllib2
def getserv(path):
try:
h = httplib.HTTP(host+":"+port)
h.putrequest("HEAD", path)
h.putheader("Host", host)
h.endheaders()
status, reason, headers = h.getreply()
except:
print "\n[-] Error: Name or service not known. Check your host.\n"
sys.exit(1)
return status, reason, headers.get("Server")
def timer():
now = time.localtime(time.time())
return time.asctime(now)
def title():
print "\n\t d3hydr8[at]gmail[dot]com PhpBBscanner v1.2"
print "\t--------------------------------------------------"
def update():
try:
lines = open("phpvuln.txt", "r").readlines()
except(IOError):
print "[-] Error: Check your phpvuln.txt path and permissions"
print "[-] Update Failed\n"
sys.exit(1)
try:
paths = urllib2.urlopen("http://www.darkc0de.com/scanners/phpvuln.txt").readlines()
except:
print "[-] Error: Couldn't connect to remote database"
print "[-] Update Failed\n"
sys.exit(1)
if len(paths) > len(lines):
dif = int(len(paths)-len(lines))
print "[+] Found:",dif,"updates"
print "\n[+] Writing Updates"
file = open("phpvuln.txt", "a")
for path in paths[-dif:]:
if path[-1:] == "\n":
path = path[:-1]
print "[+] New:",path
file.writelines(path+"\n")
file.close()
print "\n[+] Update Complete\n"
else:
print "[-] No Updates Available\n"
sys.exit(1)
if len(sys.argv) >= 5 or len(sys.argv) == 1:
title()
print "\n\t[+] Usage: ./phpbbscan.py <host> <port>\n"
print "\t[options]"
print "\t -v/-verbose : Shows all http requests and responses"
print "\t -u/-update : Updates phpvuln.txt with the latest"
print "\n\t[+] Ex. ./phpbbscan.py -update"
print "\t[+] Ex. ./phpbbscan.py google.com 80 -verbose\n"
sys.exit(1)
title()
if sys.argv[1].lower() == "-u" or sys.argv[1].lower() == "-update":
print "\n[+] Updating Database File"
update()
host = sys.argv[1]
port = sys.argv[2]
for arg in sys.argv[1:]:
if arg.lower() == "-v" or arg.lower() == "-verbose":
verbose = 1
else:
verbose = 0
if host[:7] == "http://":
host = host.replace("http://","")
if host[-1] == "/":
host = host[:-1]
print "[+] Getting responses"
okresp,reason,server = getserv("/")
badresp = getserv("/d3hydr8.html")[:1]
if okresp == badresp[0]:
print "\n[-] Responses matched, try another host.\n"
sys.exit(1)
else:
print "\n[+] Target host:",host
print "[+] Target port:",port
print "[+] Target server:",server
print "[+] Target OK response:",okresp
print "[+] Target BAD response:",badresp[0], reason
print "[+] Scan Started at",timer()
if verbose ==1:
print "\n[+] Verbose Mode On"
dirs = ["/","/bb/","/phpbb/","/forum/","/forums/","/phpBB2/","/phpbb/phpBB2/"]
try:
lines = open("phpvuln.txt", "r").readlines()
print "\n[+]",len(lines)*len(dirs),"paths loaded\n"
except(IOError):
print "[-] Error: Check your vulnerabilities list path\n"
sys.exit(1)
vulns = []
print "[+] Scanning...\n"
for d in dirs:
for line in lines:
status, reason = getserv(d+line[:-1])[:2]
if verbose ==1:
print "[+]",status,reason,":",d+line,"\n"
if status == okresp:
vulns.append(d+line)
print "\t[!]",status,reason,":",d+line,"\n"
if status == int(401):
print "\t--",status,reason,":Needs Authentication [",d+line,"]\n"
if len(vulns) == 0:
print "[-] Couldn't find any vuln. paths\n"
else:
print "[!] Found",len(vulns),"possible vulnerabilities, check manually.\n"
for vuln in vulns:
print "\t[+] ",vuln
print "\n[+] Scan completed at", timer(),"\n" |
|
|
|
|
|
|
|
|
|
Posted: Sun Feb 15, 2009 5:58 pm |
|
|
pexli |
Valuable expert |
|
|
Joined: May 24, 2007 |
Posts: 665 |
Location: Bulgaria |
|
|
|
|
|
|
Again bullshitts.
Code: | #This is a phpBB scanner, searches if vulnerable paths
#exist. Put phpvuln.txt in the dir
#at which you are running this script.
#Every path in phpvuln.txt has a vuln. or an exploit for it.
#(considering its the right version) |
|
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|