def fullpath(target, dir, ssl): try: if ssl == True: ## Enables SSL data = client.https_get(target, dir + "concrete/blocks/content/editor_config.php") else: ## Uses plain-text HTTP data = client.http_get(target, dir + "concrete/blocks/content/editor_config.php") for line in string.split(data, '\n'): if 'Fatal error' in line: line = line.split(" ") line = line[8] length = len(line) length = length - 4 fpd = line[3:length] print bold, "\n [+] Full Path Disclosure found!\r", normal print "", fpd, normal, "\r" if ssl == True: print " https://" + target + dir + "concrete/blocks/content/editor_config.php\n" else: print " http://" + target + dir + "concrete/blocks/content/editor_config.php\n" except Exception, error: print error
def fullpath(target, dir, ssl): try: if ssl == True: ## Enables SSL data = client.https_get( target, dir + "concrete/blocks/content/editor_config.php") else: ## Uses plain-text HTTP data = client.http_get( target, dir + "concrete/blocks/content/editor_config.php") for line in string.split(data, '\n'): if 'Fatal error' in line: line = line.split(" ") line = line[8] length = len(line) length = length - 4 fpd = line[3:length] print bold, "\n [+] Full Path Disclosure found!\r", normal print "", fpd, normal, "\r" if ssl == True: print " https://" + target + dir + "concrete/blocks/content/editor_config.php\n" else: print " http://" + target + dir + "concrete/blocks/content/editor_config.php\n" except Exception, error: print error
def detect(target, dir, ssl): try: if ssl == True: ## Enables SSL ## Gets the data from the client.https_get module data = client.https_get(target, dir) else: ## Uses plain-text HTTP ## Get the data from teh client.http_get modules data = client.http_get(target, dir) ## Reads each line in the new data variable for line in string.split(data, '\n'): ## Get the line containing the generator tag if 'generator' in line: ver = line.split("\"") version = ver[3].split(" ") ## Checks the generator tag contains the concrete5 name if version[0] == 'concrete5': if len(version) == 3: ## concrete5 cms found attempts to print the version found print bold, "[+] Found", version[0], version[ 1], version[2], normal, "via generator tag" ## Runs the cmsvulns.vulns check module against the version cmsvulns.vulncheck(version[2]) break else: ## CMS dislclosed but with no version information ## Prints found installation and breaks out of 'if' statements print bold, "[+] Found", version[ 0], "installation", normal break else: ## CMS found is not concrete5 ## Prints to screen conrete5 not found and quits print bold, "[-] Not running concrete5!", normal sys.exit(0) ## Generator tag not found and searches for the concrete5 base directory if not "/concrete/css/" in data: ## concrete5 found found an exits print bold, "[-] concrete5 installation not detected", normal sys.exit(0) except Exception, IndexError: print IndexError pass
def detect(target, dir, ssl): try: if ssl == True: ## Enables SSL ## Gets the data from the client.https_get module data = client.https_get(target, dir) else: ## Uses plain-text HTTP ## Get the data from teh client.http_get modules data = client.http_get(target, dir) ## Reads each line in the new data variable for line in string.split(data, '\n'): ## Get the line containing the generator tag if 'generator' in line: ver = line.split("\"") version = ver[3].split(" ") ## Checks the generator tag contains the concrete5 name if version[0] == 'concrete5': if len(version) == 3: ## concrete5 cms found attempts to print the version found print bold, "[+] Found", version[0], version[1], version[2], normal, "via generator tag" ## Runs the cmsvulns.vulns check module against the version cmsvulns.vulncheck(version[2]) break else: ## CMS dislclosed but with no version information ## Prints found installation and breaks out of 'if' statements print bold, "[+] Found", version[0], "installation", normal break else: ## CMS found is not concrete5 ## Prints to screen conrete5 not found and quits print bold, "[-] Not running concrete5!", normal sys.exit(0) ## Generator tag not found and searches for the concrete5 base directory if not "/concrete/css/" in data: ## concrete5 found found an exits print bold, "[-] concrete5 installation not detected", normal sys.exit(0) except Exception, IndexError: print IndexError pass
def userenum(target, dir, ssl): try: if ssl == True: data = client.https_get(target, dir + "index.php/members") else: data = client.http_get(target, dir + "index.php/members") for line in string.split(data, '\n'): if 'member-username' in line: user = line.split(">") user = user[2] user = user.split("<") user = user[0] print bold + "\r [+] Found username: " + normal + user except Exception, error: print error