sch/exploitiq
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
A proof of concept bot to reveal full JID upon requesting list of Ad-Hoc commands.
3 commits 1 branch 0 tags 28 KiB
Python 100%
Go to file
Schimon Jehudah 9cbebb3962 Update README.md
2024-03-03 00:07:48 +00:00
iq_exploit.py Upload New File 2024-03-02 23:36:26 +00:00
README.md Update README.md 2024-03-03 00:07:48 +00:00

README.md

About

This is a "proof of concept" XMPP Bot which showcase an IQ issue found in XEP-0045: Multi-User Chat.

Instructions

Tested with Gajim.

  1. Start the bot: python iq_exploit.py -j JID -p PASSWORD;
  2. Send the bot a message with groupchat address: join JID_OF_MUC;
  3. Open groupchat;
  4. Select the bot;
  5. Right-click;
  6. Execute command...;
  7. Select Ad-Hoc command "Start".