x9090's Blog: Tool - Wordpress Bruteforcer (WP

Friday, December 18, 2009

Tool - Wordpress Bruteforcer (WP_BruteForcer.exe)

Wordpress Brute Force Tool

Hoho, the chritmas is around the corner and here is my christmas gift that would like to share with others. This is a brute forcing tool that targets the Wordpress web application.

Here is the demo on how to use the tool to break Wordpress password:

Figure 1: WP_BruteForcer Usage

Figure 2: Brute force the wordpress application

Figure 3: Password cracking

Figure 4: Target Website (Dummy one ;))

Figure 5: Ready to crack the website

Figure 6: Owned!!!

Note:

It would be a good idea to run the tool in Windows platform although wine environment can be used also but the tool is not stable for some reason (I didn't investigate further in this case ;))

Download Link

http://www.4shared.com/file/175981151/3f124165/WP_BruteForcer_final.html

~Signing off
@x9090

12 comments:

PeiSun said...: Thanks for sharing...It look quite interesting.....; January 4, 2010 at 3:41 PM
x9090 said...: Thanks Elaine. I hope you will find it useful and do inform me if you can own someone :); January 6, 2010 at 2:13 PM
Artist said...: Doesn't work for me. No matter what I type, it keeps on showing the help text.
I renamed it to wp.exe . The command that im typing is:

wp http://www.domain.com /wp_login.php admin 60 0 12

If 60 is the timeout, 12 is the starting pass chars, what is the 0 in the middle for??
Doesn't work!! Where am I wrong??; July 13, 2010 at 5:27 AM
Artist said...: Does it work only for 4 characters????; July 13, 2010 at 5:50 AM
x9090 said...: Hello,

The "0" indicates starting characters to start bruteforcing, for example 4, the brute force will start on aaaa.

Please note that starting Wordpress 3.0, the default administrator username is no longer neccessary to be "admin". So it makes the brute forceing harder as you need to determine what is the username first.

Check here: http://web.appstorm.net/roundups/self-publishing/10-great-new-features-in-wordpress-3-0/; July 18, 2010 at 1:54 PM
Anonymous said...: hi,

btw, how do i determine timeout?

for example, you put 60, where this number come from?

thanks; February 6, 2011 at 6:33 PM
x9090 said...: The 'timeout' value is based on how long you want to delay for every character while bruteforcing.

Btw, this bruteforce tool might no longer work on the latest Wordpress version.; February 6, 2011 at 10:46 PM
netfix said...: i tried it and it's not working :( damn. any updates?; July 15, 2011 at 11:54 AM
Edgardo Krause said...: hi im from argentina, thanks for all, but i tried it, but doesn´t work.

it just said aaaa.

can you help me?; December 13, 2011 at 10:24 PM
online betting said...: I don't think this is functional anymore. Please help us!; February 9, 2012 at 10:36 AM
Anonymous said...: I double click the exe file and it either doesn't open, or it flashes on the screen and exits; April 12, 2012 at 3:03 AM
Ameen Khatri said...: I really enjoyed reading this post, big fan. Keep up the good work andplease tell me when can you publish more articles or where can I read more on the subject? autoblog wordpress website; May 24, 2018 at 2:54 PM