Posted: 20 Apr 2010 03:09 AM PDT
Today I am going present you a new PHP tutorial which will enable hackers like you to find the administrator page without any hassle.
Let’s get started with the tutorial.
First of all I am going to create a form where you’ll have to input the URL of the website.
Create a basic HTML platform in a new text file with HTML, BODY, TITLE tag etc.
Creating a form:
Now let’s do some PHP magic after the form.
What we are going to do in PHP magic is to search the specified directory. Many websites usually keeps the administrator page separately on the folder with specific name given.
What we are going to do is execute the following code and find the administrator page folder.
Trying out and guessing different form might be tedious job therefore, we’ll create a new text file named folders.txt with the list of our guessed directory.
/** Let’s ensure that the page does not timeout unexpectedly hampering our search job**/
set_time_limit(0);
$Target = $_POST['targetSite'];
//this function will only execute if the target is provided.
if ($Target <> “”) {
echo ‘
Starting
’;$url = $_POST['targetSite'];
echo “
Targeting: “.$Target.”
”;//This function will check for the file named folders.txt which contains the list of suspected administrator folders.
$MasterList = ‘folders.txt’;
// This function will clear the cache to ensure that the status of the file is checked
clearstatcache();
if (file_exists($MasterList)) {
echo “Retrieving List
”;} else {
echo “The file $MasterList does not exist”;
}
//Open the file and assign each line to a new element in the array
//Once completed, close the file
$fHandler = fopen($MasterList, “r”);
while (! feof($fHandler)) {
$thisline = fgets($fHandler);
$adminfolder = file($MasterList);
}
fclose($fHandler);
//This function will try to access each URL and returns the list of URLs that do not respond with 404 error(Page not found error)
foreach ($adminfolder as $adminurl){
$headers = get_headers(“$Target$adminurl”
); if (eregi(‘Not Found’, $headers[0])) {
echo “$Target$adminurl NO!
”;}
else {
echo “$
Target$adminurl Here is the URL of ADMIN Page!
”;}
}
}
?>
The folders.txt will be as follow:
admin/
administrator/
moderator/
webadmin/
adminarea/
bb-admin/
adminLogin/
admin_area/
panel-administracion/
instadmin/
memberadmin/
administratorlogin/
adm/
cmsadmin/
administrator/index.php
wp-admin/
cms/
beheer/
webmaster/
web-master/
web-beheerder/
webbeheerder/
bestuur/
intranet/
intronet/
staff/
staff/index.php
staff/login.php
staff/members.php
staff/member.php
personeel/
personeel/login.php
personeel/index.php
account/index.php
account/
manager/index.php
manager/
manage/
manage/index.php
controlemanager/
admin1.php
admin1.html
admin2.php
admin2.html
yonetim.php
yonetim.html
yonetici.php
yonetici.html
adm/
admin/
admin/account.php
admin/account.html
admin/index.php
admin/index.html
admin/login.php
admin/login.html
admin/home.php
admin/controlpanel.html
admin/controlpanel.php
admin.php
admin.html
admin/cp.php
admin/cp.html
cp.php
cp.html
administrator/
administrator/index.html
administrator/index.php
administrator/login.html
administrator/login.php
administrator/account.html
administrator/account.php
administrator.php
administrator.html
login.php
login.html
modelsearch/login.php
moderator.php
moderator.html
moderator/login.php
moderator/login.html
moderator/admin.php
moderator/admin.html
moderator/
account.php
account.html
controlpanel/
controlpanel.php
controlpanel.html
admincontrol.php
admincontrol.html
adminpanel.php
adminpanel.html
admin1.asp
admin2.asp
yonetim.asp
yonetici.asp
admin/account.asp
admin/index.asp
admin/login.asp
admin/home.asp
admin/controlpanel.asp
admin.asp
admin/cp.asp
cp.asp
administrator/index.asp
administrator/login.asp
administrator/account.asp
administrator.asp
login.asp
modelsearch/login.asp
moderator.asp
moderator/login.asp
moderator/admin.asp
account.asp
controlpanel.asp
admincontrol.asp
adminpanel.asp
fileadmin/
fileadmin.php
fileadmin.asp
fileadmin.html
administration/
administration.php
administration.html
sysadmin.php
sysadmin.html
phpmyadmin/
myadmin/
sysadmin.asp
sysadmin/
ur-admin.asp
ur-admin.php
ur-admin.html
ur-admin/
Server.php
Server.html
Server.asp
Server/
wp-admin/
administr8.php
administr8.html
administr8/
administr8.asp
webadmin/
webadmin.php
webadmin.asp
webadmin.html
administratie/
admins/
admins.php
admins.asp
admins.html
administrivia/
Database_Administration/
WebAdmin/
useradmin/
sysadmins/
admin1/
system-administration/
administrators/
pgadmin/
directadmin/
staradmin/
ServerAdministrator/
SysAdmin/
administer/
LiveUser_Admin/
sys-admin/
typo3/
panel/
cpanel/
cPanel/
cpanel_file/
platz_login/
rcLogin/
blogindex/
formslogin/
autologin/
support_login/
meta_login/
manuallogin/
simpleLogin/
loginflat/
utility_login/
showlogin/
memlogin/
members/
login-redirect/
sub-login/
wp-login/
login1/
dir-login/
login_db/
xlogin/
smblogin/
customer_login/
UserLogin/
login-us/
acct_login/
admin_area/
bigadmin/
project-admins/
phppgadmin/
pureadmin/
sql-admin/
radmind/
openvpnadmin/
wizmysqladmin/
vadmind/
ezsqliteadmin/
hpwebjetadmin/
newsadmin/
adminpro/
Lotus_Domino_Admin/
bbadmin/
vmailadmin/
Indy_admin/
ccp14admin/
irc-macadmin/
banneradmin/
sshadmin/
phpldapadmin/
macadmin/
administratoraccounts/
admin4_account/
admin4_colon/
radmind-1/
Super-Admin/
AdminTools/
cmsadmin/
SysAdmin2/
globes_admin/
cadmins/
phpSQLiteAdmin/
navSiteAdmin/
server_admin_small/
logo_sysadmin/
server/
database_administration/
power_user/
system_administration/
ss_vms_admin_sm/
Now finally lets arrange the whole thing that we’ve created in one place.
Create new text file or use dreamweaver and copy the form and paste below the form paste the PHP code. Finally rename it as adminsearch.php
Place both adminsearch.php and folders.txt in one separate folder and upload it to your web host or local host. Go to the URL that have adminsearch.php and hunt for the administrator’s page for the target website.
Now since you got the location of administrator page, you can play something further to hack in to administrator’s page.
No comments:
Post a Comment