Hunt For The Administrator’s Page Using PHP Program

Posted by Suraj Kayastha in Articles, PHP, Programming

Today I am going present you a new PHP tutorial which will enable hackers like you to find the administrator page without any hassle.
Let’s get started with the tutorial.

First of all I am going to create a form where you’ll have to input the URL of the website.

Create a basic HTML platform in a new text file with HTML, BODY, TITLE tag etc.

Creating a form:

<form action=”adminsearch.php” method=”post”>

<p><input type=”text” size=”120″ value=”http://www.website.com/”/>

<input value=”find” type=”submit”><br />

</form>

Now let’s do some PHP magic after the form.

What we are going to do in PHP magic is to search the specified directory. Many websites usually keeps the administrator page separately on the folder with specific name given.

What we are going to do is execute the following code and find the administrator page folder.

Trying out and guessing different form might be tedious job therefore, we’ll create a new text file named folders.txt with the list of our guessed directory.

<?php

/** Let’s ensure that the page does not timeout unexpectedly hampering our search job**/

set_time_limit(0);

$Target = $_POST[‘targetSite’];

//this function will only execute if the target is provided.

if ($Target <> “”) {

echo ‘<br /> Starting <br />';

$url = $_POST[‘targetSite’];

echo “<br />Targeting: “.$Target.” <br /><br />”;

//This function will check for the file named folders.txt which contains the list of suspected administrator folders.

$MasterList = ‘folders.txt';

// This function will clear the cache to ensure that the status of the file is checked

clearstatcache();

if (file_exists($MasterList)) {

echo “Retrieving List <br />”;

} else {

echo “The file $MasterList does not exist”;

}

//Open the file and assign each line to a new element in the array

//Once completed, close the file

$fHandler = fopen($MasterList, “r”);

while (! feof($fHandler)) {

$thisline = fgets($fHandler);

$adminfolder = file($MasterList);

}

fclose($fHandler);

//This function will try to access each URL and returns the  list of URLs that do not respond with 404 error(Page not found error)

foreach ($adminfolder as $adminurl){

$headers = get_headers(“$Target$adminurl”);

if (eregi(‘Not Found’, $headers[0])) {

echo “$Target$adminurl NO!<br />”;

}

else {

echo “<a href=’$Target$adminurl’>$Target$adminurl</a> Here is the URL of ADMIN Page!<br />”;

}

}

}

?>

The folders.txt will be as follow:

admin/

administrator/

moderator/

webadmin/

adminarea/

bb-admin/

adminLogin/

admin_area/

panel-administracion/

instadmin/

memberadmin/

administratorlogin/

adm/

cmsadmin/

administrator/index.php

wp-admin/

cms/

beheer/

webmaster/

web-master/

web-beheerder/

webbeheerder/

bestuur/

intranet/

intronet/

staff/

staff/index.php

staff/login.php

staff/members.php

staff/member.php

personeel/

personeel/login.php

personeel/index.php

account/index.php

account/

manager/index.php

manager/

manage/

manage/index.php

controlemanager/

admin1.php

admin1.html

admin2.php

admin2.html

yonetim.php

yonetim.html

yonetici.php

yonetici.html

adm/

admin/

admin/account.php

admin/account.html

admin/index.php

admin/index.html

admin/login.php

admin/login.html

admin/home.php

admin/controlpanel.html

admin/controlpanel.php

admin.php

admin.html

admin/cp.php

admin/cp.html

cp.php

cp.html

administrator/

administrator/index.html

administrator/index.php

administrator/login.html

administrator/login.php

administrator/account.html

administrator/account.php

administrator.php

administrator.html

login.php

login.html

modelsearch/login.php

moderator.php

moderator.html

moderator/login.php

moderator/login.html

moderator/admin.php

moderator/admin.html

moderator/

account.php

account.html

controlpanel/

controlpanel.php

controlpanel.html

admincontrol.php

admincontrol.html

adminpanel.php

adminpanel.html

admin1.asp

admin2.asp

yonetim.asp

yonetici.asp

admin/account.asp

admin/index.asp

admin/login.asp

admin/home.asp

admin/controlpanel.asp

admin.asp

admin/cp.asp

cp.asp

administrator/index.asp

administrator/login.asp

administrator/account.asp

administrator.asp

login.asp

modelsearch/login.asp

moderator.asp

moderator/login.asp

moderator/admin.asp

account.asp

controlpanel.asp

admincontrol.asp

adminpanel.asp

fileadmin/

fileadmin.php

fileadmin.asp

fileadmin.html

administration/

administration.php

administration.html

sysadmin.php

sysadmin.html

phpmyadmin/

myadmin/

sysadmin.asp

sysadmin/

ur-admin.asp

ur-admin.php

ur-admin.html

ur-admin/

Server.php

Server.html

Server.asp

Server/

wp-admin/

administr8.php

administr8.html

administr8/

administr8.asp

webadmin/

webadmin.php

webadmin.asp

webadmin.html

administratie/

admins/

admins.php

admins.asp

admins.html

administrivia/

Database_Administration/

WebAdmin/

useradmin/

sysadmins/

admin1/

system-administration/

administrators/

pgadmin/

directadmin/

staradmin/

ServerAdministrator/

SysAdmin/

administer/

LiveUser_Admin/

sys-admin/

typo3/

panel/

cpanel/

cPanel/

cpanel_file/

platz_login/

rcLogin/

blogindex/

formslogin/

autologin/

support_login/

meta_login/

manuallogin/

simpleLogin/

loginflat/

utility_login/

showlogin/

memlogin/

members/

login-redirect/

sub-login/

wp-login/

login1/

dir-login/

login_db/

xlogin/

smblogin/

customer_login/

UserLogin/

login-us/

acct_login/

admin_area/

bigadmin/

project-admins/

phppgadmin/

pureadmin/

sql-admin/

radmind/

openvpnadmin/

wizmysqladmin/

vadmind/

ezsqliteadmin/

hpwebjetadmin/

newsadmin/

adminpro/

Lotus_Domino_Admin/

bbadmin/

vmailadmin/

Indy_admin/

ccp14admin/

irc-macadmin/

banneradmin/

sshadmin/

phpldapadmin/

macadmin/

administratoraccounts/

admin4_account/

admin4_colon/

radmind-1/

Super-Admin/

AdminTools/

cmsadmin/

SysAdmin2/

globes_admin/

cadmins/

phpSQLiteAdmin/

navSiteAdmin/

server_admin_small/

logo_sysadmin/

server/

database_administration/

power_user/

system_administration/

ss_vms_admin_sm/

Now finally lets arrange the whole thing that we’ve created in one place.

Create new text file or use dreamweaver and copy the form and paste below the form paste the PHP code. Finally rename it as adminsearch.php

Place both adminsearch.php and folders.txt in one separate folder and upload it to your web host or local host. Go to the URL that have adminsearch.php and hunt for the administrator’s page for the target website.

Now since you got the location of administrator page, you can play something further to hack in to administrator’s page.