Posted by Security is just an illusion at Saturday, February 23, 2013
Read our previous post
I was a little bored , and I thought I would write even a path brute force tool for phpMyAdmin.
All Hacker Know it where the hell is the Next Target ..? The Only way to find a Target are Scannning your Local Network
Billions of Server Running PhpMyadmin you only need to find it.Google can help you to find some interfaces with Dorks but you can do it by your self.
Im a n00by dont blame me for my coding skill …. I Never Never learning any Coding Language.I Just learn from Google & friends thanks to the people how fill the Internet.
Here my Paint Poc:
After a week i thing its done.I Hope it is 
Download Compiled .exe & .jar :
http://www.mirrorupload.net/file/1GLG7SAF/#!PhpMyAdmin-Directory_Buster.rar
Source Code :
scanner.java
package crashyyy;
import java.io.BufferedReader;
import java.io.DataInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileWriter;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.SocketAddress;
import java.net.URL;
import crashyyy.AePlayWave;
import crashyyy.checkshell;
public class scanner {
/**
* @param args
*/
public static void main(String[] args) {
int TIMEOUT_VALUE = 4000;
String userAgent = "PhpMyAdmin Hunter by cr4shyyy from http://security-is-just-an-illusion.blogspot.de";
try{
FileInputStream dirstream123 = new FileInputStream("ip.txt");
DataInputStream dir23 = new DataInputStream(dirstream123);
BufferedReader b123 = new BufferedReader(new InputStreamReader(dir23));
String strLine123;
while ((strLine123 = b123.readLine()) != null) {
String ips = strLine123;
Socket s = new Socket();
try {
int port = 80;
FileWriter securewriter;
File file;
file = new File("secure.txt");
securewriter = new FileWriter(file ,true);
FileWriter insecurewriter;
File file0;
file0 = new File("insecure.txt");
insecurewriter = new FileWriter(file0 ,true);
System.out.println("---------------------------------------------------");
System.out.println("[inFoo] Testing Port " + port +" From IP "+ips);
SocketAddress sockaddr = new InetSocketAddress(ips, port);
s.connect(sockaddr, 100);
s.setReceiveBufferSize(1024);
s.setSendBufferSize(1024);
System.out.println("[inFoo] >>> Port OK <<<");
FileInputStream dirstream1233 = new FileInputStream("paths.txt");
DataInputStream dir233 = new DataInputStream(dirstream1233);
BufferedReader b1233 = new BufferedReader(new InputStreamReader(dir233));
String strLine1233;
while ((strLine1233 = b1233.readLine()) != null) {
String paths = strLine1233;
System.out.println("[inFoo] Start PhpMyadmin Check "+"http://"+ips+""+paths+"sql.php");
if ((checkshell.exists("http://"+ips+""+paths+"sql.php")) == true) {
String w00t = "http://"+ips+""+paths+"sql.php";
try{
HttpURLConnection con =
(HttpURLConnection) new URL(w00t).openConnection();
con.setConnectTimeout(TIMEOUT_VALUE);
con.setReadTimeout(TIMEOUT_VALUE);
con.addRequestProperty("User-Agent", userAgent);
BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream()));
con.connect();
while ((w00t = in.readLine()) != null)
if (w00t.contains("var input_username = document.getElementById('input_username')")){
System.out.println("---------------------------------------------------");
System.out.println("[inFoo] By Security-is-just-an-illusion.blogspot.de");
System.out.println("[inFoo] Phpmyadmin Found : "+"http://"+ips+""+""+paths+"sql.php");
System.out.println("[inFoo] Secure Login Found");
System.out.println("---------------------------------------------------");
con.setConnectTimeout(TIMEOUT_VALUE);
con.setReadTimeout(TIMEOUT_VALUE);
securewriter.write("http://"+ips+""+""+paths+"sql.php");
//securewriter.write(w00t);
securewriter.write(System.getProperty("line.separator"));
AePlayWave aw = new AePlayWave( "found.wav" );
aw.start();
securewriter.flush();
securewriter.close();
break;
}
else{
if (w00t.contains("var uname = document.forms['login_form'].elements['pma_username']")){
