{ "info": { "author": "Gabor Szathmari", "author_email": "gszathmari@gmail.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 4 - Beta", "Intended Audience :: Other Audience", "License :: OSI Approved :: MIT License", "Programming Language :: Python :: 2.6", "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 2 :: Only", "Topic :: Security" ], "description": "######\nWPBiff\n######\n\nWordpress Two-Factor Authentication Brute-forcer\n\n.. image:: https://img.shields.io/travis/gszathmari/wpbiff.svg\n :target: https://travis-ci.org/gszathmari/wpbiff\n :alt: Travis CI\n\n.. image:: https://img.shields.io/requires/github/gszathmari/wpbiff.svg\n :target: https://requires.io/github/gszathmari/wpbiff/requirements/?branch=master\n :alt: Requirements Status\n\nFeatures\n========\n\nThis utility brute-forces two-factor protected Wordpress dashboards by iterating\nthrough every possible 6-digit Google Authenticator TOTP token.\n\nWPBiff is meant to be used together with Main-in-the-Middle based attacks against NTP.\n\nSupported Plugins\n-----------------\n\nWPBiff is able to brute-force Wordpress login pages protected by the following\ntwo-factor authentication plugins:\n\n* `Google Authenticator`_ by Henrik Schack\n* `WP Google Authenticator`_ by Julien Liabeuf\n\n.. _Google Authenticator: https://wordpress.org/plugins/google-authenticator/\n.. _WP Google Authenticator: https://wordpress.org/plugins/wp-google-authenticator/\n\nInstalling WPBiff\n=================\n\nThe latest package is available on `PyPI`_ ::\n\n $ pip install wpbiff\n\n.. _PyPI: https://pypi.python.org/pypi/wpbiff\n\nRequirements\n------------\n\nThis utility runs on Python 2.6 and 2.7\n\nUsage Instructions\n==================\n\nIn order to carry out successful attack against a two-factor protected Wordpress\nblog, you must satisfy the following two pre-requisites.\n\nPre-requisites\n--------------\n\nThe first requirement is that you must have the login username and password to\nthe Wordpress dashboard on ``/wp-admin``. The credentials can be acquired by\nphishing, key logging or password reuse.\n\nSecondly, you must be able to control the internal clock of the target server.\nI recommend `Delorean`_ to fixate the server time to a certain point. You must\nfixate an arbitrary date with the ``-d`` flag with Delorean and use the\nvery same time stamp with WPBiff in parallel.\n\nFor more information on remote clock tampering, please refer to this blog entry *(coming soon)*.\n\n.. _Delorean: https://github.com/PentesterES/Delorean\n\nOptions\n-------\n\nThe following section explains the basic usage of WPBiff. You can also use\nthe ``-h`` switch any time to get help.\n\n-d, --date DATE Pinned date (Format: \"YYYY-MM-DD hh:mm\") [required]\n-u, --username USER Wordpress username [required]\n-p, --password PASS Wordpress password [required]\n-a, --user-agent HTTP User-Agent header (default: Firefox)\n-t, --token TOKEN Initial value of token (default: 000000)\n-m, --max-token TOKEN Maximum token value (default: 999999)\n\nUse the ``--plugin`` switch to choose between the Wordpress plugin type providing\ntwo-factor authentication for the target. Choose ``ga`` for\n`Google Authenticator`_ and ``wpga`` for `WP Google Authenticator`_.\n\n.. _Google Authenticator: https://wordpress.org/plugins/google-authenticator/\n.. _WP Google Authenticator: https://wordpress.org/plugins/wp-google-authenticator/\n\nExamples\n--------\n\nAssume NTP traffic can be intercepted between your target and the upstream NTP\nserver. By tampering with this traffic, you can \"pin\" the target's clock to a\ncertain time and date.\n\nLaunch `Delorean`_ NTP server to serve a fixed time and date ::\n\n $ ./delorean.py -d \"2015-10-30 11:22\"\n\n.. _Delorean: https://github.com/PentesterES/Delorean\n\nRedirect NTP traffic from your target to the fake NTP server.\n\nFinally launch WPBiff as the following ::\n\n $ wpbiff -u admin -p admin -d \"2015-10-30 11:22\" --plugin ga \"http://www.example.com\"\n\nThis session will brute force Wordpress on ``www.example.com`` with the login username\n``admin`` and password ``admin``.\n\nOnce the process finishes, WPBiff dumps the valid token and the session cookies\nfor accessing the Wordpress dashboard.\n\nSpeed\n=====\n\nIf the clock on the target Wordpress site reverts to the same time and date\nevery minute (e.g. ntpdate runs minutely), three parallel instances of WBiff is\ncapable to find the TOTP token in about an hour.\n\nSynthetic Test Results\n----------------------\n\n========= ======== ======== ========\nTest WPBiff 1 WPBiff 2 WPBiff 3\n========= ======== ======== ========\nSession 1 57m 141m n.a.\nSession 2 51m 46m n.a.\nSession 3 102m 83m n.a.