Dark Angel Index du Forum
Dark Angel
Hacking and Reverse
 
Dark Angel Index du ForumFAQRechercherS’enregistrerConnexion

:: vBulletin ::

 
Poster un nouveau sujet   Répondre au sujet    Dark Angel Index du Forum -> Hacking -> WebApps
Sujet précédent :: Sujet suivant  
Auteur Message
Nostradamus
Membre
Membre

Hors ligne

Inscrit le: 26 Nov 2009
Messages: 33

MessagePosté le: Jeu 3 Déc - 14:12 (2009)    Sujet du message: vBulletin Répondre en citant

#!/usr/bin/python
#This is a vBulletin scanner, searches if vulnerable paths
#exist, also prints version if found. Put vbvuln.txt in the dir
#at which you are running this script.
#Every path in vbvuln.txt has a vuln. or an exploit for it.
#(considering its the right version)

#Changelog: added update function

#http://www.darkc0de.com
##d3hydr8[at]gmail[dot]com

import sys, httplib, time, urllib, re

def getserv(path):

try:
h = httplib.HTTP(host+":"+port)
h.putrequest("HEAD", path)
h.putheader("Host", host)
h.endheaders()
status, reason, headers = h.getreply()
except:
print "\n[-] Error: Name or service not known. Check your host.\n"
sys.exit(1)
return status, reason, headers.get("Server")

def timer():
now = time.localtime(time.time())
return time.asctime(now)

def getver(path):
site = urllib.urlopen("http://"+host+path).read()
version = re.findall("version \d+\.\d+\..", site.lower())
if version:
return version[0]
else:
return None

def update():
try:
lines = open("vbvuln.txt", "r").readlines()
except(IOError):
print "[-] Error: Check your phpvuln.txt path and permissions"
print "[-] Update Failed\n"
sys.exit(1)
try:
paths = urllib.urlopen("http://www.darkc0de.com/scanners/vbvuln.txt").readlines()
except:
print "[-] Error: Couldn't connect to remote database"
print "[-] Update Failed\n"
sys.exit(1)
if len(paths) > len(lines):
dif = int(len(paths)-len(lines))
print "[+] Found:",dif,"updates"
print "\n[+] Writing Updates"
file = open("vbvuln.txt", "a")
for path in paths[-dif:]:
if path[-1:] == "\n":
path = path[:-1]
print "[+] New:",path
file.writelines(path+"\n")
file.close()
print "\n[+] Update Complete\n"
else:
print "[-] No Updates Available\n"
sys.exit(1)

def title():
print "\n\t d3hydr8[at]gmail[dot]com vBulletinScan v1.1"
print "\t--------------------------------------------------"

if len(sys.argv) >= 5 or len(sys.argv) == 1:
title()
print "\n\t[+] Usage: ./vbscan.py <host> <port>\n"
print "\t[options]"
print "\t -v/-verbose : Shows all http requests and responses"
print "\t -u/-update : Updates vbvuln.txt with the latest"
print "\n\t[+] Ex. ./vbscan.py -update"
print "\t[+] Ex. ./vbscan.py google.com 80 -verbose\n"
sys.exit(1)

title()

if sys.argv[1].lower() == "-u" or sys.argv[1].lower() == "-update":
print "\n[+] Updating Database File"
update()

host = sys.argv[1]
port = sys.argv[2]

for arg in sys.argv[1:]:
if arg.lower() == "-v" or arg.lower() == "-verbose":
verbose = 1
else:
verbose = 0

if host[:7] == "http://":
host = host.replace("http://","")
if host[-1] == "/":
host = host[:-1]

print "[+] Getting responses"
okresp,reason,server = getserv("/")
badresp = getserv("/d3hydr8.html")[:1]

if okresp == badresp[0]:
print "\n[-] Responses matched, try another host.\n"
sys.exit(1)
else:
print "\n[+] Target host:",host
print "[+] Target port:",port
print "[+] Target server:",server
print "[+] Target version:",getver("/")
print "[+] Target OK response:",okresp
print "[+] Target BAD response:",badresp[0], reason
print "[+] Scan Started at",timer()
if verbose ==1:
print "\n[+] Verbose Mode On"

dirs = ["/","/vb/","vb3","/vBulletin/","/Bulletin/","/forum/","/forums/"]

try:
lines = open("vbvuln.txt", "r").readlines()
print "\n[+]",len(lines)*len(dirs),"paths loaded\n"
except(IOError):
print "[-] Error: Check your vulnerabilities list path\n"
sys.exit(1)

vulns = []
print "[+] Scanning...\n"
for d in dirs:
for line in lines:
status, reason = getserv(d+line[:-1])[:2]
if verbose ==1:
print "[+]",status,reason,":",d+line,"\n"
if status == okresp:
print "[+] Found vBulletin:",getver(d+line)
vulns.append(d+line)
print "\t[!]",status,reason,":",d+line,"\n"
if status == int(401):
print "\t[!]",status,reason,":Needs Authentication [",d+line,"]\n"

if len(vulns) == 0:
print "[-] Couldn't find any vuln. paths\n"
else:
print "[!] Found",len(vulns),"possible vulnerabilities, check manually.\n"
for vuln in vulns:
print "\t[+] ",vuln

print "\n[+] Scan completed at", timer(),"\n"


Revenir en haut
Publicité






MessagePosté le: Jeu 3 Déc - 14:12 (2009)    Sujet du message: Publicité

PublicitéSupprimer les publicités ?
Revenir en haut
Nostradamus
Membre
Membre

Hors ligne

Inscrit le: 26 Nov 2009
Messages: 33

MessagePosté le: Jeu 3 Déc - 14:13 (2009)    Sujet du message: vBulletin Répondre en citant

vBvuln.txt:


last.php
forumdisplay.php
misc.php
index.php?act=ibProArcade
impex/ImpExData.php
ImpExData.php
inlinemod.php
vbgsitemap-vbseo.php
vbgsitemap/vbgsitemap-vbseo.php
vbgsitemap/vbgsitemap-config.php
vbgsitemap-config.php
vbgsitemap/vbgsitemap-vbseo.php
vbgsitemap-vbseo.php
inferno.php
calendar.php
attachment.php
admincp/index.php
admin/index.php
global.php
mods/global.php
member.php
showthread.php
portal.php
vbugs.php
profile.php
init.php
newreply.php
newthread.php
register.php
private.php
memberlist.php
usercp.php


Revenir en haut
Contenu Sponsorisé






MessagePosté le: Aujourd’hui à 04:43 (2017)    Sujet du message: vBulletin

Revenir en haut
Montrer les messages depuis:   
Poster un nouveau sujet   Répondre au sujet    Dark Angel Index du Forum -> Hacking -> WebApps Toutes les heures sont au format GMT + 1 Heure
Page 1 sur 1

 
Sauter vers:  

Index | Panneau d’administration | créer forum | Forum gratuit d’entraide | Annuaire des forums gratuits | Signaler une violation | Conditions générales d'utilisation
HalloweenOclock © theme by larme d'ange 2006
Powered by phpBB © 2001, 2005 phpBB Group
Traduction par : phpBB-fr.com