WPForce - Wordpress Attack Suite

WPForce is a suite of Wordpress Attack tools. Currently this contains 2 scripts - WPForce, which brute forces logins via the API, and Yertle, which uploads shells once admin credentials have been found. Yertle also contains a number of post exploitation modules. For more information, visit the blog post here: https://www.n00py.io/2017/03/squeezing-the-juice-out-of-a-compromised-wordpress-server/ FEATURES: Brute Force via API, not login form bypassing some forms of protection Can automatically upload an interactive shell Can be used to spawn a full featured reverse shell Dumps WordPress password hashes Can backdoor authentication function for plaintext password collection Inject BeEF hook into all pages Pivot to meterpreter if needed The tool: https://github.com/n00py/WPForce This is brilliant, i will definitely use it. yw! saadibabar Thanks yw! 812teck 😀 yw! cybermo