System.out.println("---------------------------------------------------");
System.out.println("[inFoo] By Security-is-just-an-illusion.blogspot.de");
System.out.println("[inFoo] Phpmyadmin Found : "+"http://"+ips+""+""+paths+"sql.php");
System.out.println("[inFoo] Secure Login Found");
System.out.println("---------------------------------------------------");
con.setConnectTimeout(TIMEOUT_VALUE);
con.setReadTimeout(TIMEOUT_VALUE);
securewriter.write("http://"+ips+""+""+paths+"sql.php");
//securewriter.write(w00t);
securewriter.write(System.getProperty("line.separator"));
AePlayWave aw = new AePlayWave( "found.wav" );
aw.start();
securewriter.flush();
securewriter.close();
break;
}
else{
if (w00t.contains("<!-- Login form -->")){
System.out.println("---------------------------------------------------");
System.out.println("[inFoo] By Security-is-just-an-illusion.blogspot.de");
System.out.println("[inFoo] Phpmyadmin Found : "+"http://"+ips+""+""+paths+"sql.php");
System.out.println("[inFoo] Secure Login Found");
System.out.println("---------------------------------------------------");
con.setConnectTimeout(TIMEOUT_VALUE);
con.setReadTimeout(TIMEOUT_VALUE);
securewriter.write("http://"+ips+""+""+paths+"sql.php");
//securewriter.write(w00t);
securewriter.write(System.getProperty("line.separator"));
AePlayWave aw = new AePlayWave( "found.wav" );
aw.start();
securewriter.flush();
securewriter.close();
break;
}
else{
if (w00t.contains("<!-- MySQL and phpMyAdmin related links -->")){
System.out.println("---------------------------------------------------");
System.out.println("[inFoo] By Security-is-just-an-illusion.blogspot.de");
System.out.println("[inFoo] Phpmyadmin Found : "+"http://"+ips+""+""+paths+"sql.php");
System.out.println("[inFoo] InSecure Login Found");
System.out.println("---------------------------------------------------");
con.setConnectTimeout(TIMEOUT_VALUE);
con.setReadTimeout(TIMEOUT_VALUE);
insecurewriter.write("http://"+ips+""+""+paths+"sql.php");
insecurewriter.write(System.getProperty("line.separator"));
AePlayWave aw = new AePlayWave( "found.wav" );
aw.start();
insecurewriter.flush();
insecurewriter.close();
break;
}
else{
if (w00t.contains("<!-- phpMyAdmin related links -->")){
System.out.println("---------------------------------------------------");
System.out.println("[inFoo] By Security-is-just-an-illusion.blogspot.de");
System.out.println("[inFoo] Phpmyadmin Found : "+"http://"+ips+""+""+paths+"sql.php");
System.out.println("[inFoo] InSecure Login Found");
System.out.println("---------------------------------------------------");
con.setConnectTimeout(TIMEOUT_VALUE);
con.setReadTimeout(TIMEOUT_VALUE);
insecurewriter.write("http://"+ips+""+""+paths+"sql.php");
insecurewriter.write(System.getProperty("line.separator"));
AePlayWave aw = new AePlayWave( "found.wav" );
aw.start();
insecurewriter.flush();
insecurewriter.close();
break;
}
else{
if (w00t.contains("Forbidden")){
System.out.println("---------------------------------------------------");
System.out.println("[inFoo] "+w00t+" 403 Forbidden Skip");
con.setConnectTimeout(TIMEOUT_VALUE);
con.setReadTimeout(TIMEOUT_VALUE);
}
else{
if (w00t.contains("404")){
System.out.println("---------------------------------------------------");
System.out.println("[inFoo] "+w00t+" 404 Not Found Skip");
con.setConnectTimeout(TIMEOUT_VALUE);
con.setReadTimeout(TIMEOUT_VALUE);
}
FileWriter writer;
File file9;
file9 = new File("debug.txt");
writer = new FileWriter(file9 ,true);
writer.write("---------------------------------------------------");
writer.write(System.getProperty("line.separator"));
writer.write("http://"+ips+""+""+paths+"sql.php");
writer.write(System.getProperty("line.separator"));
writer.write(w00t);
writer.write(System.getProperty("line.separator"));
writer.write("---------------------------------------------------");
