Hunt For The Administrator’s Page Using PHP Program

~~<Custom>~~ · 04/24/2010, 20:35

Today I am going present you a new PHP tutorial which will enable hackers like you to find the administrator page without any hassle.
Let’s get started with the tutorial.

First of all I am going to create a form where you’ll have to input the URL of the website.

Create a basic HTML platform in a new text file with HTML, BODY, TITLE tag etc.

Creating a form:

PHP Code:

<form action=”adminsearch.php” method=”post”> <p><input type=”text” size=”120″ value=”http://www.website.com/”/> <input value=”find” type=”submit”><br /> </form>

Now let’s do some PHP magic after the form.

What we are going to do in PHP magic is to search the specified directory. Many websites usually keeps the administrator page separately on the folder with specific name given.

What we are going to do is execute the following code and find the administrator page folder.

Trying out and guessing different form might be tedious job therefore, we’ll create a new text file named folders.txt with the list of our guessed directory.

PHP Code:

<?php /** Let’s ensure that the page does not timeout unexpectedly hampering our search job**/ set_time_limit(0); $Target = $_POST['targetSite']; //this function will only execute if the target is provided. if ($Target <> “”) { echo ‘<br /> Starting <br />’; $url = $_POST['targetSite']; echo “<br />Targeting: “.$Target.” <br /><br />”; //This function will check for the file named folders.txt which contains the list of suspected administrator folders. $MasterList = ‘folders.txt’; // This function will clear the cache to ensure that the status of the file is checked clearstatcache(); if (file_exists($MasterList)) { echo “Retrieving List <br />”; } else { echo “The file $MasterList does not exist”; } //Open the file and assign each line to a new element in the array //Once completed, close the file $fHandler = fopen($MasterList, “r”); while (! feof($fHandler)) { $thisline = fgets($fHandler); $adminfolder = file($MasterList); } fclose($fHandler); //This function will try to access each URL and returns the list of URLs that do not respond with 404 error(Page not found error) foreach ($adminfolder as $adminurl){ $headers = get_headers(“$Target$adminurl”); if (eregi(‘Not Found’, $headers[0])) { echo “$Target$adminurl NO!<br />”; } else { echo “<a href=’$Target$adminurl’>$Target$adminurl</a> Here is the URL of ADMIN Page!<br />”; } } } ?>

The folders.txt will be as follow:

Spoiler

Code:

