Un simple programa en C# para buscar el panel de admin en una pagina web.
Una imagen :
(http://doddyhackman.webcindario.com/images/panelfindercsharp.jpg)
Los codigos :
Form1.cs
// PanelFinder 0.3
// (C) Doddy Hackman 2014
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Text;
using System.Windows.Forms;
namespace PanelFinder
{
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
}
private void button1_Click(object sender, EventArgs e)
{
List
<string> paneles
= new List
<string> {"admin/admin.asp",
"admin/login.asp",
"admin/index.asp", "admin/admin.aspx",
"admin/login.aspx", "admin/index.aspx",
"admin/webmaster.asp", "admin/webmaster.aspx",
"asp/admin/index.asp", "asp/admin/index.aspx",
"asp/admin/admin.asp", "asp/admin/admin.aspx",
"asp/admin/webmaster.asp", "asp/admin/webmaster.aspx",
"admin/", "login.asp",
"login.aspx", "admin.asp",
"admin.aspx", "webmaster.aspx",
"webmaster.asp", "login/index.asp",
"login/index.aspx", "login/login.asp",
"login/login.aspx", "login/admin.asp",
"login/admin.aspx", "administracion/index.asp",
"administracion/index.aspx", "administracion/login.asp",
"administracion/login.aspx", "administracion/webmaster.asp",
"administracion/webmaster.aspx", "administracion/admin.asp",
"administracion/admin.aspx", "php/admin/",
"admin/admin.php", "admin/index.php",
"admin/login.php", "admin/system.php",
"admin/ingresar.php", "admin/administrador.php",
"admin/default.php", "administracion/",
"administracion/index.php", "administracion/login.php",
"administracion/ingresar.php", "administracion/admin.php",
"administration/", "administration/index.php",
"administration/login.php", "administrator/index.php",
"administrator/login.php", "administrator/system.php",
"system/", "system/login.php",
"admin.php", "login.php",
"administrador.php", "administration.php",
"administrator.php", "admin1.html",
"admin1.php", "admin2.php",
"admin2.html", "yonetim.php",
"yonetim.html", "yonetici.php",
"yonetici.html", "adm/",
"admin/account.php", "admin/account.html",
"admin/index.html", "admin/login.html",
"admin/home.php", "admin/controlpanel.html",
"admin/controlpanel.php", "admin.html",
"admin/cp.php", "admin/cp.html",
"cp.php", "cp.html",
"administrator/", "administrator/index.html",
"administrator/login.html", "administrator/account.html",
"administrator/account.php", "administrator.html",
"login.html", "modelsearch/login.php",
"moderator.php", "moderator.html",
"moderator/login.php", "moderator/login.html",
"moderator/admin.php", "moderator/admin.html",
"moderator/", "account.php",
"account.html", "controlpanel/",
"controlpanel.php", "controlpanel.html",
"admincontrol.php", "admincontrol.html",
"adminpanel.php", "adminpanel.html",
"admin1.asp", "admin2.asp",
"yonetim.asp", "yonetici.asp",
"admin/account.asp", "admin/home.asp",
"admin/controlpanel.asp", "admin/cp.asp",
"cp.asp", "administrator/index.asp",
"administrator/login.asp", "administrator/account.asp",
"administrator.asp", "modelsearch/login.asp",
"moderator.asp", "moderator/login.asp",
"moderator/admin.asp", "account.asp",
"controlpanel.asp", "admincontrol.asp",
"adminpanel.asp", "fileadmin/",
"fileadmin.php", "fileadmin.asp",
"fileadmin.html", "administration.html",
"sysadmin.php", "sysadmin.html",
"phpmyadmin/", "myadmin/",
"sysadmin.asp", "sysadmin/",
"ur-admin.asp", "ur-admin.php",
"ur-admin.html", "ur-admin/",
"Server.php", "Server.html",
"Server.asp", "Server/",
"wp-admin/", "administr8.php",
"administr8.html", "administr8/",
"administr8.asp", "webadmin/",
"webadmin.php", "webadmin.asp",
"webadmin.html", "administratie/",
"admins/", "admins.php",
"admins.asp", "admins.html",
"administrivia/", "Database_Administration/",
"WebAdmin/", "useradmin/",
"sysadmins/", "admin1/",
"system-administration/", "administrators/",
"pgadmin/", "directadmin/",
"staradmin/", "ServerAdministrator/",
"SysAdmin/", "administer/",
"LiveUser_Admin/", "sys-admin/",
"typo3/", "panel/",
"cpanel/", "cPanel/",
"cpanel_file/", "platz_login/",
"rcLogin/", "blogindex/",
"formslogin/", "autologin/",
"support_login/", "meta_login/",
"manuallogin/", "simpleLogin/",
"loginflat/", "utility_login/",
"showlogin/", "memlogin/",
"members/", "login-redirect/",
