Hi guys .
[V]bulletin Security Fingerprinter v1.0
#!/bin/bash
#
# VB-SFp - v1.0 [ public release ] - 240
#
# RHH - Vbulletin Security Fingerprinter
#
# Author: Red V!per
# Date: 2013 19 November
# Web: www.redhathackers.org
# E-mail: beni_vanda[at]yahoo[dot]com
#
#
TIME="0" # sleep time among each request
CURL="/usr/bin/curl"
GREP="/bin/grep"
CUT="/usr/bin/cut"
B="\033[1m"
N="\033[0m"
L="\033[5m"
C="\033[m"
STRXPL="$B[+] EXPLOIT:$N"
Version=''
USER_AGENT="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6.4; .NET CLR 1.1.4322; FDM; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
url=$1
vbulletin=(
/archive/archive.css
/clientscript/vbulletin_ajax_htmlloader.js
/clientscript/vbulletin_ajax_imagereg.js
/clientscript/vbulletin_ajax_namesugg.js
/clientscript/vbulletin_ajax_nameverif.js
/clientscript/vbulletin_ajax_quote.js
/clientscript/vbulletin_ajax_reputation.js
/clientscript/vbulletin_ajax_search.js
/clientscript/vbulletin_ajax_taglist.js
/clientscript/vbulletin_ajax_tagsugg.js
/clientscript/vbulletin_ajax_threadrate.js
/clientscript/vbulletin_ajax_threadslist.js
/clientscript/vbulletin_ajax_userlist.js
/clientscript/vbulletin_ajax_wolresolve.js
/clientscript/vbulletin_album.js
/clientscript/vbulletin_attachment.js
/clientscript/vbulletin_backgroundpicker.js
/clientscript/vbulletin_colorpicker.js
/clientscript/vbulletin_cpcolorpicker.js
/clientscript/vbulletin_cphome_scripts.js
/clientscript/vbulletin_cpoptions_scripts.js
/clientscript/vbulletin_custom_profile.js
/clientscript/vbulletin_date_picker.css
/clientscript/vbulletin_date_picker.js
/clientscript/vbulletin_editor.css
/clientscript/vbulletin_global.js
/clientscript/vbulletin_group_read_marker.js
/clientscript/vbulletin_important.css
/clientscript/vbulletin_inlinemod.js
/clientscript/vbulletin_lightbox.js
/clientscript/vbulletin_md5.js
/clientscript/vbulletin_menu.js
/clientscript/vbulletin_multi_quote.js
/clientscript/vbulletin_notifications_nopopups.js
/clientscript/vbulletin_post_loader.js
/clientscript/vbulletin_profilefield_edit.js
/clientscript/vbulletin_quick_comment.js
/clientscript/vbulletin_quick_comment_generic.js
/clientscript/vbulletin_quick_edit_groupmessage.js
/clientscript/vbulletin_quick_edit_picturecomment.js
/clientscript/vbulletin_quick_edit_visitormessage.js
/clientscript/vbulletin_quick_reply.js
/clientscript/vbulletin_read_marker.js
/clientscript/vbulletin_settings_validate.js
/clientscript/vbulletin_tabctrl.css
/clientscript/vbulletin_tabctrl.js
/clientscript/vbulletin_tabctrl_rtl.css
/clientscript/vbulletin_templatemgr.js
/clientscript/vbulletin_textedit.js
/clientscript/vbulletin_thrdpostlist.js
/clientscript/vbulletin_quick_edit.js
/clientscript/vbulletin_quick_edit_generic.js
/cpstyles/vBulletin_2_Default/controlpanel.css
/cpstyles/vBulletin_3_Default/controlpanel.css
