WordPressAttack is written and tested in Python 3. Its purpose is to describe how a wordpress website can be attacked.
- Find a website to attack. I will not attack the website but I chose the following just for reference: https://pcgames-download.com/
- Find out usernames by attaching ?author=1, ?author=2 and so on at the end of the url with Wordpress, e.g. https://pcgames-download.com/?author=1 or https://pcgames-download.com/?author=2. This will give you the real authors' names, e.g. https://pcgames-download.com/author/pcgdwadm/ or https://pcgames-download.com/author/enigma/
- Now we got the user names pcgdwadm and enigma. Probably, pcgdwadm is an admin and more interesting.
- Create a password list with this programm WordPressAttackPasswordGenerate.py or with a password list you already own.
- Run the WPForce projekt on Kali or any system to attack the WordPress website.
I am neither responsible for damage on any system nor for any hacking attempts from you guys here 😄
Another thing: If anyone really tries to hack, there are few things to notice:
- Smart people block their attempts per IP address whenever e.g. 5 times a password is wrong. As far as I found out, https://pcgames-download.com/ doesn't!
- Always use proper protection, e.g. VPNs and Tor in combination.
Python WordPressAttackPasswordGenerate.py
Please modify the following line as you like in the WordPressAttackPasswordGenerate.py file:
generator=itertools.combinations_with_replacement('abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVW_.,;:!?ß[](){}/\%&$§"@€^°+-*', 15)
https://stackoverflow.com/questions/11747254/python-brute-force-algorithm
https://github.com/n00py/WPForce
https://gist.github.com/roachhd/1f029bd4b50b8a524f3c
https://hackertarget.com/attacking-wordpress/
https://gist.github.com/pazdera/1121315
https://stackoverflow.com/questions/11747254/python-brute-force-algorithm
See the Changelog.