writer.write(System.getProperty("line.separator"));
writer.flush();
writer.close();
}
}
}
}
}
}
} finally {
}
}
}
} catch (IOException e) {
//System.out.println("---------------------------------------------------");
System.out.println("[inFoo] OFFLINE !!! SKIP !!! ");
//System.out.println(s.getSoTimeout());
System.out.println("---------------------------------------------------");
} finally {
if( s != null){
try {
s.close();
} catch (IOException e) {
throw new RuntimeException("You should handle this error." , e);
}
}//end try
//END
}
}
} catch (FileNotFoundException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}finally{
System.out.println("[inFoo] Goodbye by http://security-is-just-an-illusion.blogspot.de!");
System.out.println("---------------------------------------------------");
}
}
}
checkshell.java
package crashyyy;
import java.net.*;
import java.util.Properties;
public class checkshell {
public static void mainshellcheck(String s[]) {
/*
output :
true
false
*/
}
public static boolean exists(String URLName){
String userAgent = "Google.com CrawlBot";
int TIMEOUT_VALUE = 2000;
try {
HttpURLConnection.setFollowRedirects(false);
HttpURLConnection con =
(HttpURLConnection) new URL(URLName).openConnection();
con.setInstanceFollowRedirects(false);
con.setConnectTimeout(TIMEOUT_VALUE);
con.setReadTimeout(TIMEOUT_VALUE);
con.setConnectTimeout(2000); //set timeout to 5 seconds
con.setRequestMethod("HEAD");
con.addRequestProperty("User-Agent", userAgent);
con.disconnect();
return (con.getResponseCode() == HttpURLConnection.HTTP_OK);
}
catch (Exception e) {
//e.printStackTrace();
return false;
}
}
}
AePlayWave.java //Play a Sound file if a Result are Found.
package crashyyy;
import java.io.File;
import java.io.IOException;
import javax.sound.sampled.AudioFormat;
import javax.sound.sampled.AudioInputStream;
import javax.sound.sampled.AudioSystem;
import javax.sound.sampled.DataLine;
import javax.sound.sampled.FloatControl;
import javax.sound.sampled.LineUnavailableException;
import javax.sound.sampled.SourceDataLine;
import javax.sound.sampled.UnsupportedAudioFileException;
public class AePlayWave extends Thread {
private String filename;
private Position curPosition;
private final int EXTERNAL_BUFFER_SIZE = 524288; // 128Kb
enum Position {
LEFT, RIGHT, NORMAL
};
public AePlayWave(String wavfile) {
filename = wavfile;
curPosition = Position.NORMAL;
}
public AePlayWave(String wavfile, Position p) {
filename = wavfile;
curPosition = p;
}
public void run() {
File soundFile = new File(filename);
if (!soundFile.exists()) {
System.err.println("Wave file not found: " + filename);
return;
}
AudioInputStream audioInputStream = null;
try {
audioInputStream = AudioSystem.getAudioInputStream(soundFile);
} catch (UnsupportedAudioFileException e1) {
e1.printStackTrace();
return;
} catch (IOException e1) {
e1.printStackTrace();
return;
}
AudioFormat format = audioInputStream.getFormat();
SourceDataLine auline = null;
DataLine.Info info = new DataLine.Info(SourceDataLine.class, format);
try {
auline = (SourceDataLine) AudioSystem.getLine(info);
auline.open(format);
} catch (LineUnavailableException e) {
e.printStackTrace();
return;
} catch (Exception e) {
e.printStackTrace();
return;
}
if (auline.isControlSupported(FloatControl.Type.PAN)) {
FloatControl pan = (FloatControl) auline
.getControl(FloatControl.Type.PAN);
if (curPosition == Position.RIGHT)
pan.setValue(1.0f);
else if (curPosition == Position.LEFT)
pan.setValue(-1.0f);
}
auline.start();
int nBytesRead = 0;
byte[] abData = new byte[EXTERNAL_BUFFER_SIZE];
try {
while (nBytesRead != -1) {
nBytesRead = audioInputStream.read(abData, 0, abData.length);
if (nBytesRead >= 0)
auline.write(abData, 0, nBytesRead);
}
} catch (IOException e) {
e.printStackTrace();
return;
} finally {
auline.drain();
auline.close();
}
}
}
Use it for Personal use or study purposes.
No comments:
Post a Comment