"sub-login/", "wp-login/",
"login1/", "dir-login/",
"login_db/", "xlogin/",
"smblogin/", "customer_login/",
"UserLogin/", "login-us/",
"acct_login/", "admin_area/",
"bigadmin/", "project-admins/",
"phppgadmin/", "pureadmin/",
"sql-admin/", "radmind/",
"openvpnadmin/", "wizmysqladmin/",
"vadmind/", "ezsqliteadmin/",
"hpwebjetadmin/", "newsadmin/",
"adminpro/", "Lotus_Domino_Admin/",
"bbadmin/", "vmailadmin/",
"Indy_admin/", "ccp14admin/",
"irc-macadmin/", "banneradmin/",
"sshadmin/", "phpldapadmin/",
"macadmin/", "administratoraccounts/",
"admin4_account/", "admin4_colon/",
"radmind-1/", "Super-Admin/",
"AdminTools/", "cmsadmin/",
"SysAdmin2/", "globes_admin/",
"cadmins/", "phpSQLiteAdmin/",
"navSiteAdmin/", "server_admin_small/",
"logo_sysadmin/", "server/",
"database_administration/", "power_user/",
"system_administration/", "ss_vms_admin_sm/"
};
DH_Tools tools
= new DH_Tools
();
String page = textBox1.Text;
String code = "";
listBox1.Items.Clear();
toolStripStatusLabel1.Text = "[+] Scanning ...";
this.Refresh();
foreach(string panel in paneles) {
toolStripStatusLabel1.Text = "[+] Checking : "+panel;
this.Refresh();
code = tools.responsecode(page+"/"+panel);
if (code == "200")
{
listBox1.Items.Add(page + "/" + panel);
}
}
if (listBox1.Items.Count == 0)
{
MessageBox.Show("Not Found");
}
toolStripStatusLabel1.Text = "[+] Finished";
this.Refresh();
}
private void listBox1_DoubleClick(object sender, EventArgs e)
{
DH_Tools tools
= new DH_Tools
(); tools.console("start " + listBox1.SelectedItem.ToString());
}
}
}
// The End ?
DH_Tools.cs
// Class Name : DH Tools
// Version : Beta
// Author : Doddy Hackman
// (C) Doddy Hackman 2014
//
// Functions :
//
// [+] HTTP Methods GET & POST
// [+] Get HTTP Status code number
// [+] HTTP FingerPrinting
// [+] Read File
// [+] Write File
// [+] GET OS
// [+] Remove duplicates from a List
// [+] Cut urls from a List
// [+] Download
// [+] Upload
// [+] Get Basename from a path
// [+] Execute commands
// [+] URI Split
// [+] MD5 Hash Generator
// [+] Get MD5 of file
// [+] Get IP address from host name
//
// Credits :
//
// Method POST -> https://technet.rapaport.com/Info/Prices/SampleCode/Full_Example.aspx
// Method GET -> http://stackoverflow.com/questions/4510212/how-i-can-get-web-pages-content-and-save-it-into-the-string-variable
// HTTP Headers -> http://msdn.microsoft.com/en-us/library/system.net.httpwebresponse.headers%28v=vs.110%29.aspx
// List Cleaner -> http://forums.asp.net/t/1318899.aspx?Remove+duplicate+items+from+List+String+
// Execute command -> http://www.codeproject.com/Articles/25983/How-to-Execute-a-Command-in-C
// MD5 Hash Generator -> http://www.java2s.com/Code/CSharp/Security/GetandverifyMD5Hash.htm
// Get MD5 of file -> http://stackoverflow.com/questions/10520048/calculate-md5-checksum-for-a-file
//
// Thanks to : $DoC and atheros14 (Forum indetectables)
//
using System;
using System.Collections.Generic;
using System.Text;
using System.Net;
using System.IO;
using System.Text.RegularExpressions;
using System.Security.Cryptography;
namespace PanelFinder
{
class DH_Tools
{
public string toma(string url)
{
string code = "";
try
{
WebClient nave
= new WebClient
(); nave.Headers["User-Agent"] = "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0";
code = nave.DownloadString(url);
}
catch
{
//
}
return code;
}
public string tomar(string url, string par)
{
string code = "";
try
{
HttpWebRequest nave = (HttpWebRequest)
WebRequest.Create(url);
nave.UserAgent = "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0";
nave.Method = "POST";
nave.ContentType = "application/x-www-form-urlencoded";
Stream anteantecode = nave.GetRequestStream();
anteantecode.Write(Encoding.ASCII.GetBytes(par), 0, Encoding.ASCII.GetBytes(par).Length);
anteantecode.Close();
StreamReader antecode
= new StreamReader
(nave
.GetResponse().GetResponseStream()); code = antecode.ReadToEnd();
}
catch
{
//
}
return code;
}
public string responsecode(string url)
{
String code = "";
try
{
HttpWebRequest nave = (HttpWebRequest)WebRequest.Create(url);
nave.UserAgent = "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0";
HttpWebResponse num = (HttpWebResponse)nave.GetResponse();
