21 lines
526 B
Markdown
21 lines
526 B
Markdown
## About
|
|
|
|
This is a "proof of concept" XMPP Bot which showcase an IQ exploite found in XEP-0045: Multi-User Chat.
|
|
|
|
### Instructions
|
|
|
|
Tested with Gajim.
|
|
|
|
1. Start the bot: `python iq_exploit.py -j JID -p PASSWORD`;
|
|
2. Send the bot a message with groupchat address: `join JID_OF_MUC`;
|
|
3. Open groupchat;
|
|
4. Select the bot;
|
|
5. Right-click;
|
|
6. Execute command...;
|
|
7. Select Ad-Hoc command "Start".
|
|
|
|
### Recommendations
|
|
|
|
Server operators are advised to disable PMs in XEP-0045 MUC.
|
|
|
|
Use XEP-???? for groupchat instead of XEP-0045.
|