#!/bin/bash # # VB-SFp - v1.0 [ public release ] - 240 # # RHH - Vbulletin Security Fingerprinter # # Author: Red V!per # Date: 2013 19 November # Web: www.redhathackers.org # E-mail: beni_vanda[at]yahoo[dot]com # # TIME="0" # sleep time among each request CURL="/usr/bin/curl" GREP="/bin/grep" CUT="/usr/bin/cut" B="\033[1m" N="\033[0m" L="\033[5m" C="\033[m" STRXPL="$B[+] EXPLOIT:$N" Version='' USER_AGENT="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6.4; .NET CLR 1.1.4322; FDM; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" url=$1 vbulletin=( /archive/archive.css /clientscript/vbulletin_ajax_htmlloader.js /clientscript/vbulletin_ajax_imagereg.js /clientscript/vbulletin_ajax_namesugg.js /clientscript/vbulletin_ajax_nameverif.js /clientscript/vbulletin_ajax_quote.js /clientscript/vbulletin_ajax_reputation.js /clientscript/vbulletin_ajax_search.js /clientscript/vbulletin_ajax_taglist.js /clientscript/vbulletin_ajax_tagsugg.js /clientscript/vbulletin_ajax_threadrate.js /clientscript/vbulletin_ajax_threadslist.js /clientscript/vbulletin_ajax_userlist.js /clientscript/vbulletin_ajax_wolresolve.js /clientscript/vbulletin_album.js /clientscript/vbulletin_attachment.js /clientscript/vbulletin_backgroundpicker.js /clientscript/vbulletin_colorpicker.js /clientscript/vbulletin_cpcolorpicker.js /clientscript/vbulletin_cphome_scripts.js /clientscript/vbulletin_cpoptions_scripts.js /clientscript/vbulletin_custom_profile.js /clientscript/vbulletin_date_picker.css /clientscript/vbulletin_date_picker.js /clientscript/vbulletin_editor.css /clientscript/vbulletin_global.js /clientscript/vbulletin_group_read_marker.js /clientscript/vbulletin_important.css /clientscript/vbulletin_inlinemod.js /clientscript/vbulletin_lightbox.js /clientscript/vbulletin_md5.js /clientscript/vbulletin_menu.js /clientscript/vbulletin_multi_quote.js /clientscript/vbulletin_notifications_nopopups.js /clientscript/vbulletin_post_loader.js /clientscript/vbulletin_profilefield_edit.js /clientscript/vbulletin_quick_comment.js /clientscript/vbulletin_quick_comment_generic.js /clientscript/vbulletin_quick_edit_groupmessage.js /clientscript/vbulletin_quick_edit_picturecomment.js /clientscript/vbulletin_quick_edit_visitormessage.js /clientscript/vbulletin_quick_reply.js /clientscript/vbulletin_read_marker.js /clientscript/vbulletin_settings_validate.js /clientscript/vbulletin_tabctrl.css /clientscript/vbulletin_tabctrl.js /clientscript/vbulletin_tabctrl_rtl.css /clientscript/vbulletin_templatemgr.js /clientscript/vbulletin_textedit.js /clientscript/vbulletin_thrdpostlist.js /clientscript/vbulletin_quick_edit.js /clientscript/vbulletin_quick_edit_generic.js /cpstyles/vBulletin_2_Default/controlpanel.css /cpstyles/vBulletin_3_Default/controlpanel.css /cpstyles/vBulletin_3_Frontend/controlpanel.css /cpstyles/vBulletin_3_Manual/controlpanel.css /cpstyles/vBulletin_3_Silver/controlpanel.css ) Banner() { echo -e '\E[32m'" "; tput sgr0 echo -e '\E[32m'" __ ______ ______ _ "; tput sgr0 echo -e '\E[32m'" \ \ / / _ \ | ____(_) "; tput sgr0 echo -e '\E[32m'" \ \ / /| |_) | | |__ _ _ __ __ _ ___ _ __ "; tput sgr0 echo -e '\E[32m'" \ \/ / | _ < | __| | | '_ \ / _\ |/ _ \ '__| "; tput sgr0 echo -e '\E[32m'" \ / | |_) | | | | | | | | (_| | __/ | "; tput sgr0 echo -e '\E[32m'" \/ |____/ |_|_ |_|_| |_|\__, |\___|_| "; tput sgr0 echo -e '\E[32m'" (_) | | __/ | "; tput sgr0 echo -e '\E[32m'" _ __ _ __ _ _ __ | |_ ___ _ __ |___/ "; tput sgr0 echo -e '\E[32m'" | '_ \| '__| | '_ \| __/ _ \ '__| "; tput sgr0 echo -e '\E[32m'" | |_) | | | | | | | || __/ | "; tput sgr0 echo -e '\E[32m'" | .__/|_| |_|_| |_|\__\___|_| "; tput sgr0 echo -e '\E[32m'" | | "; tput sgr0 echo -e '\E[32m'" |_| "; tput sgr0 echo -e echo -e "$B -.-.-.-.-.-.-.-.-#-#-#-#-#-#-#-#-#-#-.-.-.-.-.-.-.- " echo -e " - [V]bulletin Security Fingerprinter v1.0 -" echo -e "-#-#-#-#- Cod3d By: Red V!per [wWw.RedHatHackers.org] -#-#-#-#-" echo -e " - IN GOD WE TRUST -" echo -e " -.-.-.-.-.-.-.-.-#-#-#-#-#-#-#-#-#-#-.-.-.-.-.-.-.- $N " echo } Usage() { clear echo echo -e "$B VB-SFp - v1.0 [public] - 240\n" echo -e " -=============================================-\n" echo -e " <victim> ->$N URL to victim installed Vbulletin" echo -e " example: http://www.victim.com/vb\n" echo -e "\n Run:$B ./VB-SFp.sh <victim> $N\n" exit 1 } Check_Arguments() { if [ -z "$url" ] || [ "$url" == "-h" ] || [ "$url" == "--help" ]; then Usage; exit fi } Check_Vbulletin_Version() { for arr in "${vbulletin[@]}" do Get_Version $arr if [ ! -z "$Version" ];then break; fi done if [ -z "$Version" ] then echo -e "$B [~] Not Found Version :| " read -p " [~] Please Give Version Manual : " Version echo fi Fingerpirint } Fingerpirint() { echo -e "$B [*] Target :\e[1;35m $url \e[0m" echo -e "$B [*] Version :\e[1;32m $Version [Ok] \e[0m" echo echo -e "$B [*] \e[1;32m Avaliable Exploits for\e[0m \e[1;35m$Version \e[0m:" echo if [[ $Version == 3.8.4 ]] || [[ $Version == 3.8.5 ]] ; then echo -e " $STRXPL http://1337day.com/exploit/13911 (= 3.8.4 | 3.8.5)" echo fi if [[ $Version == 3.8.6 ]]; then echo -e " $STRXPL http://1337day.com/exploit/13459 (= 3.8.6 )" echo fi if [[ $Version == 4.0.4 ]]; then echo -e " $STRXPL http://1337day.com/exploit/13743 (= 4.0.4 )" echo fi if [[ $Version == 4.0.8 ]]; then echo -e " $STRXPL http://1337day.com/exploit/14877 (= 4.0.8 )" echo echo -e " $STRXPL http://1337day.com/exploit/14924 (= 4.0.8 PL1 )" echo fi if [[ $Version == 3.6.8 ]] || [[ $Version == 3.7.* ]] ; then echo -e " $STRXPL http://1337day.com/exploit/15531 (= 3.6.8| 3.7.x )" echo fi if [[ $Version == 3.8.* ]]; then echo -e " $STRXPL http://1337day.com/exploit/15549 (= 3.8.x )" echo fi if [[ $Version == 3.1* ]]; then echo -e " $STRXPL http://1337day.com/exploit/15822 (= 3.1x )" echo fi res1=`expr $Version '<=' '4.1.3'` res2=`expr $Version '>=' '4.0.