int number = (int)num.StatusCode;
code = Convert.ToString(number);
}
catch
{
code = "404";
}
return code;
}
public string httpfinger(string url)
{
String code = "";
try
{
HttpWebRequest nave1 = (HttpWebRequest)WebRequest.Create(url);
HttpWebResponse nave2 = (HttpWebResponse)nave1.GetResponse();
for (int num = 0; num < nave2.Headers.Count; ++num)
{
code = code + "[+] " + nave2.Headers.Keys[num] + ":" + nave2.Headers[num] + Environment.NewLine;
}
nave2.Close();
}
catch
{
//
}
return code;
}
public string openword(string file)
{
String code = "";
try
{
code = System.IO.File.ReadAllText(file);
}
catch
{
//
}
return code;
}
public void savefile(string file, string texto)
{
try
{
System.IO.StreamWriter save
= new System.IO.StreamWriter(file,
true); save.Write(texto);
save.Close();
}
catch
{
//
}
}
public string getos()
{
string code = "";
try
{
System.OperatingSystem os = System.Environment.OSVersion;
code = Convert.ToString(os);
}
catch
{
code = "?";
}
return code;
}
public List<string> repes(List<string> array)
{
List
<string> repe
= new List
<string>(); foreach (string lin in array)
{
if (!repe.Contains(lin))
{
repe.Add(lin);
}
}
return repe;
}
public List<string> cortar(List<string> otroarray)
{
List
<string> cort
= new List
<string>();
foreach (string row in otroarray)
{
String lineafinal = "";
Match regex = Regex.Match(row, @"(.*)\?(.*)=(.*)", RegexOptions.IgnoreCase);
if (regex.Success)
{
lineafinal = regex.Groups[1].Value + "?" + regex.Groups[2].Value + "=";
cort.Add(lineafinal);
}
}
return cort;
}
public string download(string url, string savename)
{
String code = "";
WebClient nave
= new WebClient
(); nave.Headers["User-Agent"] = "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0";
try
{
nave.DownloadFile(url, savename);
code = "OK";
}
catch
{
code = "Error";
}
return code;
}
public string upload(string link, string archivo)
{
String code = "";
try
{
WebClient nave
= new WebClient
(); nave.Headers["User-Agent"] = "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0";
byte[] codedos = nave.UploadFile(link, "POST", archivo);
code = System.Text.Encoding.UTF8.GetString(codedos, 0, codedos.Length);
}
catch
{
code = "Error";
}
return code;
}
public string basename(string file)
{
String nombre = "";
FileInfo basename
= new FileInfo
(file
); nombre = basename.Name;
return nombre;
}
public string console(string cmd)
{
string code = "";
try
{
System.Diagnostics.ProcessStartInfo loadnow
= new System.Diagnostics.ProcessStartInfo("cmd",
"/c " + cmd
); loadnow.RedirectStandardOutput = true;
loadnow.UseShellExecute = false;
loadnow.CreateNoWindow = true;
System.Diagnostics.Process loadnownow
= new System.Diagnostics.Process(); loadnownow.StartInfo = loadnow;
loadnownow.Start();
code = loadnownow.StandardOutput.ReadToEnd();
}
catch
{
code = "Error";
}
return code;
}
public string urisplit(string url, string opcion)
{
string code = "";
Uri dividir
= new Uri
(url
);
if (opcion == "host")
{
code = dividir.Host;
}
if (opcion == "port")
{
code = Convert.ToString(dividir.Port);
}
if (opcion == "path")
{
code = dividir.LocalPath;
}
if (opcion == "file")
{
code = dividir.AbsolutePath;
FileInfo basename
= new FileInfo
(code
); code = basename.Name;
}
if (opcion == "query")
{
code = dividir.Query;
}
if (opcion == "")
{
code = "Error";
}
return code;
}
public string convertir_md5(string text)
{
MD5 convertirmd5 = MD5.Create();
byte[] infovalor = convertirmd5.ComputeHash(Encoding.Default.GetBytes(text));
StringBuilder guardar
= new StringBuilder
(); for (int numnow = 0; numnow < infovalor.Length; numnow++)
{
guardar.Append(infovalor[numnow].ToString("x2"));
}
return guardar.ToString();
}
public string md5file(string file)
{
string code = "";
try
{
var gen = MD5.Create();
var ar = File.OpenRead(file);
code = BitConverter.ToString(gen.ComputeHash(ar)).Replace("-", "").ToLower();
}
catch
{
code = "Error";
}
return code;
}
public string getip(string host)
{
string code = "";
try
{
IPAddress[] find = Dns.GetHostAddresses(host);
code = find[0].ToString();
}
catch
{
code = "Error";
}
return code;
}
}
}
// The End ?
Si quieren lo puede bajar de aca (https://sourceforge.net/projects/adminfinder/).