22 lines
526 B
Markdown
22 lines
526 B
Markdown
|
## About
|
||
|
|
||
|
This is a "proof of concept" XMPP Bot which showcase an IQ exploite found in XEP-0045: Multi-User Chat.
|
||
|
|
||
|
### Instructions
|
||
|
|
||
|
Tested with Gajim.
|
||
|
|
||
|
1. Start the bot: `python iq_exploit.py -j JID -p PASSWORD`;
|
||
|
2. Send the bot a message with groupchat address: `join JID_OF_MUC`;
|
||
|
3. Open groupchat;
|
||
|
4. Select the bot;
|
||
|
5. Right-click;
|
||
|
6. Execute command...;
|
||
|
7. Select Ad-Hoc command "Start".
|
||
|
|
||
|
### Recommendations
|
||
|
|
||
|
Server operators are advised to disable PMs in XEP-0045 MUC.
|
||
|
|
||
|
Use XEP-???? for groupchat instead of XEP-0045.
|