xiphosresearch / exploits Goto Github PK

View Code? Open in Web Editor NEW

1.5K 1.5K 584.0 2.47 MB

Miscellaneous exploit code

Home Page: http://www.xiphosresearch.com/

Python 54.54% PHP 42.79% Shell 1.60% Makefile 0.18% Assembly 0.22% JavaScript 0.67%

bypass exploits hacking php poc python rce security tr-064 windows

exploits's People

Stargazers

Watchers

Forkers

zbender carnal0wnage frbayart codecrack3 0xag rbmintz bhutabe arm13 detrojones conqu3r kryptpt chennqqi haxsscker tourountzis 00derp ksmaheshkumar bupt007 saimshuja fungoshacks freeconn neversatisfied 0x6b386f xbzbing paulwilke sunny456 askk q1f3 atiporn wy931207 whitematt3r toosgle theralfbrown cinno asshurtmacfags rootsecurity zhuyue1314 shekkbuilder flamngoo arunnair80 f0restw0w ssdtfarm caoimhinp sysalong s3c-d43m0n xiaofengtongxue go-spider markogrady1 jason3e7 0xdec0de8 vysecurity cephurs hakaseshounen engizneer unxi0101 initpwn ru0 fixerfixer 0x3301 emilyanncr triplekill raikikon 00kush00 miragshin satishb3 schrodyn sandeepl337 cor3sm4sh3r security-prince chaturaphut sn0wdown coffeehb frankxayachack magma2 0xgerard kirkwoodcis richiprieto jbarcia m31n99 megamindat webvul blursight tit0n cyri1s bhafsec wflk kenshin17 blackstaar waldoalvarez00 jijicanyu cyberintruder laumarot jeperez cheshire-jack malwares naneer smallmeet lucabongiorni idkwim hungnv0789 evilhat

exploits's Issues

AttributeError: 'NoneType' object has no attribute 'read'

I am getting this error when executing this exploit. It happens on when the script is uploading the exploit. Host is running Joomla 3.6.3.

Should I be pointing the script to the login page or the home page?

thanks

root@kali:/tmp# ./joomra.py -u none -e [email protected] http://xxx.xxx.xxx.xxx

 @@@   @@@@@@    @@@@@@   @@@@@@@@@@   @@@@@@@    @@@@@@    @@@@@@   @@@  
 @@@  @@@@@@@@  @@@@@@@@  @@@@@@@@@@@  @@@@@@@@  @@@@@@@@  @@@@@@@@  @@@  
 @@!  @@!  @@@  @@!  @@@  @@! @@! @@!  @@!  @@@  @@!  @@@  @@!  @@@  @@!  
 !@!  !@!  @!@  !@!  @!@  !@! !@! !@!  !@!  @!@  !@!  @!@  !@!  @!@  !@   
 !!@  @!@  !@!  @!@  !@!  @!! !!@ @!@  @!@!!@!   @!@!@!@!  @!@!@!@!  @!@  
 !!!  !@!  !!!  !@!  !!!  !@!   ! !@!  !!@!@!    !!!@!!!!  !!!@!!!!  !!!  
 !!:  !!:  !!!  !!:  !!!  !!:     !!:  !!: :!!   !!:  !!!  !!:  !!!

[-] Getting token
[-] Creating user account
[-] Getting token for admin login
[-] Logging in to admin
[+] Admin Login Success!
[+] Getting media options
[+] Setting media options
[*] Uploading exploit.pht
[*] Uploading exploit to: http://xxx.xxx.xxx.xxx/images/FGIA7RIB7.pht
Traceback (most recent call last):
File "./joomra.py", line 249, in <module>
sys.exit(main("http://192.168.10.100:8080/joomla"))
File "./joomra.py", line 243, in main
if pwn_joomla(options):
File "./joomra.py", line 218, in pwn_joomla
return stage_two(options, sess)
File "./joomra.py", line 123, in stage_two
return upload_file(options, sess, image_path)
File "./joomra.py", line 141, in upload_file
resp = sess.post(upload_url, files=files, data=data, verify=False)
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 535, in post
return self.request('POST', url, data=data, json=json, **kwargs)
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 474, in request
prep = self.prepare_request(req)
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 407, in prepare_request
hooks=merge_hooks(request.hooks, self.hooks),
File "/usr/lib/python2.7/dist-packages/requests/models.py", line 305, in prepare
self.prepare_body(data, files, json)
File "/usr/lib/python2.7/dist-packages/requests/models.py", line 483, in prepare_body
(body, content_type) = self._encode_files(files, data)
File "/usr/lib/python2.7/dist-packages/requests/models.py", line 158, in _encode_files
fdata = fp.read()
AttributeError: 'NoneType' object has no attribute 'read'

No Mail to give mail id

[-] Getting token
[-] Creating user account
[-] Getting token for admin login
[-] Logging in to admin
[!] Admin Login Failure!
[-] Check email for activation code
[?] Press any key after activation

[email protected]
I am not getting any activation mail?