*'` if [ $res1 -eq 1 -a $res2 -eq 1 ]; then echo -e " $STRXPL http://1337day.com/exploit/16548 ( 4.0.x => 4.1.3 )" echo fi res1=`expr $Version '<=' '4.1.10'` res2=`expr $Version '>=' '4.1.7'` if [ $res1 -eq 1 -a $res2 -eq 1 ]; then echo -e " $STRXPL http://1337day.com/exploit/17824 ( 4.1.7 => 4.1.10 )" echo fi if [[ $Version == 3.*.* ]]; then echo -e " $STRXPL http://1337day.com/exploit/18902 (= 3.x.x )" echo fi if [[ $Version == 4.0.* ]]; then echo -e " $STRXPL http://1337day.com/exploit/16160 (= 4.0.x )" echo fi res1=`expr $Version '<=' '4.1.2'` res2=`expr $Version '>=' '4.0.*'` if [ $res1 -eq 1 -a $res2 -eq 1 ]; then echo -e " $STRXPL http://1337day.com/exploit/16147 ( 4.0.x => 4.1.3 )" echo fi if [[ $Version == 3.8.* ]] || [[ $Version == 4.*.* ]] ; then echo -e " $STRXPL http://1337day.com/exploit/11737 (= 3.8.x|4.x.x )" echo echo -e " $STRXPL http://1337day.com/exploit/20984 (= 3.8.x|4.x.x )" echo fi if [[ $Version == 4.0.2 ]]; then echo -e " $STRXPL http://1337day.com/exploit/19293 (= 4.0.2 )" echo fi if [[ $Version == 3.*.* ]] || [[ $Version == 4.*.* ]] ; then echo -e " $STRXPL http://1337day.com/exploit/19677 (= 3.x.x|4.x.x )" echo fi res1=`expr $Version '<=' '1.1.9'` if [ $res1 -eq 1 ]; then echo -e " $STRXPL http://1337day.com/exploit/19722 ( <= 1.1.9 )" echo fi res1=`expr $Version '<=' '4.2.0'` res2=`expr $Version '>=' '3.*.*'` if [ $res1 -eq 1 -a $res2 -eq 1 ]; then echo -e " $STRXPL http://1337day.com/exploit/19862 ( 3.x => 4.2.0 )" echo fi if [[ $Version == 4.2.0 ]]; then echo -e " $STRXPL http://1337day.com/exploit/19874 (= 4.2.0 )" echo fi if [[ $Version == 5.0.0 ]]; then echo -e " $STRXPL http://1337day.com/exploit/19956 (= 5.0.0 )" echo echo -e " $STRXPL http://1337day.com/exploit/description/20002 (= 5.0.0 )" echo echo -e " $STRXPL http://1337day.com/exploit/description/20403 (= 5.0.0 )" echo fi if [[ $Version == 4.*.* ]] || [[ $Version == 5.*.* ]] ; then echo -e " $STRXPL http://1337day.com/exploit/20983 (= 4.x.x|5.x.x )" echo echo -e " $STRXPL http://1337day.com/exploit/description/21518 (= 4.x.x|5.x.x )" echo fi if [[ $Version == 3.8.* ]] || [[ $Version == 4.*.* ]] ; then echo -e " $STRXPL http://1337day.com/exploit/20984 (= 3.8.x|4.x.x )" echo fi if [[ $Version == 4.0.* ]]; then echo -e " $STRXPL http://1337day.com/exploit/21029 (= 4.0.x )" echo fi } Get_Version() { req=`$CURL -silent -A $USER_AGENT "$url/$1"` Version=`echo "$req" | egrep -o 'vBulletin [0-9][^b]+' | awk '{gsub("vBulletin ","")}1' |$CUT -d ' ' -f 1` } Check_Arguments; Banner Check_Vbulletin_Version;Download : http://www.mediafire.com/download/58ssjy6uikt59qw/vb-fingerprinter.sh
Tuesday, November 19, 2013
[V]bulletin Security Fingerprinter v1.0
Hi guys .
[V]bulletin Security Fingerprinter v1.0
Subscribe to:
Posts (Atom)