/cpstyles/vBulletin_3_Frontend/controlpanel.css
/cpstyles/vBulletin_3_Manual/controlpanel.css
/cpstyles/vBulletin_3_Silver/controlpanel.css
)
Banner()
{
echo -e '\E[32m'" "; tput sgr0
echo -e '\E[32m'" __ ______ ______ _ "; tput sgr0
echo -e '\E[32m'" \ \ / / _ \ | ____(_) "; tput sgr0
echo -e '\E[32m'" \ \ / /| |_) | | |__ _ _ __ __ _ ___ _ __ "; tput sgr0
echo -e '\E[32m'" \ \/ / | _ < | __| | | '_ \ / _\ |/ _ \ '__| "; tput sgr0
echo -e '\E[32m'" \ / | |_) | | | | | | | | (_| | __/ | "; tput sgr0
echo -e '\E[32m'" \/ |____/ |_|_ |_|_| |_|\__, |\___|_| "; tput sgr0
echo -e '\E[32m'" (_) | | __/ | "; tput sgr0
echo -e '\E[32m'" _ __ _ __ _ _ __ | |_ ___ _ __ |___/ "; tput sgr0
echo -e '\E[32m'" | '_ \| '__| | '_ \| __/ _ \ '__| "; tput sgr0
echo -e '\E[32m'" | |_) | | | | | | | || __/ | "; tput sgr0
echo -e '\E[32m'" | .__/|_| |_|_| |_|\__\___|_| "; tput sgr0
echo -e '\E[32m'" | | "; tput sgr0
echo -e '\E[32m'" |_| "; tput sgr0
echo -e
echo -e "$B -.-.-.-.-.-.-.-.-#-#-#-#-#-#-#-#-#-#-.-.-.-.-.-.-.- "
echo -e " - [V]bulletin Security Fingerprinter v1.0 -"
echo -e "-#-#-#-#- Cod3d By: Red V!per [wWw.RedHatHackers.org] -#-#-#-#-"
echo -e " - IN GOD WE TRUST -"
echo -e " -.-.-.-.-.-.-.-.-#-#-#-#-#-#-#-#-#-#-.-.-.-.-.-.-.- $N "
echo
}
Usage()
{
clear
echo
echo -e "$B VB-SFp - v1.0 [public] - 240\n"
echo -e " -=============================================-\n"
echo -e " <victim> ->$N URL to victim installed Vbulletin"
echo -e " example: http://www.victim.com/vb\n"
echo -e "\n Run:$B ./VB-SFp.sh <victim> $N\n"
exit 1
}
Check_Arguments()
{
if [ -z "$url" ] || [ "$url" == "-h" ] || [ "$url" == "--help" ]; then
Usage;
exit
fi
}
Check_Vbulletin_Version()
{
for arr in "${vbulletin[@]}"
do
Get_Version $arr
if [ ! -z "$Version" ];then
break;
fi
done
if [ -z "$Version" ]
then
echo -e "$B [~] Not Found Version :| "
read -p " [~] Please Give Version Manual : " Version
echo
fi
Fingerpirint
}
Fingerpirint()
{
echo -e "$B [*] Target :\e[1;35m $url \e[0m"
echo -e "$B [*] Version :\e[1;32m $Version [Ok] \e[0m"
echo
echo -e "$B [*] \e[1;32m Avaliable Exploits for\e[0m \e[1;35m$Version \e[0m:"
echo
if [[ $Version == 3.8.4 ]] || [[ $Version == 3.8.5 ]] ; then
echo -e " $STRXPL http://1337day.com/exploit/13911 (= 3.8.4 | 3.8.5)"
echo
fi
if [[ $Version == 3.8.6 ]]; then
echo -e " $STRXPL http://1337day.com/exploit/13459 (= 3.8.6 )"
echo
fi
if [[ $Version == 4.0.4 ]]; then
echo -e " $STRXPL http://1337day.com/exploit/13743 (= 4.0.4 )"
echo
fi
if [[ $Version == 4.0.8 ]]; then
echo -e " $STRXPL http://1337day.com/exploit/14877 (= 4.0.8 )"
echo
echo -e " $STRXPL http://1337day.com/exploit/14924 (= 4.0.8 PL1 )"
echo
fi
if [[ $Version == 3.6.8 ]] || [[ $Version == 3.7.* ]] ; then
echo -e " $STRXPL http://1337day.com/exploit/15531 (= 3.6.8| 3.7.x )"
echo
fi
if [[ $Version == 3.8.* ]]; then