\n========= ======== ======== ========\n\nWhere **WPBiff 1**, **2** and **3** were covering different ranges within\nall possible combinations of 6-digit tokens ::\n\n ubuntu@wpbiff1:~$ wpbiff -t 000000 -m 333333 ...\n\n ubuntu@wpbiff2:~$ wpbiff -t 333334 -m 666666 ...\n\n ubuntu@wpbiff3:~$ wpbiff -t 666667 -m 999999 ...\n\n\nLinks\n=====\n\n* Blog entry with detailed walkthrough *(coming soon)*\n* `Source code on GitHub`_\n* `Package on PyPI`_\n\n.. _Source code on GitHub: https://github.com/gszathmari/wpbiff\n.. _Package on PyPI: https://pypi.python.org/pypi/wpbiff\n\nContributors\n============\n\n* Gabor Szathmari - `@gszathmari`_\n\n.. _@gszathmari: https://www.twitter.com/gszathmari\n\nCredits\n=======\n\n* `Delorean`_: NTP Main-in-the-Middle tool\n\n.. _Delorean: https://github.com/PentesterES/Delorean", "description_content_type": null, "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/gszathmari/wpbiff", "keywords": "security password", "license": "MIT", "maintainer": "", "maintainer_email": "", "name": "wpbiff", "package_url": "https://pypi.org/project/wpbiff/", "platform": "Linux", "project_url": "https://pypi.org/project/wpbiff/", "project_urls": { "Homepage": "https://github.com/gszathmari/wpbiff" }, "release_url": "https://pypi.org/project/wpbiff/0.1.1/", "requires_dist": [ "click", "colorama", "progressbar", "requests" ], "requires_python": "", "summary": "Wordpress Two-Factor Authentication Brute-forcer", "version": "0.1.1" }, "last_serial": 1799749, "releases": { "0.1.0": [ { "comment_text": "", "digests": { "md5": "ae7e6a8531c6cd47762f5c841fdc36da", "sha256": "cad9c8e6baa2bdc85b0e164a39b3eb9a23c39bc35e733c12a68ac146c4cc02ac" }, "downloads": -1, "filename": "wpbiff-0.1.0-py2-none-any.whl", "has_sig": false, "md5_digest": "ae7e6a8531c6cd47762f5c841fdc36da", "packagetype": "bdist_wheel", "python_version": "py2", "requires_python": null, "size": 12667, "upload_time": "2015-11-03T15:35:22", "url": "https://files.pythonhosted.org/packages/54/00/2b63fe56f496b662dc6a3aa057b3e011c580dbe3c282b8341c8e16cdaa8c/wpbiff-0.1.0-py2-none-any.whl" }, { "comment_text": "", "digests": { "md5": "d093c015346a00f6f72cece86a5da518", "sha256": "5cd4b481401ce3d04fda9e79302c5f21be77efd42da809aa8b36709d45fcf838" }, "downloads": -1, "filename": "wpbiff-0.1.0.tar.gz", "has_sig": false, "md5_digest": "d093c015346a00f6f72cece86a5da518", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 8116, "upload_time": "2015-11-03T15:35:28", "url": "https://files.pythonhosted.org/packages/e4/fc/4867c5b0594dfa30960f8712b7015c22bba735b4e58adcda90bb05f6f995/wpbiff-0.1.0.tar.gz" } ], "0.1.1": [ { "comment_text": "", "digests": { "md5": "bb3c0aabea4230741f99104aa4b87d7e", "sha256": "85205a21379a1d33c1eaaf3b840170a87d0550a9d2a503fd6dd4c6f334970866" }, "downloads": -1, "filename": "wpbiff-0.1.1-py2-none-any.whl", "has_sig": false, "md5_digest": "bb3c0aabea4230741f99104aa4b87d7e", "packagetype": "bdist_wheel", "python_version": "py2", "requires_python": null, "size": 12847, "upload_time": "2015-11-03T22:07:32", "url": "https://files.pythonhosted.org/packages/cb/56/5997e14e27936ea5a2cdf630a52421db7edc2dcb1b2f3800ebf0476af6de/wpbiff-0.1.1-py2-none-any.whl" }, { "comment_text": "", "digests": { "md5": "1c9d40d8f9b79ddc7928671bf5d91e4c", "sha256": "fad67d696be150f286fa422301a6e842c57cc7191924a8a95e2a11fc70370fcb" }, "downloads": -1, "filename": "wpbiff-0.1.1.tar.gz", "has_sig": false, "md5_digest": "1c9d40d8f9b79ddc7928671bf5d91e4c", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 8358, "upload_time": "2015-11-03T22:07:37", "url": "https://files.pythonhosted.org/packages/7e/be/c23549334e08a994c14f556ec172618d5039a59a9ef747016d3a0d108ace/wpbiff-0.1.1.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "bb3c0aabea4230741f99104aa4b87d7e", "sha256": "85205a21379a1d33c1eaaf3b840170a87d0550a9d2a503fd6dd4c6f334970866" }, "downloads": -1, "filename": "wpbiff-0.1.1-py2-none-any.whl", "has_sig": false, "md5_digest": "bb3c0aabea4230741f99104aa4b87d7e", "packagetype": "bdist_wheel", "python_version": "py2", "requires_python": null, "size": 12847, "upload_time": "2015-11-03T22:07:32", "url": "https://files.pythonhosted.org/packages/cb/56/5997e14e27936ea5a2cdf630a52421db7edc2dcb1b2f3800ebf0476af6de/wpbiff-0.1.1-py2-none-any.whl" }, { "comment_text": "", "digests": { "md5": "1c9d40d8f9b79ddc7928671bf5d91e4c", "sha256": "fad67d696be150f286fa422301a6e842c57cc7191924a8a95e2a11fc70370fcb" }, "downloads": -1, "filename": "wpbiff-0.1.1.tar.gz", "has_sig": false, "md5_digest": "1c9d40d8f9b79ddc7928671bf5d91e4c", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 8358, "upload_time": "2015-11-03T22:07:37", "url": "https://files.pythonhosted.org/packages/7e/be/c23549334e08a994c14f556ec172618d5039a59a9ef747016d3a0d108ace/wpbiff-0.1.1.tar.gz" } ] }