sch/ExploitIQ
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ExploitIQ/README.md
Schimon Jehudah c5a7b3330f Add instructions for Gajim
2024-03-02 23:55:30 +00:00

526 B
Raw Blame History

About

This is a "proof of concept" XMPP Bot which showcase an IQ exploite found in XEP-0045: Multi-User Chat.

Instructions

Tested with Gajim.

  1. Start the bot: python iq_exploit.py -j JID -p PASSWORD;
  2. Send the bot a message with groupchat address: join JID_OF_MUC;
  3. Open groupchat;
  4. Select the bot;
  5. Right-click;
  6. Execute command...;
  7. Select Ad-Hoc command "Start".

Recommendations

Server operators are advised to disable PMs in XEP-0045 MUC.

Use XEP-???? for groupchat instead of XEP-0045.