echo -e " $STRXPL http://1337day.com/exploit/15549 (= 3.8.x )"
echo
fi
if [[ $Version == 3.1* ]]; then
echo -e " $STRXPL http://1337day.com/exploit/15822 (= 3.1x )"
echo
fi
res1=`expr $Version '<=' '4.1.3'`
res2=`expr $Version '>=' '4.0.*'`
if [ $res1 -eq 1 -a $res2 -eq 1 ];
then
echo -e " $STRXPL http://1337day.com/exploit/16548 ( 4.0.x => 4.1.3 )"
echo
fi
res1=`expr $Version '<=' '4.1.10'`
res2=`expr $Version '>=' '4.1.7'`
if [ $res1 -eq 1 -a $res2 -eq 1 ];
then
echo -e " $STRXPL http://1337day.com/exploit/17824 ( 4.1.7 => 4.1.10 )"
echo
fi
if [[ $Version == 3.*.* ]]; then
echo -e " $STRXPL http://1337day.com/exploit/18902 (= 3.x.x )"
echo
fi
if [[ $Version == 4.0.* ]]; then
echo -e " $STRXPL http://1337day.com/exploit/16160 (= 4.0.x )"
echo
fi
res1=`expr $Version '<=' '4.1.2'`
res2=`expr $Version '>=' '4.0.*'`
if [ $res1 -eq 1 -a $res2 -eq 1 ];
then
echo -e " $STRXPL http://1337day.com/exploit/16147 ( 4.0.x => 4.1.3 )"
echo
fi
if [[ $Version == 3.8.* ]] || [[ $Version == 4.*.* ]] ; then
echo -e " $STRXPL http://1337day.com/exploit/11737 (= 3.8.x|4.x.x )"
echo
echo -e " $STRXPL http://1337day.com/exploit/20984 (= 3.8.x|4.x.x )"
echo
fi
if [[ $Version == 4.0.2 ]]; then
echo -e " $STRXPL http://1337day.com/exploit/19293 (= 4.0.2 )"
echo
fi
if [[ $Version == 3.*.* ]] || [[ $Version == 4.*.* ]] ; then
echo -e " $STRXPL http://1337day.com/exploit/19677 (= 3.x.x|4.x.x )"
echo
fi
res1=`expr $Version '<=' '1.1.9'`
if [ $res1 -eq 1 ];
then
echo -e " $STRXPL http://1337day.com/exploit/19722 ( <= 1.1.9 )"
echo
fi
res1=`expr $Version '<=' '4.2.0'`
res2=`expr $Version '>=' '3.*.*'`
if [ $res1 -eq 1 -a $res2 -eq 1 ];
then
echo -e " $STRXPL http://1337day.com/exploit/19862 ( 3.x => 4.2.0 )"
echo
fi
if [[ $Version == 4.2.0 ]]; then
echo -e " $STRXPL http://1337day.com/exploit/19874 (= 4.2.0 )"
echo
fi
if [[ $Version == 5.0.0 ]]; then
echo -e " $STRXPL http://1337day.com/exploit/19956 (= 5.0.0 )"
echo
echo -e " $STRXPL http://1337day.com/exploit/description/20002 (= 5.0.0 )"
echo
echo -e " $STRXPL http://1337day.com/exploit/description/20403 (= 5.0.0 )"
echo
fi
if [[ $Version == 4.*.* ]] || [[ $Version == 5.*.* ]] ; then
echo -e " $STRXPL http://1337day.com/exploit/20983 (= 4.x.x|5.x.x )"
echo
echo -e " $STRXPL http://1337day.com/exploit/description/21518 (= 4.x.x|5.x.x )"
echo
fi
if [[ $Version == 3.8.* ]] || [[ $Version == 4.*.* ]] ; then
echo -e " $STRXPL http://1337day.com/exploit/20984 (= 3.8.x|4.x.x )"
echo
fi
if [[ $Version == 4.0.* ]]; then
echo -e " $STRXPL http://1337day.com/exploit/21029 (= 4.0.x )"
echo
fi
}
Get_Version()
{
req=`$CURL -silent -A $USER_AGENT "$url/$1"`
Version=`echo "$req" | egrep -o 'vBulletin [0-9][^b]+' | awk '{gsub("vBulletin ","")}1' |$CUT -d ' ' -f 1`
}
Check_Arguments;
Banner
Check_Vbulletin_Version;
Download : http://www.mediafire.com/download/58ssjy6uikt59qw/vb-fingerprinter.sh
