WordPressAttack
WordPressAttack is written and tested in Python 3.6.2. Its purpose is to describe how a wordpress website can be attacked.
How does it work:
- Find a website to attack. I will not attack the website but I chose the following just for reference: https://pcgames-download.com/
- Find out usernames by attaching ?author=1, ?author=2 and so on at the end of the url with Wordpress, e.g. https://pcgames-download.com/?author=1 or https://pcgames-download.com/?author=2. This will give you the real authors' names, e.g. https://pcgames-download.com/author/pcgdwadm/ or https://pcgames-download.com/author/enigma/
- Now we got the user names pcgdwadm and enigma. Probably, pcgdwadm is an admin and more interesting.
- Create a password list with this programm WordPressAttackPasswordGenerate.py or with a password list you already own.
- Run the WPForce projekt on Kali or any system to attack the WordPress website.
Disclaimer:
I am neither responsible for damage on any system nor for any hacking attempts from you guys here 😄Another thing: If anyone really tries to hack, there are few things to notice:
- Smart people block their attempts per IP address whenever e.g. 5 times a password is wrong. As far as I found out, https://pcgames-download.com/ doesn't!
- Always use proper protection, e.g. VPNs and Tor in combination.
How do you start the project:
Python WordPressAttackPasswordGenerate.py
generator=itertools.combinations_with_replacement('abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVW_.,;:!?ß[](){}/\%&$§"@€^°+-*', 15)
Sources:
https://stackoverflow.com/questions/11747254/python-brute-force-algorithmhttps://github.com/n00py/WPForce
https://gist.github.com/roachhd/1f029bd4b50b8a524f3c
https://hackertarget.com/attacking-wordpress/
https://gist.github.com/pazdera/1121315
https://stackoverflow.com/questions/11747254/python-brute-force-algorithm
Change history
- Version 1.0.0.0 (2018-05-10) : 1.0 release.
Keine Kommentare:
Kommentar veröffentlichen