破解wordpress3.4.2登录

WP 登录方法具体步骤
wp-login.phpwp_signon 调用登录方法

wp-includes/user.php
中wp_signon 调用wp_set_auth_cookie设置用户cookie

wp-includes/pluggable.php
中wp_set_auth_cookie
调用wp_generate_auth_cookie->wp_hash来给cookie撒盐加密
wp_hash($data,$scheme=’auth’)
后台的$scheme为auth 前台为logged_in
后 台加密后字符串为|R|H.>6nd90=_oOOkK+24_Rw]%~Jgy4,U<}_M19t& e2cvUsS7SF9zRw8z,xNOvCs6/RjS?o!3]r`u6Q/4{mk{h*,Uf V2Im=p8vMLx-:“?}qBZv<~Scq#%2Gq3C)*r2
前台为 4>UNF;2|$j2BieVSYsI|L!PC=OJM$e|0qfiPrXEa)0Ly6bT~/6z{wl@;8b1,<Jd97TKi|hkFB)Za[`(_iC@:DY|I;$6QJn3+`UP0d)%zFFXjd1&{kbK=[26}TjO(+pFI

前台登录文件 加入此方法即可:

public function wplogin($username,$pass_frag) {//用户名和密码。
$time = time()+100000;
$pass_frag = substr($pass_frag,8,4);
$keystr = $username.$pass_frag.’|’.$time;

$key = hash_hmac('md5',$keystr,'4>UNF;2|$j2BieVSYsI|L!PC=OJM$e|0qfiPrXEa)0Ly6bT~/6}TjO(+pFI');//自己查看文件中哦的加密字符串。
        $hash = hash_hmac('md5',$username.'|'.$time,$key);
        $cookie = $username.'|'.$time.'|'.$hash;
        $keyAdmin = hash_hmac('md5',$keystr,'|R|H.>6nd90=_oOOkK+24_Rw]%~Jgy4,U<}_M19t&e2cvUsS7SF9zRw8`?}qBZv<~Scq#%2Gq3C)*r2');
        $hashAdmin = hash_hmac('md5',$username.'|'.$time,$keyAdmin);
        $cookieAdmin = $username.'|'.$time.'|'.$hashAdmin;
setcookie('wordpress_logged_in_7e2199cac7f85b01a2e5f4f5ef9d6d93f',$cookie,time()+86400,'/',".shanmao.me",0);//前台cookie
        setcookie('wordpress_7e2199cac7f85b01a2e5f4f5ef9d6d93f',$cookieAdmin,time()+86400,'/wp-admin',".shanmao.me",0);//后台cookie
 setcookie('wordpress_7e2199cac7f85b01a2e5f4f5ef9d6d93f',$cookieAdmin,time()+86400,'/wp-content/plugins',".shanmao.me",0);
 }

 

还需要更改(统一后台cookie名称,写死掉。):include文件夹下的default-constants.php

修改:

define(‘AUTH_COOKIE’, ‘wordpress_’ . COOKIEHASH);

define(‘LOGGED_IN_COOKIE’, ‘wordpress_logged_in_’ . COOKIEHASH);

为:

define(‘AUTH_COOKIE’, ‘wordpress_7e2199cac7f85b01a2e5f4f5ef9d6d93f’);

define(‘LOGGED_IN_COOKIE’, ‘wordpress_logged_in_7e2199cac7f85b01a2e5f4f5ef9d6d93f’);