DoubtfullyMalignant.py - Does not run on Python 2.7 /3.5

DoubtfullyMalignant.py

On v2.7 you get: ImportError: No module named socketserver
On v3.5 you get: SyntaxError: Missing parentheses in call to 'print'

Affected systems: Ubuntu Server and Windows 7

Please fix.

Cannot find CSRF token !

when runnig this script i have message: Cannot find CSRF token
does it means that my website is not vulnerable?

Line 46 Fix

exploits/Joomblah/joomblah.py

Line 46 in 44bf14d

result += value

Line 46 needs to be fixed to: result += value.decode('utf-8')

Can only concatenate str

python joomblah.py http://10.xx.xx.xx.

Traceback (most recent call last):
File "joomblah.py", line 186, in
sys.exit(main("http://IP:8080/joomla"))
File "joomblah.py", line 183, in main
pwn_joomla_again(options)
File "joomblah.py", line 147, in pwn_joomla_again
tables = extract_joomla_tables(options, sess, token)
File "joomblah.py", line 74, in extract_joomla_tables
result = joomla_370_sqli_extract(options, sess, token, "TABLE_NAME", "FROM information_schema.tables WHERE TABLE_NAME LIKE 0x257573657273 LIMIT " + str(offset) + ",1" )
File "joomblah.py", line 46, in joomla_370_sqli_extract
result += value
TypeError: can only concatenate str (not "bytes") to str

Do we release RCE as SYSTEM for that Zoho product?

It's been 6 months, no bug bounty pay-out, they stopped replying to my emails...

Have verified exploit works with latest version, one executable (the exploitable one) has same MD5 hash, the other executable has same hard-coded auth string.

People gotta know.

Script Stops after finding table

Script stops after :-
[-] Fetching CSRF token
[-] Testing SQLi

Found table: b'fb9j5_users'
Extracting users from b'fb9j5_users'
Extracting sessions from b'fb9j5_usession
Can Just Anyone help me to solve this issue

Typo in joomraa.py line 187

https://github.com/XiphosResearch/exploits/blob/master/Joomraa/joomraa.py

line 187: except Excption:

Changing it to except Exception: worked for me.

Thanks for sharing the exploit. It is super easy to use.

After exploit when try to login: "Cannot open file for writing log"

After I use joomra on my site appears this error in admin page:

but joomra returns me that account was created and loginin was success (althought it returns me a failure anyway):

KeyError: 'hits'

After getting shell when I want to run my commands I got this error:

Traceback (most recent call last):
  File "elastic_shell.py", line 56, in <module>
    main(args=sys.argv)
  File "elastic_shell.py", line 53, in main
    exploit(target=args[1])
  File "elastic_shell.py", line 47, in exploit
    execute_command(target=target, command=cmd)
  File "elastic_shell.py", line 36, in execute_command
    fuckingjson = values['hits']['hits'][0]['fields']['lupin'][0]
KeyError: 'hits'

These modifications on your exploit

bro i add your exploit to my mass exploit bot.. and i make these modifications:


import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

and


resp = sess.get(options.url + "/index.php/component/users/?view=login", verify=False)

To take off warning and ssl certificate check ;))

see ya

link: https://github.com/anarcoder/google_explorer/blob/beta_version/exploits/joomraa.py

CSFR token

python joom.py -u hacker -p password1 -e [email protected] http://website.com/joomla

 @@@   @@@@@@    @@@@@@   @@@@@@@@@@   @@@@@@@    @@@@@@    @@@@@@   @@@  
 @@@  @@@@@@@@  @@@@@@@@  @@@@@@@@@@@  @@@@@@@@  @@@@@@@@  @@@@@@@@  @@@  
 @@!  @@!  @@@  @@!  @@@  @@! @@! @@!  @@!  @@@  @@!  @@@  @@!  @@@  @@!  
 !@!  !@!  @!@  !@!  @!@  !@! !@! !@!  !@!  @!@  !@!  @!@  !@!  @!@  !@   
 !!@  @!@  !@!  @!@  !@!  @!! !!@ @!@  @!@!!@!   @!@!@!@!  @!@!@!@!  @!@  
 !!!  !@!  !!!  !@!  !!!  !@!   ! !@!  !!@!@!    !!!@!!!!  !!!@!!!!  !!!  
 !!:  !!:  !!!  !!:  !!!  !!:     !!:  !!: :!!   !!:  !!!  !!:  !!!

!!: :!: :!: !:! :!: !:! :!: :!: :!: !:! :!: !:! :!: !:! :!:
::: : :: ::::: :: ::::: :: ::: :: :: ::: :: ::: :: ::: ::
: ::: : : : : : : : : : : : : : : : : : :::

[-] Getting token
[!] Cannot find CSRF token
[*] FAILURE

xiphosresearch / exploits Goto Github PK

exploits's People

Stargazers

Watchers

Forkers

exploits's Issues

Recommend Projects

Recommend Topics

Recommend Org