Friday, December 18, 2009

Tool - Wordpress Bruteforcer (WP_BruteForcer.exe)

Wordpress Brute Force Tool

Hoho, the chritmas is around the corner and here is my christmas gift that would like to share with others. This is a brute forcing tool that targets the Wordpress web application.

Here is the demo on how to use the tool to break Wordpress password:



Figure 1: WP_BruteForcer Usage



Figure 2: Brute force the wordpress application



Figure 3: Password cracking



Figure 4: Target Website (Dummy one ;))



Figure 5: Ready to crack the website


Figure 6: Owned!!!

Note:

It would be a good idea to run the tool in Windows platform although wine environment can be used also but the tool is not stable for some reason (I didn't investigate further in this case ;))

Download Link

http://www.4shared.com/file/175981151/3f124165/WP_BruteForcer_final.html

~Signing off
@x9090

12 comments:

PeiSun said...

Thanks for sharing...It look quite interesting.....

x9090 said...

Thanks Elaine. I hope you will find it useful and do inform me if you can own someone :)

Artist said...

Doesn't work for me. No matter what I type, it keeps on showing the help text.
I renamed it to wp.exe . The command that im typing is:

wp http://www.domain.com /wp_login.php admin 60 0 12

If 60 is the timeout, 12 is the starting pass chars, what is the 0 in the middle for??
Doesn't work!! Where am I wrong??

Artist said...

Does it work only for 4 characters????

x9090 said...

Hello,

The "0" indicates starting characters to start bruteforcing, for example 4, the brute force will start on aaaa.

Please note that starting Wordpress 3.0, the default administrator username is no longer neccessary to be "admin". So it makes the brute forceing harder as you need to determine what is the username first.

Check here: http://web.appstorm.net/roundups/self-publishing/10-great-new-features-in-wordpress-3-0/

Anonymous said...

hi,

btw, how do i determine timeout?

for example, you put 60, where this number come from?

thanks

x9090 said...

The 'timeout' value is based on how long you want to delay for every character while bruteforcing.

Btw, this bruteforce tool might no longer work on the latest Wordpress version.

netfix said...

i tried it and it's not working :( damn. any updates?

Edgardo Krause said...

hi im from argentina, thanks for all, but i tried it, but doesn´t work.

it just said aaaa.

can you help me?

online betting said...

I don't think this is functional anymore. Please help us!

Anonymous said...

I double click the exe file and it either doesn't open, or it flashes on the screen and exits

Ameen Khatri said...

I really enjoyed reading this post, big fan. Keep up the good work andplease tell me when can you publish more articles or where can I read more on the subject? autoblog wordpress website