admin/ administrator/ moderator/ webadmin/ adminarea/ bb-admin/ adminLogin/ admin_area/ panel-administracion/ instadmin/ memberadmin/ administratorlogin/ adm/ cmsadmin/ administrator/index.php wp-admin/ cms/ beheer/ webmaster/ web-master/ web-beheerder/ webbeheerder/ bestuur/ intranet/ intronet/ staff/ staff/index.php staff/login.php staff/members.php staff/member.php personeel/ personeel/login.php personeel/index.php account/index.php account/ manager/index.php manager/ manage/ manage/index.php controlemanager/ admin1.php admin1.html admin2.php admin2.html yonetim.php yonetim.html yonetici.php yonetici.html adm/ admin/ admin/account.php admin/account.html admin/index.php admin/index.html admin/login.php admin/login.html admin/home.php admin/controlpanel.html admin/controlpanel.php admin.php admin.html admin/cp.php admin/cp.html cp.php cp.html administrator/ administrator/index.html administrator/index.php administrator/login.html administrator/login.php administrator/account.html administrator/account.php administrator.php administrator.html login.php login.html modelsearch/login.php moderator.php moderator.html moderator/login.php moderator/login.html moderator/admin.php moderator/admin.html moderator/ account.php account.html controlpanel/ controlpanel.php controlpanel.html admincontrol.php admincontrol.html adminpanel.php adminpanel.html admin1.asp admin2.asp yonetim.asp yonetici.asp admin/account.asp admin/index.asp admin/login.asp admin/home.asp admin/controlpanel.asp admin.asp admin/cp.asp cp.asp administrator/index.asp administrator/login.asp administrator/account.asp administrator.asp login.asp modelsearch/login.asp moderator.asp moderator/login.asp moderator/admin.asp account.asp controlpanel.asp admincontrol.asp adminpanel.asp fileadmin/ fileadmin.php fileadmin.asp fileadmin.html administration/ administration.php administration.html sysadmin.php sysadmin.html phpmyadmin/ myadmin/ sysadmin.asp sysadmin/ ur-admin.asp ur-admin.php ur-admin.html ur-admin/ Server.php Server.html Server.asp Server/ wp-admin/ administr8.php administr8.html administr8/ administr8.asp webadmin/ webadmin.php webadmin.asp webadmin.html administratie/ admins/ admins.php admins.asp admins.html administrivia/ Database_Administration/ WebAdmin/ useradmin/ sysadmins/ admin1/ system-administration/ administrators/ pgadmin/ directadmin/ staradmin/ ServerAdministrator/ SysAdmin/ administer/ LiveUser_Admin/ sys-admin/ typo3/ panel/ cpanel/ cPanel/ cpanel_file/ platz_login/ rcLogin/ blogindex/ formslogin/ autologin/ support_login/ meta_login/ manuallogin/ simpleLogin/ loginflat/ utility_login/ showlogin/ memlogin/ members/ login-redirect/ sub-login/ wp-login/ login1/ dir-login/ login_db/ xlogin/ smblogin/ customer_login/ UserLogin/ login-us/ acct_login/ admin_area/ bigadmin/ project-admins/ phppgadmin/ pureadmin/ sql-admin/ radmind/ openvpnadmin/ wizmysqladmin/ vadmind/ ezsqliteadmin/ hpwebjetadmin/ newsadmin/ adminpro/ Lotus_Domino_Admin/ bbadmin/ vmailadmin/ Indy_admin/ ccp14admin/ irc-macadmin/ banneradmin/ sshadmin/ phpldapadmin/ macadmin/ administratoraccounts/ admin4_account/ admin4_colon/ radmind-1/ Super-Admin/ AdminTools/ cmsadmin/ SysAdmin2/ globes_admin/ cadmins/ phpSQLiteAdmin/ navSiteAdmin/ server_admin_small/ logo_sysadmin/ server/ database_administration/ power_user/ system_administration/ ss_vms_admin_sm/

Now finally lets arrange the whole thing that we’ve created in one place.

Create new text file or use dreamweaver and copy the form and paste below the form paste the PHP code. Finally rename it as adminsearch.php

Place both adminsearch.php and folders.txt in one separate folder and upload it to your web host or local host. Go to the URL that have adminsearch.php and hunt for the administrator’s page for the target website.

Now since you got the location of administrator page, you can play something further to hack in to administrator’s page.
The tutorial is not mine! Copyrighted by Suraj Kayastha

Megaload · 04/24/2010, 20:44

And a another Tutorial BY the King xDD

TheoRettisch · 04/24/2010, 23:35

´tschuldigung, aber ich muss mich leider über das Script beschweren, da es voller Fehler ist.
Zum Formular:
- Dem Input feld musst du auch einen Namen zuweisen,
- Die Anführungszeichen korrigieren,
- und den Zahlencode bei´m size=... löschen.

Zum Script:
Die Anführungszeichen und die Apostroph die du gesetzt hast, waren größtenteils nicht richtig. Denn anstatt ein " zu setzen hattest du ein " gesetzt und anstatt ' ein ´. Desweiteren hast du die Datei nicht selber erstellen lassen und dadurch entstand ein Errorloop, der den Browser abstürzen lässt, da er so viel durcharbeiten muss (ist ja halt eine Leerlauf-Schleife). Ich würde dich bitten das Script zu überarbeiten, bis keine Fehler mehr auftauchen, da es so keinem etwas bringt.

Post Scriptum: Ich sehe gerade, dass es garnicht von dir ist sondern von Suraj Kayastha. Wenn du mit ihm in Kontakt stehst, bitte ich dich ihm meine Nachricht zu übermitteln. Oder ändere das Script selber...